Count | Source IP | Resolved Domain Name | Destination Ports and Commentary |
3977 | 192.55.91.23 | ttpweb.grc.nasa.gov | 6989 Interrupted Quicktime streams |
3973 | 204.1.226.228 | shieldsup.grc.com | Deliberate firewall scans |
2730 | 61.235.154.92 | CHINA RAILWAY | 1026 1027 MS Messenger popups |
TELECOMMUNICATIONS CENTER | |||
1739 | 222.88.173.5 | CHINANET henan province network | 1026 |
567 | 61.172.249.200 | Beijing Waei Software Development | 1026+ |
520 | 61.152.158.109 | Shanghai Global Network Co., Ltd. | 1026+ |
492 | 69.119.120.80 | ool-45777850.dyn.optonline.net | 1025 MS RPC service |
489 | 61.152.158.123 | Shanghai Global Network Co., Ltd. | 1026+ |
457 | 69.119.193.167 | ool-4577c1a7.dyn.optonline.net | myriad ports |
369 | 222.208.168.126 | meishan telecom idc meishan, | 1026 1027 |
Sichuan PR China | |||
359 | 61.235.154.101 | CHINA RAILWAY | 1026 1027 |
TELECOMMUNICATIONS CENTER | |||
354 | 61.235.154.102 | CHINA RAILWAY | 1026 1027 |
TELECOMMUNICATIONS CENTER | |||
323 | 164.109.152.173 | staging-admin-1.wellcheck.com | 62500+/- |
322 | 198.22.124.62 | Best Buy Co., Inc. | 22438 |
308 | 69.119.194.32 | ool-4577c220.dyn.optonline.net | 1433 MS SQL Server: Slammer worm |
Figure 1: The top-15 sites sending unsolicited packets to my IP address in early 2005. Remember that spoofing a packet's source address to refer to an innocent bystander takes little skill, so you cannot assume the actual senders appear here. The top two entries result from my actions. The others? Well, that's why you need a firewall!