...so for KaZaa, Morpheus, Napster and the other file-sharing P2P programs that are very persistent about continuing to attempt to maintain a connection that's closed, it's assumed that *I* have something to share. (Of course, I don't, but that won't stop them from trying.)
Also, some of these programs apparently try to re-establish connection when either the program is started or the computer that the program is running on comes back online.
That's why you see all sorts of IP addresses attempting to connect to the IP *I've* got right now, at various points in time.
This sort of stuff, along with Code Red/Nimda probes, has become sort of a constant background noise on the Internet.
'nuff said..
[toot@sparky /storage/snort/old_snorts/022402]# more port_1214-0224@0711.log
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-10:20:04.454733 68.40.44.154:65199 -> 12.82.137.151:1214
TCP TTL:114 TOS:0x0 ID:28440 IpLen:20 DgmLen:48 DF
******S* Seq: 0xC4F5228C Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-10:20:07.405043 68.40.44.154:65199 -> 12.82.137.151:1214
TCP TTL:114 TOS:0x0 ID:28442 IpLen:20 DgmLen:48 DF
******S* Seq: 0xC4F5228C Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-10:20:13.425635 68.40.44.154:65199 -> 12.82.137.151:1214
TCP TTL:114 TOS:0x0 ID:28443 IpLen:20 DgmLen:48 DF
******S* Seq: 0xC4F5228C Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
Request: 68.40.44.154
connecting to whois.arin.net [63.146.182.182:43] ...
Comcast Cable Communications, Inc.
(NETBLK-JUMPSTART-1)JUMPSTART-1
68.32.0.0 - 68.63.255.255
Comcast Cable Communications, Inc.
(NETBLK-JUMPSTART-MICHIGAN-A) JUMPSTART-MICHIGAN-A
68.40.0.0 - 68.43.255.255
Comcast Cable Communications, Inc. (NETBLK-JUMPSTART-MICHIGAN-A)
1275 Ball Road
Jonesville, MI
US
Netname: JUMPSTART-MICHIGAN-A
Netblock: 68.40.0.0 - 68.43.255.255
Coordinator:
Zeibari, Greg (GZ64-ARIN) gzeibari@comcastpc.com
856-661-7929
Domain System inverse mapping provided by:
NS01.JDC01.PA.COMCAST.NET66.45.25.71
NS02.JDC01.PA.COMCAST.NET66.45.25.72
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-10:35:13.446129 63.29.24.126:3151 -> 12.82.137.151:1214
TCP TTL:113 TOS:0x0 ID:62566 IpLen:20 DgmLen:48 DF
******S* Seq: 0x462594 Ack: 0x0 Win: 0x2000 TcpLen: 28
TCP Options (4) => MSS: 536 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-10:35:16.276395 63.29.24.126:3151 -> 12.82.137.151:1214
TCP TTL:113 TOS:0x0 ID:9831 IpLen:20 DgmLen:48 DF
******S* Seq: 0x462594 Ack: 0x0 Win: 0x2000 TcpLen: 28
TCP Options (4) => MSS: 536 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-10:35:22.327039 63.29.24.126:3151 -> 12.82.137.151:1214
TCP TTL:113 TOS:0x0 ID:13927 IpLen:20 DgmLen:48 DF
******S* Seq: 0x462594 Ack: 0x0 Win: 0x2000 TcpLen: 28
TCP Options (4) => MSS: 536 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-10:35:34.338241 63.29.24.126:3151 -> 12.82.137.151:1214
TCP TTL:113 TOS:0x0 ID:37991 IpLen:20 DgmLen:48 DF
******S* Seq: 0x462594 Ack: 0x0 Win: 0x2000 TcpLen: 28
TCP Options (4) => MSS: 536 NOP NOP SackOK
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
Request: 63.29.24.126
connecting to whois.arin.net [192.149.252.34:43] ...
UUNET Technologies, Inc. (NETBLK-NETBLK-UUNET97DU)
3060 Williams Drive, Suite 601
Fairfax, va 22031
US
Netname: NETBLK-UUNET97DU
Netblock: 63.0.0.0 - 63.63.255.255
Maintainer: UUDA
Coordinator:
UUNET, Technical Support (OA12-ARIN) help@uu.net
(800) 900-0241
Domain System inverse mapping provided by:
DIALDNS1.UU.NET153.39.194.10
DIALDNS2.UU.NET153.39.194.26
DIALDNS200.NS.UU.NET195.129.111.3
DIALDNS210.NS.UU.NET195.129.111.4
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-12:59:01.664283 193.252.222.169:1622 -> 12.82.137.151:1214
TCP TTL:112 TOS:0x0 ID:7882 IpLen:20 DgmLen:48 DF
******S* Seq: 0x9B105C35 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-12:59:04.654562 193.252.222.169:1622 -> 12.82.137.151:1214
TCP TTL:112 TOS:0x0 ID:7884 IpLen:20 DgmLen:48 DF
******S* Seq: 0x9B105C35 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-12:59:10.675168 193.252.222.169:1622 -> 12.82.137.151:1214
TCP TTL:112 TOS:0x0 ID:7885 IpLen:20 DgmLen:48 DF
******S* Seq: 0x9B105C35 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
% This is the RIPE Whois server.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 193.252.222.0 - 193.252.222.255
netname: IP2000-ADSL-BAS
descr: France Telecom IP2000 ADSL BAS
descr: BSNAN104 Nantes Bloc1
country: FR
admin-c: WITR1-RIPE
tech-c: WITR1-RIPE
status: ASSIGNED PA
remarks: for hacking, spamming or security problems send mail to
remarks: postmaster@wanadoo.fr AND abuse@wanadoo.fr
remarks: for ANY problem send mail to gestionip.ft@francetelecom.com
source: RIPE
route: 193.252.128.0/17
descr: France Telecom
origin: AS3215
source: RIPE
role: Wanadoo Interactive Technical Role
address: WANADOO INTERACTIVE
address: 48 rue Camille Desmoulins
address: 92791 ISSY LES MOULINEAUX CEDEX 9
address: FR
phone: +33 1 58 88 50 00
e-mail: abuse@wanadoo.fr
e-mail: postmaster@wanadoo.fr
admin-c: FTI-RIPE
tech-c: TEFS1-RIPE
nic-hdl: WITR1-RIPE
notify: gestionip.ft@francetelecom.com
source: RIPE
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-14:08:25.897387 12.243.82.57:64639 -> 12.82.137.151:1214
TCP TTL:116 TOS:0x0 ID:64753 IpLen:20 DgmLen:48 DF
******S* Seq: 0x13D251F Ack: 0x0 Win: 0x2000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-14:08:28.857715 12.243.82.57:64639 -> 12.82.137.151:1214
TCP TTL:116 TOS:0x0 ID:2802 IpLen:20 DgmLen:48 DF
******S* Seq: 0x13D251F Ack: 0x0 Win: 0x2000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-14:08:34.848344 12.243.82.57:64639 -> 12.82.137.151:1214
TCP TTL:116 TOS:0x0 ID:9970 IpLen:20 DgmLen:48 DF
******S* Seq: 0x13D251F Ack: 0x0 Win: 0x2000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/24-14:08:46.849542 12.243.82.57:64639 -> 12.82.137.151:1214
TCP TTL:116 TOS:0x0 ID:25074 IpLen:20 DgmLen:48 DF
******S* Seq: 0x13D251F Ack: 0x0 Win: 0x2000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
Request: 12.243.82.57
connecting to whois.arin.net [192.149.252.34:43] ...
AT&T ITS (NET-ATT)
200 Laurel Avenue South
Middletown, NJ 07748
US Netname: ATT
Netblock: 12.0.0.0 - 12.255.255.255
Maintainer: ATTW
Coordinator:
Kostick, Deirdre (DK71-ARIN) help@IP.ATT.NET
(888)613-6330
Domain System inverse mapping provided by:
DBRU.BR.NS.ELS-GMS.ATT.NET199.191.128.106
DMTU.MT.NS.ELS-GMS.ATT.NET12.127.16.70
CBRU.BR.NS.ELS-GMS.ATT.NET199.191.128.105
CMTU.MT.NS.ELS-GMS.ATT.NET12.127.16.69
===============================================================================
Snort processed 14 packets.
Breakdown by protocol: Action Stats:
TCP: 14 (100.000%) ALERTS: 0
UDP: 0 (0.000%) LOGGED: 0
ICMP: 0 (0.000%) PASSED: 0
ARP: 0 (0.000%)
IPv6: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 0 (0.000%)
===============================================================================