ACK_hole: probes to TCP:17300 Kuang2
TCP:17300 has seen some increasing activity lately; I saw a *lot* of activity on 08/05/02.
A question in Intrusion circles is whether this activity represents a return of the old Kuang2 trojan, or if there's something new brewing...
Recent port 17300 probe counts from dshield.org:
2002-08-12 0 0.00%
2002-08-11 242 0.02%
2002-08-10 82 0.00%
2002-08-09 25 0.00%
2002-08-08 58 0.00%
2002-08-07 510 0.02%
2002-08-06 11593 0.46%
2002-08-05 3692 0.19%
2002-08-04 4177 0.15%
2002-08-03 7366 0.45%
2002-08-02 3379 0.13%
2002-08-01 26 0.00%
The captures I got are a little frustrating: I get connection attempts, but never any payloads/exploit insertions, so there's still no evidence (here, at least..) as to what's going on on 17300..
Of these, the vast majority of probes are from cable or DSL hosts in Korea; two are from the United States; one is from China.
Go figure...
Subject: 08/05/02 TCP:17300 Kuang2 - ACID Incident Report
From: ACID Alert
Generated by ACID v0.9.6b21 on Sun August 11, 2002 20:08:04
------------------------------------------------------------------------------
#(321 - 89) [2002-08-05 19:00:19] TCP to 17300 Kuang2
IPv4: 218.232.191.68 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=25900 flags=0 offset=0 TTL=115 chksum=30499
TCP: port=1048 -> dport: 17300 flags=******S* seq=1441966
ack=0 off=7 res=0 win=8192 urp=0 chksum=61238
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 90) [2002-08-05 19:00:19] TCP to 17300 Kuang2
IPv4: 218.232.191.68 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=27180 flags=0 offset=0 TTL=115 chksum=29227
TCP: port=1048 -> dport: 17300 flags=***A**** seq=1441967
ack=2720454999 off=5 res=0 win=8760 urp=0 chksum=40500
Payload: none
------------------------------------------------------------------------------
#(321 - 91) [2002-08-05 19:00:19] TCP to 17300 Kuang2
IPv4: 218.232.191.68 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=27436 flags=0 offset=0 TTL=115 chksum=28971
TCP: port=1048 -> dport: 17300 flags=***A***F seq=1441967
ack=2720454999 off=5 res=0 win=8760 urp=0 chksum=40499
Payload: none
------------------------------------------------------------------------------
# ENGLISH KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 218.232.190.0-218.232.191.255
Network Name : HANANET-CATV-KANGDONGSO
Connect ISP Name : HANANET
Connect Date : 20020730
Registration Date : 20020730
[ Organization Information ]
Orgnization ID : ORG205059
Org Name : HANARO Telecom
State : SEOUL
Address : 1445-3 Seocho-Dong Seocho-Ku
Zip Code : 137-728
------------------------------------------------------------------------------
#(321 - 97) [2002-08-05 19:06:07] TCP to 17300 Kuang2
IPv4: 218.144.237.139 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=15587 flags=0 offset=0 TTL=111 chksum=30077
TCP: port=2197 -> dport: 17300 flags=******S* seq=619708283
ack=0 off=7 res=0 win=16384 urp=0 chksum=31057
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 98) [2002-08-05 19:06:10] TCP to 17300 Kuang2
IPv4: 218.144.237.139 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=15648 flags=0 offset=0 TTL=111 chksum=30016
TCP: port=2197 -> dport: 17300 flags=******S* seq=619708283
ack=0 off=7 res=0 win=16384 urp=0 chksum=31057
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 99) [2002-08-05 19:06:17] TCP to 17300 Kuang2
IPv4: 218.144.237.139 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=15780 flags=0 offset=0 TTL=111 chksum=29884
TCP: port=2197 -> dport: 17300 flags=******S* seq=619708283
ack=0 off=7 res=0 win=16384 urp=0 chksum=31057
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 100) [2002-08-05 19:06:17] TCP to 17300 Kuang2
IPv4: 218.144.237.139 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=15785 flags=0 offset=0 TTL=111 chksum=29887
TCP: port=2197 -> dport: 17300 flags=***A**** seq=619708284
ack=3105400437 off=5 res=0 win=16968 urp=0 chksum=17409
Payload: none
------------------------------------------------------------------------------
#(321 - 101) [2002-08-05 19:06:17] TCP to 17300 Kuang2
IPv4: 218.144.237.139 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=15786 flags=0 offset=0 TTL=111 chksum=29886
TCP: port=2197 -> dport: 17300 flags=***A***F seq=619708284
ack=3105400437 off=5 res=0 win=16968 urp=0 chksum=17408
Payload: none
------------------------------------------------------------------------------
#(321 - 102) [2002-08-05 19:06:21] TCP to 17300 Kuang2
IPv4: 218.144.237.139 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=15858 flags=0 offset=0 TTL=111 chksum=29814
TCP: port=2197 -> dport: 17300 flags=***A**** seq=619708285
ack=3105400437 off=5 res=0 win=16968 urp=0 chksum=17408
Payload: none
------------------------------------------------------------------------------
#(321 - 103) [2002-08-05 19:06:21] TCP to 17300 Kuang2
IPv4: 218.144.237.139 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=15869 flags=0 offset=0 TTL=111 chksum=29803
TCP: port=2197 -> dport: 17300 flags=***A**** seq=619708285
ack=3105400437 off=5 res=0 win=16968 urp=0 chksum=17408
Payload: none
------------------------------------------------------------------------------
#(321 - 104) [2002-08-05 19:06:26] TCP to 17300 Kuang2
IPv4: 218.144.237.139 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=16008 flags=0 offset=0 TTL=111 chksum=29664
TCP: port=2197 -> dport: 17300 flags=***A**** seq=619708285
ack=3105400437 off=5 res=0 win=16968 urp=0 chksum=17408
Payload: none
------------------------------------------------------------------------------
#(321 - 105) [2002-08-05 19:06:26] TCP to 17300 Kuang2
IPv4: 218.144.237.139 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=16010 flags=0 offset=0 TTL=111 chksum=29662
TCP: port=2197 -> dport: 17300 flags=***A**** seq=619708285
ack=3105400437 off=5 res=0 win=16968 urp=0 chksum=17408
Payload: none
------------------------------------------------------------------------------
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 218.144.236.0-218.144.241.255
Network Name : KORNET-XDSL-KANGREUNG
Connect ISP Name : KORNET
Connect Date : 20020127
Registration Date : 20020202
[ Organization Information ]
Orgnization ID : ORG200356
Org Name : KANGREUNG NODE
State : KANGWON
Address : 1294 PONAM2DONG KANGREUNGSI
Zip Code : 210-112
------------------------------------------------------------------------------
#(321 - 106) [2002-08-05 19:07:12] TCP to 17300 Kuang2
IPv4: 211.198.196.52 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=30314 flags=0 offset=0 TTL=111 chksum=27671
TCP: port=2173 -> dport: 17300 flags=******S* seq=1584103253
ack=0 off=7 res=0 win=16384 urp=0 chksum=61492
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 107) [2002-08-05 19:07:12] TCP to 17300 Kuang2
IPv4: 211.198.196.52 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=30319 flags=0 offset=0 TTL=111 chksum=27674
TCP: port=2173 -> dport: 17300 flags=***A**** seq=1584103254
ack=3180378882 off=5 res=0 win=16968 urp=0 chksum=41439
Payload: none
------------------------------------------------------------------------------
#(321 - 108) [2002-08-05 19:07:12] TCP to 17300 Kuang2
IPv4: 211.198.196.52 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=30320 flags=0 offset=0 TTL=111 chksum=27673
TCP: port=2173 -> dport: 17300 flags=***A***F seq=1584103254
ack=3180378882 off=5 res=0 win=16968 urp=0 chksum=41438
Payload: none
------------------------------------------------------------------------------
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 211.198.195.0-211.198.199.255
Network Name : KORNET-INFRA-CHONNAM
Connect ISP Name : KORNET
Connect Date : 20000811
Registration Date : 20000818
[ Organization Information ]
Orgnization ID : ORG109313
Org Name : KOREA TELECOM KWANGJU NODE
State : KWANGJU
Address : 31 changdong dongkoo
Zip Code : 501-060
------------------------------------------------------------------------------
#(321 - 109) [2002-08-05 19:10:12] TCP to 17300 Kuang2
IPv4: 61.85.227.113 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=47410 flags=0 offset=0 TTL=113 chksum=40579
TCP: port=3252 -> dport: 17300 flags=******S* seq=4477985
ack=0 off=7 res=0 win=8192 urp=0 chksum=3214
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 110) [2002-08-05 19:10:13] TCP to 17300 Kuang2
IPv4: 61.85.227.113 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=49970 flags=0 offset=0 TTL=113 chksum=38027
TCP: port=3252 -> dport: 17300 flags=***A**** seq=4477986
ack=3371302095 off=5 res=0 win=8484 urp=0 chksum=29230
Payload: none
------------------------------------------------------------------------------
#(321 - 111) [2002-08-05 19:10:13] TCP to 17300 Kuang2
IPv4: 61.85.227.113 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=50226 flags=0 offset=0 TTL=113 chksum=37771
TCP: port=3252 -> dport: 17300 flags=***A***F seq=4477986
ack=3371302095 off=5 res=0 win=8484 urp=0 chksum=29229
Payload: none
------------------------------------------------------------------------------
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 61.85.220.0-61.85.229.255
Network Name : KORNET-XDSL-NAMCHEONGJU
Connect ISP Name : KORNET
Connect Date : 20011008
Registration Date : 20011009
[ Organization Information ]
Orgnization ID : ORG17152
Org Name : NAMCHEONGJU NODE
State : CHUNGBUK
Address : CHUNGBUKDEITEOTONGSINKUK 1390 BUNPYUNGDONG HEUNGDEOKKU CHEONGJUSI
Zip Code : 361-201
------------------------------------------------------------------------------
#(321 - 112) [2002-08-05 19:21:44] TCP to 17300 Kuang2
IPv4: 211.186.14.28 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=29033 flags=0 offset=0 TTL=112 chksum=9789
TCP: port=2532 -> dport: 17300 flags=******S* seq=4131659681
ack=0 off=7 res=0 win=16384 urp=0 chksum=27807
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 113) [2002-08-05 19:21:45] TCP to 17300 Kuang2
IPv4: 211.186.14.28 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=29041 flags=0 offset=0 TTL=112 chksum=9789
TCP: port=2532 -> dport: 17300 flags=***A**** seq=4131659682
ack=4090195276 off=5 res=0 win=17520 urp=0 chksum=13259
Payload: none
------------------------------------------------------------------------------
#(321 - 114) [2002-08-05 19:21:45] TCP to 17300 Kuang2
IPv4: 211.186.14.28 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=29042 flags=0 offset=0 TTL=112 chksum=9788
TCP: port=2532 -> dport: 17300 flags=***A***F seq=4131659682
ack=4090195276 off=5 res=0 win=17520 urp=0 chksum=13258
Payload: none
------------------------------------------------------------------------------
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 211.186.14.0-211.186.14.255
Network Name : DONGBUSO
Connect ISP Name : THRUNET
Connect Date : 20000926
Registration Date : 20001002
[ Organization Information ]
Orgnization ID : ORG91038
Org Name : Thrunet Co.,Ltd
State : SEOUL
Address : 1338-5 SEOCHO-2DONG SEOCHO-KU
Zip Code : 137-072
------------------------------------------------------------------------------
#(321 - 115) [2002-08-05 19:22:06] TCP to 17300 Kuang2
IPv4: 211.203.213.40 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=60063 flags=0 offset=0 TTL=114 chksum=58344
TCP: port=1802 -> dport: 17300 flags=******S* seq=3109903801
ack=0 off=7 res=0 win=16384 urp=0 chksum=42794
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 116) [2002-08-05 19:22:12] TCP to 17300 Kuang2
IPv4: 211.203.213.40 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=60122 flags=0 offset=0 TTL=114 chksum=58285
TCP: port=1802 -> dport: 17300 flags=******S* seq=3109903801
ack=0 off=7 res=0 win=16384 urp=0 chksum=42794
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 117) [2002-08-05 19:22:16] TCP to 17300 Kuang2
IPv4: 211.203.213.40 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=60219 flags=0 offset=0 TTL=114 chksum=58196
TCP: port=1802 -> dport: 17300 flags=***A**** seq=3109903802
ack=4115937017 off=5 res=0 win=17520 urp=0 chksum=41760
Payload: none
------------------------------------------------------------------------------
#(321 - 118) [2002-08-05 19:22:16] TCP to 17300 Kuang2
IPv4: 211.203.213.40 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=60220 flags=0 offset=0 TTL=114 chksum=58195
TCP: port=1802 -> dport: 17300 flags=***A***F seq=3109903802
ack=4115937017 off=5 res=0 win=17520 urp=0 chksum=41759
Payload: none
------------------------------------------------------------------------------
#(321 - 119) [2002-08-05 19:22:20] TCP to 17300 Kuang2
IPv4: 211.203.213.40 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=60296 flags=0 offset=0 TTL=114 chksum=58119
TCP: port=1802 -> dport: 17300 flags=***A**** seq=3109903803
ack=4115937017 off=5 res=0 win=17520 urp=0 chksum=41759
Payload: none
------------------------------------------------------------------------------
#(321 - 120) [2002-08-05 19:22:22] TCP to 17300 Kuang2
IPv4: 211.203.213.40 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=60362 flags=0 offset=0 TTL=114 chksum=58053
TCP: port=1802 -> dport: 17300 flags=***A**** seq=3109903803
ack=4115937017 off=5 res=0 win=17520 urp=0 chksum=41759
Payload: none
------------------------------------------------------------------------------
#(321 - 121) [2002-08-05 19:22:23] TCP to 17300 Kuang2
IPv4: 211.203.213.40 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=60388 flags=0 offset=0 TTL=114 chksum=58027
TCP: port=1802 -> dport: 17300 flags=***A***F seq=3109903802
ack=4115937017 off=5 res=0 win=17520 urp=0 chksum=41759
Payload: none
------------------------------------------------------------------------------
#(321 - 122) [2002-08-05 19:22:27] TCP to 17300 Kuang2
IPv4: 211.203.213.40 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=60471 flags=0 offset=0 TTL=114 chksum=57944
TCP: port=1802 -> dport: 17300 flags=***A**** seq=3109903803
ack=4115937017 off=5 res=0 win=17520 urp=0 chksum=41759
Payload: none
------------------------------------------------------------------------------
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 211.203.213.0-211.203.213.255
Network Name : GUNSANSO
Connect ISP Name : HANANET
Connect Date : 20001002
Registration Date : 20001004
[ Organization Information ]
Orgnization ID : ORG107485
Org Name : HANARO Telecom
State : SEOUL
Address : 1445-3 Seocho-Dong Seocho-Ku
Zip Code : 137-728
------------------------------------------------------------------------------
#(321 - 123) [2002-08-05 19:25:55] TCP to 17300 Kuang2
IPv4: 211.37.70.97 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=23782 flags=0 offset=0 TTL=113 chksum=528
TCP: port=2815 -> dport: 17300 flags=******S* seq=16413746
ack=0 off=7 res=0 win=8192 urp=0 chksum=62605
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 124) [2002-08-05 19:25:55] TCP to 17300 Kuang2
IPv4: 211.37.70.97 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=24806 flags=0 offset=0 TTL=113 chksum=65047
TCP: port=2815 -> dport: 17300 flags=***A**** seq=16413747
ack=59433315 off=5 res=0 win=8760 urp=0 chksum=14876
Payload: none
------------------------------------------------------------------------------
#(321 - 125) [2002-08-05 19:25:55] TCP to 17300 Kuang2
IPv4: 211.37.70.97 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=25062 flags=0 offset=0 TTL=113 chksum=64791
TCP: port=2815 -> dport: 17300 flags=***A***F seq=16413747
ack=59433315 off=5 res=0 win=8760 urp=0 chksum=14875
Payload: none
------------------------------------------------------------------------------
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 211.37.70.0-211.37.70.255
Network Name : HANANET-CATV-KIMJESO
Connect ISP Name : HANANET
Connect Date : 20010702
Registration Date : 20010702
[ Organization Information ]
Orgnization ID : ORG217152
Org Name : Hanaro Telecom Inc.
State : SEOUL
Address : 1445-3 Seocho-Dong Seocho-Ku
Zip Code : 137-728
------------------------------------------------------------------------------
#(321 - 126) [2002-08-05 19:28:06] TCP to 17300 Kuang2
IPv4: 218.54.32.208 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=2679 flags=0 offset=0 TTL=114 chksum=29183
TCP: port=2774 -> dport: 17300 flags=******S* seq=1406656725
ack=0 off=7 res=0 win=16384 urp=0 chksum=13238
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 127) [2002-08-05 19:28:06] TCP to 17300 Kuang2
IPv4: 218.54.32.208 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=2690 flags=0 offset=0 TTL=114 chksum=29180
TCP: port=2774 -> dport: 17300 flags=***A**** seq=1406656726
ack=206639444 off=5 res=0 win=17520 urp=0 chksum=15957
Payload: none
------------------------------------------------------------------------------
#(321 - 128) [2002-08-05 19:28:06] TCP to 17300 Kuang2
IPv4: 218.54.32.208 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=2692 flags=0 offset=0 TTL=114 chksum=29178
TCP: port=2774 -> dport: 17300 flags=***A***F seq=1406656726
ack=206639444 off=5 res=0 win=17520 urp=0 chksum=15956
Payload: none
------------------------------------------------------------------------------
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 218.54.32.0-218.54.32.255
Network Name : HANANET-XDSL-KWANGJUKWANGSAN
Connect ISP Name : HANANET
Connect Date : 20020311
Registration Date : 20020311
[ Organization Information ]
Orgnization ID : ORG228901
Org Name : Hanaro Telecom Inc.
State : SEOUL
Address : 1445-3 Seocho-Dong Seocho-Ku
Zip Code : 137-728
------------------------------------------------------------------------------
#(321 - 129) [2002-08-05 19:28:18] TCP to 17300 Kuang2
IPv4: 24.55.169.189 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=56038 flags=0 offset=0 TTL=107 chksum=57761
TCP: port=3142 -> dport: 17300 flags=******S* seq=1742253661
ack=0 off=7 res=0 win=16384 urp=0 chksum=35279
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 130) [2002-08-05 19:28:18] TCP to 17300 Kuang2
IPv4: 24.55.169.189 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=56050 flags=0 offset=0 TTL=107 chksum=57757
TCP: port=3142 -> dport: 17300 flags=***A**** seq=1742253662
ack=217847004 off=5 res=0 win=17520 urp=0 chksum=36923
Payload: none
------------------------------------------------------------------------------
#(321 - 131) [2002-08-05 19:28:18] TCP to 17300 Kuang2
IPv4: 24.55.169.189 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=56051 flags=0 offset=0 TTL=107 chksum=57756
TCP: port=3142 -> dport: 17300 flags=***A***F seq=1742253662
ack=217847004 off=5 res=0 win=17520 urp=0 chksum=36922
Payload: none
------------------------------------------------------------------------------
Adelphia Cable Communications (NETBLK-AMHRNY-CMTS11-1)
Main at Water
Coudersport, PA 16915
US
Netname: AMHRNY-CMTS11-1
Netblock: 24.55.168.0 - 24.55.169.255
Coordinator:
Hostmaster, Adelphia (AH102-ARIN) ipadmin@adelphia.net
814.274.0638 (FAX) 814.274.8457
------------------------------------------------------------------------------
#(321 - 132) [2002-08-05 19:35:21] TCP to 17300 Kuang2
IPv4: 12.144.139.64 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=5736 flags=0 offset=0 TTL=122 chksum=49476
TCP: port=2899 -> dport: 17300 flags=******S* seq=16705434
ack=0 off=7 res=0 win=8192 urp=0 chksum=1568
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 133) [2002-08-05 19:35:22] TCP to 17300 Kuang2
IPv4: 12.144.139.64 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=7016 flags=0 offset=0 TTL=122 chksum=48204
TCP: port=2899 -> dport: 17300 flags=***A**** seq=16705435
ack=668852347 off=5 res=0 win=8576 urp=0 chksum=9567
Payload: none
------------------------------------------------------------------------------
#(321 - 134) [2002-08-05 19:35:22] TCP to 17300 Kuang2
IPv4: 12.144.139.64 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=7272 flags=0 offset=0 TTL=122 chksum=47948
TCP: port=2899 -> dport: 17300 flags=***A***F seq=16705435
ack=668852347 off=5 res=0 win=8576 urp=0 chksum=9566
Payload: none
------------------------------------------------------------------------------
Request: NETBLK-ELLENSBURG918-136@whois.arin.net
connecting to whois.arin.net [63.146.182.182:43] ...
ELLENSBURG TELEPHONE CO (NETBLK-ELLENSBURG918-136)
305 NORTH RUBY STREET
ELLENSBURG, WA 98926
US
Netname: ELLENSBURG918-136
Netblock: 12.144.136.0 - 12.144.139.255
Coordinator:
rossow, dan (ZZ211-ARIN) rossowd@elltel.com
509-962-0253
------------------------------------------------------------------------------
#(321 - 135) [2002-08-05 19:35:27] TCP to 17300 Kuang2
IPv4: 61.79.235.54 -> 12.82.132.249
hlen=5 TOS=0 dlen=64 ID=8681 flags=0 offset=0 TTL=112 chksum=12030
TCP: port=4047 -> dport: 17300 flags=******S* seq=2422749686
ack=0 off=11 res=0 win=5248 urp=0 chksum=18969
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - WS len=3 data=03
#4 - NOP len=0
#5 - NOP len=0
#6 - TS len=10 data=0000000000000000
#7 - NOP len=0
#8 - NOP len=0
#9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 136) [2002-08-05 19:35:27] TCP to 17300 Kuang2
IPv4: 61.79.235.54 -> 12.82.132.249
hlen=5 TOS=0 dlen=52 ID=8685 flags=0 offset=0 TTL=112 chksum=12038
TCP: port=4047 -> dport: 17300 flags=***A**** seq=2422749687
ack=668044841 off=8 res=0 win=58000 urp=0 chksum=25300
Options:
#1 - NOP len=0
#2 - NOP len=0
#3 - TS len=10 data=0000EBBB0147B6C6
Payload: none
------------------------------------------------------------------------------
#(321 - 137) [2002-08-05 19:35:27] TCP to 17300 Kuang2
IPv4: 61.79.235.54 -> 12.82.132.249
hlen=5 TOS=0 dlen=52 ID=8693 flags=0 offset=0 TTL=112 chksum=12030
TCP: port=4047 -> dport: 17300 flags=***A***F seq=2422749687
ack=668044841 off=8 res=0 win=58000 urp=0 chksum=25299
Options:
#1 - NOP len=0
#2 - NOP len=0
#3 - TS len=10 data=0000EBBB0147B6C6
Payload: none
------------------------------------------------------------------------------
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 61.79.234.0-61.79.235.255
Network Name : KORNET-XDSL-NAMINCHON
Connect ISP Name : KORNET
Connect Date : 20010622
Registration Date : 20010628
[ Organization Information ]
Orgnization ID : ORG204249
Org Name : KOREA TELECOM NAMINCHUN NODE
State : INCHON
Address : 520-3 KANSEOK1DONG NAMDONGKU
Zip Code : 405-231
------------------------------------------------------------------------------
#(321 - 138) [2002-08-05 19:35:47] TCP to 17300 Kuang2
IPv4: 61.98.196.160 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=35891 flags=0 offset=0 TTL=110 chksum=60742
TCP: port=3147 -> dport: 17300 flags=******S* seq=1910017009
ack=0 off=7 res=0 win=16384 urp=0 chksum=25128
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 139) [2002-08-05 19:35:50] TCP to 17300 Kuang2
IPv4: 61.98.196.160 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=35955 flags=0 offset=0 TTL=110 chksum=60678
TCP: port=3147 -> dport: 17300 flags=******S* seq=1910017009
ack=0 off=7 res=0 win=16384 urp=0 chksum=25128
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 140) [2002-08-05 19:35:52] TCP to 17300 Kuang2
IPv4: 61.98.196.160 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=36014 flags=0 offset=0 TTL=110 chksum=60627
TCP: port=3147 -> dport: 17300 flags=***A**** seq=1910017010
ack=702376805 off=5 res=0 win=17520 urp=0 chksum=62761
Payload: none
------------------------------------------------------------------------------
#(321 - 141) [2002-08-05 19:35:52] TCP to 17300 Kuang2
IPv4: 61.98.196.160 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=36015 flags=0 offset=0 TTL=110 chksum=60626
TCP: port=3147 -> dport: 17300 flags=***A***F seq=1910017010
ack=702376805 off=5 res=0 win=17520 urp=0 chksum=62760
Payload: none
------------------------------------------------------------------------------
#(321 - 142) [2002-08-05 19:35:56] TCP to 17300 Kuang2
IPv4: 61.98.196.160 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=36084 flags=0 offset=0 TTL=110 chksum=60557
TCP: port=3147 -> dport: 17300 flags=***A**** seq=1910017011
ack=702376805 off=5 res=0 win=17520 urp=0 chksum=62760
Payload: none
------------------------------------------------------------------------------
#(321 - 143) [2002-08-05 19:35:56] TCP to 17300 Kuang2
IPv4: 61.98.196.160 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=36091 flags=0 offset=0 TTL=110 chksum=60550
TCP: port=3147 -> dport: 17300 flags=***A**** seq=1910017011
ack=702376805 off=5 res=0 win=17520 urp=0 chksum=62760
Payload: none
------------------------------------------------------------------------------
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 61.98.196.0-61.98.196.255
Network Name : THRUNET-CATV-SONGPAOWN
Connect ISP Name : THRUNET
Connect Date : 20010808
Registration Date : 20011124
[ Organization Information ]
Orgnization ID : ORG17122
Org Name : THRUNET
State : SEOUL
Address : 1338-5 seocho-2dong seocho-ku
Zip Code : 137-072
------------------------------------------------------------------------------
#(321 - 144) [2002-08-05 19:41:36] TCP to 17300 Kuang2
IPv4: 24.28.32.214 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=57214 flags=0 offset=0 TTL=108 chksum=25868
TCP: port=2581 -> dport: 17300 flags=******S* seq=15895651
ack=0 off=7 res=0 win=8192 urp=0 chksum=48611
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 145) [2002-08-05 19:41:36] TCP to 17300 Kuang2
IPv4: 24.28.32.214 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=57470 flags=0 offset=0 TTL=108 chksum=25620
TCP: port=2581 -> dport: 17300 flags=***A**** seq=15895652
ack=1062990718 off=5 res=0 win=8760 urp=0 chksum=46469
Payload: none
------------------------------------------------------------------------------
#(321 - 146) [2002-08-05 19:41:36] TCP to 17300 Kuang2
IPv4: 24.28.32.214 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=57726 flags=0 offset=0 TTL=108 chksum=25364
TCP: port=2581 -> dport: 17300 flags=***A***F seq=15895652
ack=1062990718 off=5 res=0 win=8760 urp=0 chksum=46468
Payload: none
------------------------------------------------------------------------------
ServiceCo LLC - Road Runner (NET-ROAD-RUNNER-1)
13241 Woodland Park Road
Herndon, VA 20171
US
Netname: ROAD-RUNNER-1
Netblock: 24.24.0.0 - 24.29.255.255
Maintainer: SCRR
Coordinator:
ServiceCo LLC (ZS30-ARIN) abuse@rr.com
1-703-345-3416
------------------------------------------------------------------------------
#(321 - 147) [2002-08-05 20:15:46] TCP to 17300 Kuang2
IPv4: 61.182.210.112 -> 12.82.132.249
hlen=5 TOS=0 dlen=48 ID=4367 flags=0 offset=0 TTL=110 chksum=23111
TCP: port=2052 -> dport: 17300 flags=******S* seq=3566956963
ack=0 off=7 res=0 win=16384 urp=0 chksum=4054
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(321 - 148) [2002-08-05 20:15:47] TCP to 17300 Kuang2
IPv4: 61.182.210.112 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=4451 flags=0 offset=0 TTL=110 chksum=23035
TCP: port=2052 -> dport: 17300 flags=***A**** seq=3566956964
ack=3224228673 off=5 res=0 win=17520 urp=0 chksum=42154
Payload: none
------------------------------------------------------------------------------
#(321 - 149) [2002-08-05 20:15:50] TCP to 17300 Kuang2
IPv4: 61.182.210.112 -> 12.82.132.249
hlen=5 TOS=0 dlen=40 ID=4817 flags=0 offset=0 TTL=110 chksum=22669
TCP: port=2052 -> dport: 17300 flags=***A***F seq=3566956964
ack=3224228673 off=5 res=0 win=17520 urp=0 chksum=42153
Payload: none
------------------------------------------------------------------------------
inetnum: 61.182.210.0 - 61.182.210.127
netname: XIARI-NETCLUB
descr: XIARI-NETCLUB IN TANGSHAN CITY
country: CN
admin-c: ZC24-AP
tech-c: ZC24-AP
mnt-by: MAINT-CHINANET-HE
changed: ipcontrol@public.sj.he.cn 20010402
source: APNIC
person: zhiyong chen
address: hebei province shijiazhuang
address: fanxi road No.19
address: hebei shuju tongxin ju
country: CN
This page last preened by Webmaster jsage@finchhaven.com on:
Last modified: Sun Aug 11 21:05:18 2002