Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Port 5500 - alot of traffic (that is of course denied)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Port 5500 - alot of traffic (that is of course denied) (Read 2635 times)
lar.hed
Sr. Member
Posts: 323
Karma: 10
Port 5500 - alot of traffic (that is of course denied)
«
on:
July 13, 2020, 10:24:34 am »
Just since I am a bit curious: Anyone know why "people" seems to think that port 5500 (udp) with different source and/or desination IPs is funny to run all the time? Someone in the Netherlands just keeps sending this to my static IP - goes in bursts - and well it is denied, so no biggi there (I have no open ports at all, only traffix from my network out so to speak). But why? Any ideas?
Logged
MTR
Newbie
Posts: 35
Karma: 4
Re: Port 5500 - alot of traffic (that is of course denied)
«
Reply #1 on:
July 13, 2020, 10:42:55 am »
https://www.speedguide.net/port.php?port=5500
I guess they are trying to find vulnerable VNC/DualDesk setups.
Logged
lar.hed
Sr. Member
Posts: 323
Karma: 10
Re: Port 5500 - alot of traffic (that is of course denied)
«
Reply #2 on:
July 18, 2020, 12:21:39 pm »
This is a never ending thing, I still have a heck of alot of traffic trying to get over UDP port 5500 - yes it is still denied of course. But I am intrigued by the fact that who ever is doing this keeps doing it all the time. Currently I have a 100% blocking just because of this...
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Port 5500 - alot of traffic (that is of course denied)
«
Reply #3 on:
July 18, 2020, 12:27:14 pm »
Contact the ISP of the offending address, no guarantee they will do anything but in my experience an email to abuse@whicheverisp.com sometimes gets results. I had a case where when I changed ISPs one of my static IP addresses was previously allocated to someone else, they had a device the was constantly trying to open a VPN connection. I contacted my ISP who was able to contact them and a couple of days later it stopped.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
lar.hed
Sr. Member
Posts: 323
Karma: 10
Re: Port 5500 - alot of traffic (that is of course denied)
«
Reply #4 on:
July 21, 2020, 08:22:24 am »
I've sent an email to abuse Telenor (Sweden and Norway funny enough), to look into IPs:
62.127.113.21
62.127.113.39
93.91.111.2
93.91.111.6
93.91.111.10
93.91.111.14
93.91.111.26
The thing I do not get is that my static IP is not the one that I see in the "transactions", like this one:
2020-07-21T08:13:30 11,,,0,igb1,match,block,in,4,0x80,,22,13957,0,DF,17,udp,1356,93.91.111.6,233.184.48.150,5500,5500,1336
Logged
lar.hed
Sr. Member
Posts: 323
Karma: 10
Re: Port 5500 - alot of traffic (that is of course denied)
«
Reply #5 on:
July 22, 2020, 10:35:27 pm »
I decided to create a floating rule just to a) get a counter of how many per day, and b) remove the lines from the log....
I get about +120.000 requests from who-ever-is-doing-this...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Port 5500 - alot of traffic (that is of course denied)