English Forums > General Discussion

Port 5500 - alot of traffic (that is of course denied)

(1/2) > >>

lar.hed:
Just since I am a bit curious: Anyone know why "people" seems to think that port 5500 (udp) with different source and/or desination IPs is funny to run all the time? Someone in the Netherlands just keeps sending this to my static IP - goes in bursts - and well it is denied, so no biggi there (I have no open ports at all, only traffix from my network out so to speak). But why? Any ideas?

MTR:
https://www.speedguide.net/port.php?port=5500

I guess they are trying to find vulnerable VNC/DualDesk setups.

lar.hed:
This is a never ending thing, I still have a heck of alot of traffic trying to get over UDP port 5500 - yes it is still denied of course. But I am intrigued by the fact that who ever is doing this keeps doing it all the time. Currently I have a 100% blocking just because of this...

marjohn56:
Contact the ISP of the offending address, no guarantee they will do anything but in my experience an email to abuse@whicheverisp.com sometimes gets results. I had a case where when I changed ISPs one of my static IP addresses was previously allocated to someone else, they had a device the was constantly trying to open a VPN connection. I contacted my ISP who was able to contact them and a couple of days later it stopped.

lar.hed:
I've sent an email to abuse Telenor (Sweden and Norway funny enough), to look into IPs:

62.127.113.21
62.127.113.39

93.91.111.2
93.91.111.6
93.91.111.10
93.91.111.14
93.91.111.26

The thing I do not get is that my static IP is not the one that I see in the "transactions", like this one:
2020-07-21T08:13:30   11,,,0,igb1,match,block,in,4,0x80,,22,13957,0,DF,17,udp,1356,93.91.111.6,233.184.48.150,5500,5500,1336

Navigation

[0] Message Index

[#] Next page