[Opensim-users] Port probes
Kevin Buckley
kevin at buckley70.freeserve.co.uk
Tue Jan 24 15:53:22 UTC 2012
Having recently restarted my local opensim server I find that the access
port is attracting a huge volume of what seem to be port probes. On the
console it looks like this:
15:18:27 - [LLUDPSERVER]: Malformed data, cannot parse 28 byte packet from
109.170.204.74:10646:
15:18:27 - 23 5A 02 E3 2A F7 56 8B 79 D5 94 B4 26 78 C8 E2
2C 79 90 65 62 4D 2E 4E 9D CC 6B 89
15:20:34 - [LLUDPSERVER]: Malformed data, cannot parse 28 byte packet from
86.164.18.198:57353:
15:20:34 - 24 F0 02 A6 11 7F 18 8B 79 D5 94 B6 28 22 ED 60
BE 20 5A 4E 7F 9F 26 80 2F B6 C5 82
15:30:18 - [LLUDPSERVER]: Malformed data, cannot parse 28 byte packet from
174.118.94.143:3320:
15:30:18 - BE B9 02 9B 16 04 46 A4 36 2E 93 97 3E 5C C3 DA
02 20 D2 DA 5F A1 07 69 7F B4 B6 05
There are many hundreds of them throughout the day - often from the same
source, often from a variety of souces. Leaving a port sniffer running
(Wireshark) confirms that this is real. If I search on some of the IP
addresses, some of them show up in Google as previous spambot or phishing
sources.
If I run 'ShieldsUp' it shows that the opensim port DOES respond if poked
remotely.
Has anyone seen this? Is it a problem?
I would have thought that it would be better for the Opensim access port to
be stealthy unless it receives a valid UDP packet?
Regards, Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-users/attachments/20120124/75f95b28/attachment.html>
More information about the Opensim-users
mailing list