#1 2019-07-07 06:35:35

holden
Trusted Member
Registered: 2016-07-28
Posts: 14

UDP port 2801

Hi guys,

I was playing with tcpdump on my LES VPS and I noticed that there is some host on the internet sending packets regularly to my VPS on UDP port 2801:

08:27:40.558771 IP (tos 0x0, ttl 51, id 29710, offset 0, flags [DF], proto UDP (17), length 114)
    XXX.XXX.XXX.XXX.48183 > XXX.XXX.XXX.XXX.2801: [udp sum ok] UDP, length 86
	0x0000:  4500 0072 740e 4000 3311 24b8 d99b 28ed  [email protected]$...(.
	0x0010:  ac10 001c bc37 0af1 005e 7523 3865 49db  .....7...^u#8eI.
	0x0020:  5bfe 9a9f 7a33 b8bb 1143 a202 f874 ff1b  [...z3...C...t..
	0x0030:  c84a 14f4 fcc5 3341 97d8 9e2f 5c31 7a89  .J....3A.../\1z.
	0x0040:  ec6d b53f 0491 54ca d477 8fa3 9b92 626c  .m.?..T..w....bl
	0x0050:  e273 4a83 079b b268 68fb df5a bafc 8b2f  .sJ....hh..Z.../
	0x0060:  a692 5561 e100 0000 045d 2190 ce00 0000  ..Ua.....]!.....
	0x0070:  0000  

Now, I have blocked the IP with iptables, but does anyone know what this might be?

Offline

#2 2019-07-07 08:21:48

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,807
Website

Online

Board footer

Powered by FluxBB