View Single Post
Old 29-07-2020, 05:52 PM   #15
Apparatus
Arch-Supremacy Member
 
Join Date: May 2005
Posts: 23,951
RE

Just give you guys an example.

2020-07-28, 14:40:24 ALLOW UDP 146.88.240.4:58856 -> 192.168.0.2:500 on eth1
2020-07-28, 14:40:24 BLOCK UDP 146.88.240.4:58856 -> 192.168.10.15:500 on eth1

This IP address 146.88.240.4 is scanning my port on a daily basis and non stop although I block the access. Even when I change my external IP address, it will still come and hunt me. So I am not sure if there is anything within my network that is causing this. My outgoing table log shows nothing on this particular IP address.

A quick WHOIS search on this IP address reveal the following information:

NetHandle: NET-146-88-240-0-1
OrgID: ARBORN
Parent: NET-146-0-0-0-0
NetName: ARBORN
NetRange: 146.88.240.0 - 146.88.255.255
NetType: assignment
Comment: NETSCOUT | Arbor Networks Research Scanner
Comment: https://www.arbor-observatory.com/
RegDate: 2016-10-27
Updated: 2019-06-24
AbuseHandle: ASERT-ARIN
Source: ARIN

Going to the https://www.arbor-observatory.com/ and the main page says



Not sure if its legit... So what do you guys think?
Ha.....ha.....ha......maybe the CIA, Russian, CCP or even our MIW IBs after you leh

Apparatus is offline   Reply With Quote