What is this in IP tables logwatch

charu · 11-27-2010, 04:28 AM

Everyday logwatch sends me the following information from IPTables and it seems odd, can anyone tell me are these entries odd, they all seem to be to two ports 28960 and 28964

Code:

--------------------- iptables firewall Begin ------------------------ 

 
 Logged 9696 packets on interface eth0
   From 1.1.50.254 - 2 packets to udp(28960) 
   From 2.60.42.195 - 1 packet to udp(28960) 
   From 2.81.152.117 - 1 packet to udp(28964) 
   From 2.83.123.106 - 1 packet to udp(28964) 
   From 2.93.8.149 - 1 packet to udp(28964) 
   From 2.93.10.136 - 1 packet to udp(28964) 
   From 2.94.85.194 - 2 packets to udp(29460) 
   From 2.94.137.138 - 1 packet to udp(28960) 
   From 2.94.223.113 - 1 packet to udp(28964) 
   From 2.95.26.181 - 1 packet to udp(28964) 
   From 2.95.53.248 - 1 packet to udp(28964) 
   From 2.95.194.243 - 2 packets to udp(28964) 
   From 2.96.250.129 - 1 packet to udp(28964) 
   From 2.123.89.187 - 1 packet to udp(29460) 
   From 8.17.251.197 - 30 packets to udp(28964) 
   From 8.25.28.122 - 1 packet to udp(28964) 
   From 10.102.28.16 - 1 packet to udp(28964) 
   From 12.167.241.89 - 1 packet to udp(29460) 
   From 12.201.8.210 - 1 packet to udp(28964) 
   From 12.222.210.165 - 1 packet to udp(28964) 
   From 12.228.104.26 - 1 packet to udp(29460) 
   From 14.203.66.97 - 1 packet to udp(28964) 
   From 24.0.114.208 - 1 packet to udp(28964) 
   From 24.1.174.168 - 1 packet to udp(29460) 
   From 24.1.212.41 - 6 packets to udp(28961,29460) 
   From 24.3.168.87 - 7 packets to udp(28964) 
   From 24.5.219.34 - 1 packet to udp(29460) 
   From 24.6.117.68 - 1 packet to udp(28964) 
   From 24.7.87.91 - 1 packet to udp(28960) 
   From 24.7.247.235 - 4 packets to udp(29460) 
   From 24.10.103.89 - 1 packet to udp(29460) 
   From 24.11.129.116 - 2 packets to udp(28964) 
   From 24.12.108.162 - 6 packets to udp(28961,28962,29460) 
   From 24.12.123.131 - 2 packets to udp(28964) 
   From 24.12.198.90 - 3 packets to udp(28961,28962,29460) 
   From 24.14.133.25 - 1 packet to udp(29460) 
   From 24.14.252.90 - 5 packets to udp(29460) 
   From 24.15.82.249 - 4 packets to udp(28960) 
   From 24.16.67.207 - 1 packet to udp(28964) 
   From 24.17.139.166 - 1 packet to udp(28964) 
   From 24.20.93.52 - 5 packets to udp(28964) 
   From 24.20.245.35 - 2 packets to udp(28964) 
   From 24.22.50.84 - 1 packet to udp(28960) 
   From 24.22.76.99 - 1 packet to udp(28964) 
   From 24.22.140.183 - 1 packet to udp(28964) 
   From 24.22.160.24 - 1 packet to udp(28964) 
   From 24.24.135.49 - 1 packet to udp(29460) 
   From 24.32.33.203 - 1 packet to udp(28960) 
   From 24.35.29.188 - 1 packet to udp(28964) 
   From 24.57.177.150 - 4 packets to udp(28961,29460) 
   From 24.58.5.231 - 1 packet to udp(28960) 
   From 24.58.175.133 - 3 packets to udp(28961,28962,29460) 
   From 24.58.190.69 - 1 packet to udp(28964) 
   From 24.62.104.36 - 1 packet to udp(28964) 
   From 24.63.249.50 - 1 packet to udp(29460) 
   From 24.64.116.34 - 1 packet to udp(28964) 
   From 24.64.127.233 - 1 packet to udp(29460) 
   From 24.66.120.59 - 1 packet to udp(29460) 
   From 24.68.217.106 - 5 packets to udp(29460) 
   From 24.78.138.231 - 8 packets to udp(29460) 
   From 24.78.166.198 - 1 packet to udp(27015) 
   From 24.81.27.108 - 8 packets to udp(29460) 
   From 24.85.251.123 - 1 packet to udp(28964) 
   From 24.87.5.123 - 2 packets to udp(28964) 
   From 24.92.77.229 - 1 packet to udp(28960) 
   From 24.94.84.13 - 1 packet to udp(28964) 
   From 24.98.231.212 - 1 packet to udp(28964) 
   From 24.98.243.22 - 2 packets to udp(29460) 
   From 24.99.99.2 - 1 packet to udp(28964) 
   From 24.107.120.228 - 1 packet to udp(28964) 
   From 24.107.216.62 - 1 packet to udp(28964) 
   From 24.108.27.80 - 1 packet to udp(28964) 
   From 24.108.147.63 - 1 packet to udp(28960) 
   From 24.118.77.242 - 1 packet to udp(29460) 
   From 24.118.165.9 - 1 packet to udp(28964) 
   From 24.121.180.251 - 8 packets to udp(29460) 
   From 24.122.21.33 - 3 packets to udp(28964) 
   From 24.122.41.60 - 1 packet to udp(29460) 
   From 24.124.95.184 - 1 packet to udp(28960) 
   From 24.125.190.169 - 1 packet to udp(28962) 
   From 24.128.21.120 - 1 packet to udp(28964) 
   From 24.130.68.221 - 2 packets to udp(29460) 
   From 24.136.32.112 - 6 packets to udp(28961,29460) 
   From 24.138.191.171 - 1 packet to udp(28960) 
   From 24.141.12.187 - 6 packets to udp(28964) 
   From 24.147.173.67 - 3 packets to udp(28964) 
   From 24.148.242.124 - 1 packet to udp(28960) 
   From 24.155.70.63 - 3 packets to udp(29460) 
   From 24.155.184.76 - 2 packets to udp(28964) 
   From 24.159.166.178 - 1 packet to udp(28964) 
   From 24.172.212.250 - 3 packets to udp(28960) 
   From 24.176.29.232 - 1 packet to udp(28964) 
   From 24.180.143.65 - 1 packet to udp(28964) 
   From 24.180.150.216 - 1 packet to udp(29460) 
   From 24.183.133.187 - 2 packets to udp(29460) 
   From 24.183.225.199 - 1 packet to udp(28964) 
   From 24.184.67.191 - 4 packets to udp(28961,29460) 
   From 24.197.156.185 - 1 packet to udp(28964) 
   From 24.197.192.92 - 2 packets to udp(29460) 
   From 24.200.90.22 - 10 packets to udp(28964) 
   From 24.200.150.159 - 1 packet to udp(29460) 
   From 24.201.24.225 - 1 packet to udp(28964) 
   From 24.201.199.22 - 1 packet to udp(28964) 
   From 24.201.201.179 - 2 packets to udp(28964) 
   From 24.202.39.212 - 12 packets to udp(28961,28962,29460) 
   From 24.202.131.173 - 1 packet to udp(28964) 
   From 24.202.247.47 - 1 packet to udp(29460) 
   From 24.207.194.156 - 1 packet to udp(28964) 
   From 24.208.178.77 - 1 packet to udp(28964) 
   From 24.217.154.201 - 2 packets to udp(28964) 
   From 24.218.22.139 - 1 packet to udp(28964) 
   From 24.222.190.166 - 1 packet to udp(28960) 
   From 24.226.243.55 - 9 packets to udp(28960) 
   From 24.228.38.65 - 1 packet to udp(28964) 
   From 24.229.193.214 - 2 packets to udp(28960) 
   From 24.230.109.51 - 1 packet to udp(28964) 
   From 24.235.159.185 - 1 packet to udp(29460) 
   From 24.236.137.184 - 1 packet to udp(28960) 
   From 24.237.101.138 - 1 packet to udp(28964) 
   From 24.238.54.57 - 1 packet to udp(28960) 
   From 24.240.34.12 - 2 packets to udp(28964) 
   From 24.242.162.46 - 1 packet to udp(28964) 
   From 24.245.14.212 - 8 packets to udp(28961,28962,29460) 
   From 24.251.44.47 - 2 packets to udp(28960) 
   From 24.252.123.40 - 2 packets to udp(28960) 
   From 24.252.130.171 - 2 packets to udp(29460) 
   From 24.252.148.103 - 1 packet to udp(28960) 
   From 24.253.93.91 - 1 packet to udp(28964) 
   From 27.32.40.206 - 1 packet to udp(28964) 
   From 27.106.25.68 - 1 packet to udp(28964) 
   From 38.114.82.94 - 1 packet to udp(29460) 
   From 41.56.30.49 - 1 packet to udp(28964) 
   From 41.105.80.15 - 1 packet to udp(28964) 
   From 41.105.82.86 - 3 packets to udp(28964) 
   From 41.132.51.50 - 10 packets to udp(28961,28962,29460) 
   From 41.132.147.203 - 1 packet to udp(28964) 
   From 41.132.252.87 - 1 packet to udp(28964) 
   From 41.133.32.131 - 1 packet to udp(28964) 
   From 41.133.84.35 - 1 packet to udp(28964) 
   From 41.144.116.211 - 2 packets to udp(28964) 
   From 41.174.3.59 - 1 packet to udp(28964) 
   From 41.190.2.228 - 1 packet to udp(5060) 
   From 41.199.180.34 - 1 packet to udp(28964) 
   From 41.214.153.162 - 1 packet to udp(28964) 
   From 41.226.160.180 - 1 packet to udp(28964) 
   From 41.237.217.136 - 1 packet to udp(28960) 
   From 41.240.150.114 - 1 packet to udp(28964) 
   From 41.240.152.212 - 1 packet to udp(28964) 
   From 41.240.197.133 - 1 packet to udp(28960) 
   From 41.241.7.157 - 1 packet to udp(28964) 
   From 46.0.173.31 - 2 packets to udp(28964) 
   From 46.0.182.190 - 1 packet to udp(28964) 
   From 46.0.199.171 - 2 packets to udp(28964) 
   From 46.5.62.237 - 1 packet to udp(28964) 
   From 46.8.138.193 - 2 packets to udp(28964) 
   From 46.12.25.183 - 1 packet to udp(28964) 
   From 46.29.209.200 - 1 packet to udp(28960) 
   From 46.41.91.212 - 1 packet to udp(28964) 
   From 46.63.103.135 - 2 packets to udp(28960) 
   From 46.73.8.40 - 3 packets to udp(28964) 
   From 46.73.80.93 - 1 packet to udp(28964) 
   From 46.73.81.202 - 5 packets to udp(28964) 
   From 46.98.25.203 - 1 packet to udp(28960) 
   From 46.109.92.248 - 1 packet to udp(28964) 
   From 46.118.84.60 - 1 packet to udp(28960) 
   From 46.118.176.22 - 1 packet to udp(28960) 
   From 46.118.196.160 - 1 packet to udp(28964) 
   From 46.118.211.47 - 1 packet to udp(28964) 
   From 46.118.227.235 - 1 packet to udp(28964) 
   From 46.129.19.191 - 1 packet to udp(28964) 
   From 46.134.230.179 - 1 packet to udp(28964) 
   From 46.146.0.167 - 1 packet to udp(28964) 
   From 46.146.38.36 - 1 packet to udp(28964) 
   From 46.146.87.191 - 1 packet to udp(28960) 
   From 46.146.97.119 - 1 packet to udp(28964) 
   From 46.146.109.134 - 2 packets to udp(28964) 
   From 46.148.100.206 - 1 packet to udp(28964) 
   From 58.96.32.221 - 1 packet to udp(28964) 
   From 58.164.104.204 - 1 packet to udp(28964) 
   From 58.165.19.112 - 1 packet to udp(28964) 
   From 58.169.108.146 - 1 packet to udp(28964) 
   From 58.169.161.205 - 1 packet to udp(28964) 
   From 58.169.255.241 - 2 packets to udp(28962,29460) 
   From 58.170.83.140 - 3 packets to udp(28961,28962,29460) 
   From 58.172.137.91 - 3 packets to udp(29460) 
   From 58.172.224.31 - 1 packet to udp(28964) 
   From 58.175.114.192 - 2 packets to udp(28964) 
   From 58.208.235.250 - 1 packet to udp(28964) 
   From 58.247.241.175 - 1 packet to udp(28964) 
   From 59.23.239.15 - 1 packet to udp(28964) 
   From 59.100.20.115 - 2 packets to udp(29460) 
   From 59.100.88.252 - 1 packet to udp(28964) 
   From 59.101.144.220 - 1 packet to udp(28964) 
   From 59.177.41.113 - 4 packets to udp(28961,29460) 
   From 59.180.3.55 - 2 packets to tcp(23) 
   From 59.189.225.56 - 1 packet to udp(28964) 
   From 60.32.43.227 - 1 packet to udp(28964) 
   From 60.49.60.221 - 2 packets to udp(28964) 
   From 60.52.114.114 - 1 packet to udp(28964) 
   From 60.226.67.244 - 1 packet to udp(28964) 
   From 60.226.101.19 - 2 packets to udp(28964) 
   From 60.226.112.33 - 1 packet to udp(28964) 
   From 60.228.95.209 - 1 packet to udp(28964) 
   From 60.231.213.230 - 1 packet to udp(28964) 
   From 60.234.38.50 - 1 packet to udp(28964) 
   From 60.240.183.13 - 2 packets to udp(28964) 
   From 60.241.153.181 - 1 packet to udp(28964) 
   From 61.8.232.97 - 2 packets to udp(28964) 
   From 61.80.248.243 - 6 packets to udp(28961,28962,29460) 
   From 61.137.89.46 - 5 packets to udp(5060) 
   From 61.158.77.60 - 1 packet to udp(28964) 
   From 61.160.207.125 - 5 packets to tcp(2967) 
   From 61.177.143.202 - 5 packets to tcp(2967) 
   From 61.202.25.33 - 1 packet to udp(64293) 
   From 62.10.9.242 - 3 packets to udp(28961,28962,29460) 
   From 62.16.119.228 - 1 packet to udp(28964) 
   From 62.16.119.229 - 1 packet to udp(28964) 
   From 62.16.192.42 - 1 packet to udp(28964) 
   From 62.20.48.111 - 1 packet to udp(28964) 
   From 62.21.60.47 - 1 packet to udp(28964) 
   From 62.28.78.54 - 1 packet to udp(19557) 
   From 62.31.160.15 - 6 packets to udp(28964) 
   From 62.33.13.209 - 3 packets to udp(28964) 
   From 62.33.34.228 - 1 packet to udp(28964) 
   From 62.34.172.9 - 4 packets to udp(28964) 
   From 62.47.51.201 - 3 packets to udp(28964) 
   From 62.47.166.210 - 4 packets to udp(29460) 
   From 62.48.117.7 - 1 packet to udp(28964) 
   From 62.54.4.151 - 1 packet to udp(28964) 
   From 62.69.234.87 - 3 packets to udp(28961,28962,29460) 
   From 62.73.71.92 - 1 packet to udp(25954) 
   From 62.77.253.127 - 2 packets to udp(29460) 
   From 62.101.50.174 - 1 packet to udp(28964) 
   From 62.103.77.119 - 3 packets to udp(28964) 
   From 62.106.7.238 - 1 packet to udp(28964) 
   From 62.107.48.83 - 2 packets to udp(28961,28962) 
   From 62.121.79.169 - 1 packet to udp(28964) 
   From 62.122.182.79 - 2 packets to udp(28964) 
   From 62.122.208.168 - 1 packet to udp(28964) 
   From 62.140.253.9 - 2 packets to udp(28964) 
   From 62.141.220.217 - 2 packets to udp(29460) 
   From 62.147.181.231 - 2 packets to udp(28964) 
   From 62.149.162.206 - 3 packets to tcp(1433) 
   From 62.163.75.95 - 1 packet to udp(28960) 
   From 62.176.15.9 - 1 packet to udp(28964) 
   From 62.178.91.186 - 1 packet to udp(28964) 
   From 62.182.51.108 - 1 packet to udp(28960) 
   From 62.182.52.8 - 6 packets to udp(28960) 
   From 62.182.81.165 - 1 packet to udp(28960) 
   From 62.182.81.166 - 1 packet to udp(28960) 
   From 62.182.81.167 - 2 packets to udp(28960,28964) 
   From 62.182.82.234 - 2 packets to udp(28960) 
   From 62.194.80.219 - 1 packet to udp(28964) 
   From 62.203.62.180 - 1 packet to udp(29460) 
   From 62.203.143.252 - 1 packet to udp(28964) 
   From 62.205.234.8 - 27 packets to udp(28961,28962,29460) 
   From 62.220.35.178 - 1 packet to udp(28964) 
   From 62.235.212.88 - 1 packet to udp(28960) 
   From 62.235.215.159 - 1 packet to udp(28964) 
   From 62.240.88.222 - 6 packets to udp(28964) 
   From 63.227.250.90 - 1 packet to udp(28964) 
   From 63.248.125.224 - 1 packet to udp(28964) 
   From 64.18.172.95 - 1 packet to udp(28964) 
   From 64.18.186.202 - 1 packet to udp(28964) 
   From 64.31.231.180 - 1 packet to udp(28964) 
   From 64.33.137.251 - 1 packet to udp(28964) 
   From 64.85.243.115 - 1 packet to udp(28960) 
   From 64.85.254.203 - 1 packet to udp(29460) 
   From 64.94.160.18 - 1 packet to udp(28964) 
   From 64.121.66.126 - 11 packets to udp(29460) 
   From 64.130.137.124 - 1 packet to udp(28964) 
   From 64.134.26.32 - 1 packet to udp(29460) 
   From 64.139.99.7 - 1 packet to udp(28964) 
   From 64.180.249.14 - 1 packet to udp(28964) 
   From 64.188.184.19 - 18 packets to udp(29460) 
   From 64.251.92.50 - 6 packets to udp(28964) 
   From 65.3.128.139 - 1 packet to udp(28964) 
   From 65.4.3.108 - 2 packets to udp(29460) 
   From 65.6.203.232 - 3 packets to udp(28964) 
   From 65.23.223.141 - 2 packets to udp(29460) 
   From 65.28.245.173 - 1 packet to udp(28964) 
   From 65.29.13.0 - 6 packets to udp(28964) 
   From 65.29.129.205 - 2 packets to udp(28960) 
   From 65.30.60.166 - 3 packets to udp(29460) 
   From 65.35.115.216 - 2 packets to udp(29460) 
   From 65.65.52.87 - 3 packets to udp(29460) 
   From 65.82.224.2 - 1 packet to udp(28960) 
   From 65.102.247.141 - 1 packet to udp(28964) 
   From 65.103.2.205 - 3 packets to udp(28961,28962,29460) 
   From 65.111.172.189 - 3 packets to udp(29460) 
   From 65.189.60.55 - 4 packets to udp(29460) 
   From 65.190.181.59 - 1 packet to udp(28964) 
   From 65.191.204.151 - 1 packet to udp(28964) 
   From 65.191.213.105 - 1 packet to udp(28964) 
   From 66.8.178.43 - 3 packets to udp(29460) 
   From 66.27.107.194 - 1 packet to udp(29460) 
   From 66.38.123.23 - 1 packet to udp(28960) 
   From 66.41.31.118 - 20 packets to udp(29460) 
   From 66.55.125.108 - 7 packets to udp(28960,28961,28962,28964,29460) 
   From 66.58.179.96 - 1 packet to udp(29460) 
   From 66.68.9.233 - 2 packets to udp(28964) 
   From 66.68.66.141 - 1 packet to udp(28960) 
   From 66.75.194.182 - 1 packet to udp(28960) 
   From 66.91.231.121 - 14 packets to udp(29460) 
   From 66.108.210.27 - 5 packets to udp(28961) 
   From 66.112.181.215 - 1 packet to udp(28964) 
   From 66.130.187.50 - 1 packet to udp(28964) 
   From 66.131.40.52 - 2 packets to udp(28961,28962) 
   From 66.141.170.183 - 1 packet to udp(29460) 
   From 66.176.29.147 - 2 packets to udp(28964) 
   From 66.176.210.120 - 1 packet to udp(29460) 
   From 66.177.32.240 - 3 packets to udp(28960) 
   From 66.190.23.95 - 2 packets to udp(28964) 
   From 66.205.150.5 - 3 packets to udp(28964) 
   From 66.214.178.36 - 1 packet to udp(28964) ....................................
  

etc etc etc for hundreds of lines

repo · 11-27-2010, 04:37 AM

AFAIK, these are ports for the server of the game call of duty

Kind regards

charu · 11-27-2010, 08:29 AM

Thanks, is it possible someone who previously had the IP addresses, was running some kind of game server? i get loads of these and also a port scan literally every couple of minutes that is blocked by CSF. It seems unusual.

repo · 11-27-2010, 08:31 AM

Yes it's possible.
You could reboot the router, and try to get another IP.

Kind regards

charu · 11-27-2010, 12:05 PM

Other than the annoying entries in logwatch, is there anything bad about getting these packets sent. The port is firewalled, but before I approach the company who rent me the server and enquire about a different IP address, I just want to have an idea whether they will consider it a reasonable request to make under the circumstances.

repo · 11-27-2010, 01:49 PM

Since the ports are firewalled, it is OK
However, it will eat up your bandwith.

Kind regards