cancel
Showing results for 
Search instead for 
Did you mean: 

Fake IP UDP port scan

N/A

Fake IP UDP port scan

UDP 206.192.151.176:9599,195.166.131.51:1027



IP / Range not recognised by any whois db. a tracert fails at the 2nd hop.

I've never seen such a thing before - is it used in purely autonomous scans?
2 REPLIES
N/A

Fake IP UDP port scan

It could be a dynamic IP address, so it'll only be traceable for as long as the person was on-line.

What prompted you to trace this IP address? an attack on your FW?
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Fake IP UDP port scan

206.192.151.176 is untraceable but 195.166.131.51 is a plusnet dialup user (i'm guessing this is the destination IP i.e. you!):

inetnum:      195.166.131.0 - 195.166.131.255

netname: PLUSNET-DIAL-FRIACO
descr: FRIACO Dial-up pool
descr: PlusNet Technologies Ltd
country: GB
admin-c: PLUS1-RIPE
tech-c: PNET2-RIPE
status: ASSIGNED PA
notify: ripe-admin@plus.net
mnt-by: MAINT-AS6871
changed: bohara@plus.net 20030929
source: RIPE

route: 195.166.128.0/19
descr: Plusnet Technologies Ltd
origin: AS6871
mnt-by: MAINT-AS6871
changed: bohara@plus.net 20030909
source: RIPE


I don't know if the source is a plusnet IP, only PlusNet can confirm this. If it is, and you are getting scanned, report it to abuse@plus.net with example firewall logs.