Friday, June 30, 2017

May be infected with Wannacry or similar: Port 445

Hosts hitting my network on port 445 in the past few minutes - may be infected by WannaCry or?

China and Vietnam

31.29.215.8

  • inetnum: 31.29.212.0 - 31.29.215.255
  • netname: CMST-ORENBURG-20130115
  • descr: Orenburg TsuS of Privolzhsky branch of CJS Komstar-Regiony
  • country: RU
  • admin-c: OMZ4-RIPE
  • tech-c: OMZ4-RIPE
  • status: ASSIGNED PA
  • mnt-by: OVERTA-MNT
  • created: 2013-01-15T06:28:42Z
  • last-modified: 2017-06-01T12:12:14Z
  • source: RIPE
  • person: Oleg M Zavalishin
  • address: 14, Karavannaya st., Orenburg
  • phone: +73532372111
  • nic-hdl: OMZ4-RIPE
  • notify: noc@itrtc.ru
  • mnt-by: OVERTA-MNT
  • created: 2013-01-15T06:21:59Z
  • last-modified: 2013-01-15T06:21:59Z
  • source: RIPE

 42.116.26.112

inetnum:42.116.16.0 - 42.116.31.255
netname:FPT-STATICIP-NET
country:vn
descr:FPT Telecom Company
descr:2nd floor FPT Building, Pham Hung Road, Cau Giay District, Hanoi
admin-c:TTH19-AP
tech-c:NOC21-AP
status:ALLOCATED NON-PORTABLE
remarks:For spamming matters, mail to abuse@fpt.vn
changed:hm-changed@vnnic.net.vn 20120809
mnt-by:MAINT-VN-FPT
mnt-irt:IRT-VNNIC-AP
source:APNIC
irt:IRT-VNNIC-AP
address:Ha Noi, VietNam
phone:+84-4-35564944
fax-no:+84-4-37821462
e-mail:hm-changed@vnnic.net.vn
abuse-mailbox:hm-changed@vnnic.net.vn
admin-c:PT174-AP
tech-c:NTTT1-AP
auth:# Filtered
mnt-by:MAINT-VN-VNNIC
changed:hm-changed@vnnic.net.vn 20101108
source:APNIC

Monday, June 26, 2017

DNS traffic, Port 53, AWS

Update: @colmmacc  was kind enough to get back to me with these comments on Twitter if you are looking for AWS DNS CIDRs:

Will look at better JSON description. In the meantime, all of Route 53 is in 205.251.192.0/19. DNS needs TCP/53 open too for large answers. We'll add more IPs to Route 53 over time too. But unlikely to ever remove.

----

Taking a look at the IP addresses my EC2 instance attempts to connect to for DNS.

Unfortunately Amazon does not publish which IP ranges are specifically for DNS on this IP ranges list which makes it hard to set specific rules for DNS in NACLs or security groups.

https://ip-ranges.amazonaws.com/ip-ranges.json

Looks like my EC2 instance attempted to connect to the following IPs. Since this is a WatchGuard Firebox Cloud some of these IPs could be related to WatchGuard however the names are not resolving to WatchGuard DNS entries. So is this AWS DNS traffic or WatchGuard DNS traffic...can explore this further but is making it a bit complicated to create network rules that only allow my instance to go to the desired DNS server.


205.251.194.62 53 ns-574.awsdns-07.net.
205.251.195.90 53 ns-858.awsdns-43.net.
85.115.52.190 53 cluster-a.mailcontrol.com.
205.251.194.153 53 ns-665.awsdns-19.net.
205.251.194.153 53 ns-665.awsdns-19.net.
205.251.197.166 53 ns-1446.awsdns-52.org.
216.69.185.47 53 ns73.domaincontrol.com.
64.95.61.5 53 dns3-1.acs.pnap.net.
103.243.111.211 53 Comtouch?? India??

What's the problem? If an instance goes to the incorrect DNS server this could pose a serious security problem. If an instance resolves a DNS name to the wrong IP address it could potentially be connecting to a rogue host due to the incorrectly resolved name. Perhaps non-AWS traffic is related to a WatchGuard service. More inspection is needed.

So what to do...it looks like the addresses with awsdns-xx in the name are in this AWS global IP range:

   {
      "ip_prefix": "205.251.192.0/19",
      "region": "GLOBAL",
      "service": "AMAZON"
    },

It looks like the service is using UDP (protocol 17).

So for now will allow egress traffic (initiated from my instance to the Internet) on port 53 to the global AWS range above on protocol 17 and ephemeral ports inbound. We'll see what happens...



Monday, June 19, 2017

Traffic between Level 3 and Amazon

Traffic seems to be lagging between Level 3 and Amazon network right now.

Long time between 10 and 16....

10  4.16.168.34 (4.16.168.34)  320.557 ms  499.070 ms  359.076 ms
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * 205.251.232.225 (205.251.232.225)  196.417 ms *

Sunday, June 18, 2017

Hosts Connecting on Undesirable Ports ~ 6/17/17

I blocked these ports in my Firebox, which has a feature to auto-block IP addresses that try to connect on undesirable ports and in just a few days I got all the hosts below attempting to connect. This could be an inadvertent mistake but likely a lot of the following IP addresses are hosts being used by attackers to carry out unwanted activities.

Ports:

111
513
514
2049
6000
6001
6002
6003
6004
6005
7100
8000
23
1433
3389
22
3390
4001
3391
119
9000
9981
445
2323
289


Hosts:

1.192.145.246
100.16.112.111 pool-100-16-112-111.bltmmd.fios.verizon.net.
100.2.50.104 pool-100-2-50-104.nycmny.fios.verizon.net.
101.88.231.170
103.196.231.201
103.207.37.180
103.207.37.20
103.207.37.99
103.207.39.149
103.208.183.62
103.214.143.61
103.22.133.11
103.235.245.6
103.236.254.99
103.27.7.127
103.42.85.110
103.56.165.45
103.79.141.248
103.79.142.31
103.79.143.148
103.89.88.181
104.168.141.6 cvps11145281478.hostwindsdns.com.
104.193.252.231 nelsonbaker.clientshostname.com.
104.236.177.18 worker-05-31-23.stretchoid.com.
106.110.142.116
106.3.45.53 undefine.inidc.com.cn.
106.37.83.232 232.83.37.106.static.bjtelecom.net.
106.75.3.80
107.223.154.132 107-223-154-132.lightspeed.jcsnms.sbcglobal.net.
108.199.166.213 108-199-166-213.lightspeed.irvnca.sbcglobal.net.
108.211.74.139 108-211-74-139.lightspeed.miamfl.sbcglobal.net.
109.124.151.223 109-124-151-223.customer.t3.se.
109.162.14.173 109-162-14-173.broadband.kyivstar.net.
109.187.153.33 h109-187-153-33.dyn.bashtel.ru.
109.247.4.162 162.109-247-4.customer.lyse.net.
109.75.39.237 host-237.39.75.109.ucom.am.
110.142.246.97 lrgilm.lnk.telstra.net.
110.179.169.119
110.53.101.47
110.86.33.173 173.33.86.110.broad.xm.fj.dynamic.163data.com.cn.
110.92.189.95
110.92.190.185
111.40.166.130
111.75.199.85
111.79.129.215
112.119.43.127 n11211943127.netvigator.com.
112.122.4.174
112.160.58.149
112.185.149.217
112.25.171.119
112.35.2.230
112.85.214.111
113.103.160.75
113.106.4.2
113.165.255.134 localhost.
113.251.220.25
113.254.224.187
113.83.240.149
114.109.150.180 cm-114-109-150-180.revip13.asianet.co.th.
114.112.69.202
114.35.45.75 114-35-45-75.HINET-IP.hinet.net.
115.157.71.229
115.159.203.28
115.161.254.127
115.211.157.140
115.85.192.40
116.106.168.95
116.11.55.0
116.228.20.66
116.255.165.88
116.255.253.135
116.30.6.224
116.36.229.87
116.72.11.65
116.97.214.225
117.11.194.195 dns195.online.tj.cn.
117.167.118.148
117.192.206.162
117.223.20.119
117.88.187.3 3.187.88.117.broad.nj.js.dynamic.163data.com.cn.
117.92.182.213 213.182.92.117.broad.lyg.js.dynamic.163data.com.cn.
118.173.154.184 node-uk8.pool-118-173.dynamic.totbb.net.
118.180.10.30
118.193.31.182
118.91.37.32
119.10.9.38
119.126.161.38
119.140.228.231
119.167.49.191
119.29.83.197
120.236.31.18 www.xyjabest.com. mail.xyjabest.com.
120.60.2.218 triband-mum-120.60.2.218.mtnl.net.in.
120.77.144.244
121.177.220.155
121.199.23.80
121.225.29.48 48.29.225.121.broad.nj.js.dynamic.163data.com.cn.
121.227.142.203 203.142.227.121.broad.sz.js.dynamic.163data.com.cn.
121.234.245.244 244.245.234.121.broad.sq.js.dynamic.163data.com.cn.
121.238.167.165
121.254.204.8
122.114.215.35
122.114.217.101
122.114.217.199
122.114.235.235
122.114.241.238
122.114.248.59
122.114.34.91
122.116.197.101 122-116-197-101.HINET-IP.hinet.net.
122.121.190.76 122-121-190-76.dynamic-ip.hinet.net.
122.129.75.46 122-129-75-46.brain.net.pk.
122.167.100.0
122.191.218.90
122.193.35.165
122.235.180.50
122.7.71.187 187.71.7.122.broad.zz.sd.dynamic.163data.com.cn.
123.108.187.212
123.108.191.32
123.201.57.182 182-57-201-123.static.youbroadband.in.
123.207.109.42
123.207.110.50
123.207.153.163
123.207.179.161
123.207.184.228
123.207.24.234
123.207.243.233
123.207.93.125
123.207.98.112
123.238.66.161
123.241.7.90 123-241-7-90.cctv.dynamic.tbcnet.net.tw.
123.249.35.42
123.249.76.25
123.96.46.146 146.46.96.123.broad.zs.zj.dynamic.163data.com.cn.
124.117.189.12
124.120.17.31 ppp-124-120-17-31.revip2.asianet.co.th.
124.133.2.41
124.170.176.156 124-170-176-156.dyn.iinet.net.au.
124.205.10.130
124.244.51.254 124244051254.ctinets.com.
124.253.19.28
125.227.174.19 125-227-174-19.HINET-IP.hinet.net.
125.82.212.48
130.204.41.91 unknown.interbgc.com.
139.159.210.208
139.162.120.98 li1604-98.members.linode.com.
139.162.88.20 li1568-20.members.linode.com.
139.170.221.110
14.148.137.26
14.153.196.30
140.206.77.100
142.196.136.59 142-196-136-59.res.bhn.net.
143.137.44.45 143.137.44.45.hopnet.com.br.
147.0.105.110 rrcs-147-0-105-110.central.biz.rr.com.
148.255.35.21 21.35.255.148.d.dyn.claro.net.do.
151.40.162.149 adsl-ull-149-162.40-151.wind.it.
152.249.240.160 152-249-240-160.user.vivozap.com.br.
153.136.173.168 p1326168-ipngn201005tokaisakaetozai.aichi.ocn.ne.jp.
156.204.191.230 host-156.204.230.191-static.tedata.net.
162.144.83.30 amazipress.com.
163.177.14.155
164.52.7.130
167.0.242.167
171.249.159.203
171.251.64.75
173.172.1.23 cpe-173-172-1-23.tx.res.rr.com.
173.70.42.96 pool-173-70-42-96.nwrknj.fios.verizon.net.
173.72.117.201 pool-173-72-117-201.cmdnnj.fios.verizon.net.
175.100.89.206
175.118.197.32
175.174.137.197
176.49.51.195 b-internet.176.49.51.195.nsk.rt.ru.
176.58.236.123 adsl-123.176.58.236.tellas.gr.
177.140.17.32 b18c1120.virtua.com.br.
177.177.50.177 177-177-50-177.user.veloxzone.com.br.
177.182.119.20 b1b67714.virtua.com.br.
177.227.132.165 customer-QRO-132-165.megared.net.mx.
177.38.98.82 177-38-98-82.netway.psi.br.
177.81.203.28 b151cb1c.virtua.com.br.
177.82.150.20 b1529614.virtua.com.br.
177.85.37.219 219-37-85-177.customer.vialivre-msp.com.br.
177.96.0.24 177.96.0.24.dynamic.adsl.gvt.net.br.
178.157.242.172
178.239.219.160
178.46.56.232
179.159.144.171 b39f90ab.virtua.com.br.
179.187.241.66 179.187.241.66.dynamic.adsl.gvt.net.br.
179.215.45.252 b3d72dfc.virtua.com.br.
179.37.54.127 179-37-54-127.speedy.com.ar.
180.103.196.179
180.104.108.230
180.110.210.42
180.151.248.139 180.151.248.139.reverse.spectranet.in.
180.169.44.219
180.174.154.224
180.212.46.94
180.254.181.124
181.113.169.57 57.169.113.181.static.pichincha.andinanet.net.
181.122.148.251 pool-251-148-122-181.telecel.com.py.
181.168.188.39 39-188-168-181.fibertel.com.ar.
181.168.228.39 39-228-168-181.fibertel.com.ar.
181.196.213.167 167.213.196.181.static.pichincha.andinanet.net.
181.196.81.8 8.81.196.181.static.pichincha.andinanet.net.
181.21.141.232 181-21-141-232.speedy.com.ar.
181.211.143.14 14.143.211.181.static.pichincha.andinanet.net.
181.211.183.244 244.183.211.181.static.pichincha.andinanet.net.
181.27.165.77 181-27-165-77.speedy.com.ar.
181.27.205.86 181-27-205-86.speedy.com.ar.
182.18.22.44
182.19.205.119
182.61.26.88
183.104.106.164
183.136.213.116
183.141.143.105
183.142.196.57
183.206.8.206 206.8.206.183.static.js.chinamobile.com.
183.31.9.35
183.93.157.17
183.99.26.229
184.105.139.88 88.64-26.139.105.184.in-addr.arpa. scan-02e.shadowserver.org.
184.105.139.93 93.64-26.139.105.184.in-addr.arpa. scan-03e.shadowserver.org.
184.68.103.222
185.169.230.69 ; <<>> DiG 9.8.3-P1 <<>> -x 185.169.230.69 +short ;; global options: +cmd ;; connection timed out; no servers could be reached
185.173.146.3 185-173-146-3.smartnet.md.
185.22.136.214 136amplus214.amplus.net.pl.
185.35.62.216
185.94.111.1
186.134.6.140 186-134-6-140.speedy.com.ar.
186.146.61.117 static-ip-18614661117.cable.net.co.
186.207.7.30 bacf071e.virtua.com.br.
186.210.224.57 186-210-224-57.xd-dynamic.algarnetsuper.com.br.
186.47.220.64 64.220.47.186.static.pichincha.andinanet.net.
186.58.154.161 186-58-154-161.speedy.com.ar.
186.62.161.204 186-62-161-204.speedy.com.ar.
186.93.84.156 186-93-84-156.genericrev.cantv.net.
187.10.119.132 187-10-119-132.dsl.telesp.net.br.
187.136.167.235 dsl-187-136-167-235-dyn.prod-infinitum.com.mx.
187.190.53.190 fixed-187-190-53-190.totalplay.net.
187.214.5.92 dsl-187-214-5-92-dyn.prod-infinitum.com.mx.
187.72.252.40
188.115.186.217 188-115-186-217.broadband.tenet.odessa.ua.
188.16.112.104
188.16.112.40
188.16.28.171
188.19.57.2
188.53.60.77
188.85.120.63 static-63-120-85-188.ipcom.comunitel.net.
189.100.0.182 bd6400b6.virtua.com.br.
189.160.120.1 dsl-189-160-120-1-dyn.prod-infinitum.com.mx.
189.232.196.215 dsl-189-232-196-215-dyn.prod-infinitum.com.mx.
189.253.139.179 dsl-189-253-139-179-dyn.prod-infinitum.com.mx.
190.152.107.168
190.177.36.118 190-177-36-118.speedy.com.ar.
190.177.52.153 190-177-52-153.speedy.com.ar.
190.236.211.22
190.50.214.84 190-50-214-84.speedy.com.ar.
190.51.85.55 190-51-85-55.speedy.com.ar.
190.61.31.105 105.31.61.190.static.host.ifxnetworks.com.
190.66.105.22
191.178.23.217 bfb217d9.virtua.com.br.
191.248.108.178 191.248.108.178.dynamic.adsl.gvt.net.br.
191.43.26.234
191.81.154.123 191-81-154-123.speedy.com.ar.
191.83.65.212 191-83-65-212.speedy.com.ar.
192.114.66.213 bzq-114-66-213.cust.bezeqint.net.
193.232.171.45
195.154.71.193 195-154-71-193.rev.poneytelecom.eu.
195.31.219.17 host17-219-static.31-195-b.business.telecomitalia.it.
196.218.185.46 host-196.218.185.46-static.tedata.net.
199.192.205.162 ns9.openmindcreations.com.
2.139.234.44 44.red-2-139-234.staticip.rima-tde.net.
2.235.212.64 2-235-212-64.ip230.fastwebnet.it.
201.177.130.142 201-177-130-142.speedy.com.ar.
201.178.151.29 201-178-151-29.speedy.com.ar.
201.178.47.80 201-178-47-80.speedy.com.ar.
201.254.2.135 201-254-2-135.speedy.com.ar.
201.29.203.101 201-29-203-101.user.veloxzone.com.br.
201.52.88.148 c9345894.virtua.com.br.
202.100.179.141
202.116.65.42 lifescience.sysu.edu.cn.
202.38.84.37
202.71.4.192 dynamic-202.71.4.192.RK-Infratel.com.
202.91.239.252
203.154.91.162 203-154-91-162.inter.net.th.
203.195.130.151
203.195.147.204
203.195.161.108
203.195.168.43
203.195.171.168
203.195.199.83
203.195.235.148
203.221.31.19 203-221-031-19.tpgi.com.au.
204.12.206.234
208.100.26.228 ip228.208-100-26.static.steadfastdns.net.
208.66.25.99 25.66.208.web-pass.com.
210.201.90.92 210-201-90-92.static.apol.com.tw.
211.139.70.121
211.149.231.245
211.156.231.44
211.197.103.116
212.83.144.193 212-83-144-193.rev.poneytelecom.eu.
213.128.65.250 e34.gostiva.com.
213.195.146.176 213-195-146-176.static.ip.netia.com.pl.
213.32.7.73 ns3057609.ip-213-32-7.eu.
213.5.53.62 host-213-5-53-62.teleconnect.ru.
216.170.116.105
216.218.206.123 123.64-26.206.218.216.in-addr.arpa. scan-06n.shadowserver.org.
216.67.183.118 RVTNWYQCORTR1-FE0-0-118.HICAP.WYOMING.NET.
216.8.220.108 216.8.220.108.etczone.com.
217.114.210.185 h-217.114.210.185.keyweb.de.
217.197.240.117
218.109.166.225
218.2.197.240
218.206.167.50
218.206.240.53
218.57.48.12
218.6.173.43
218.61.148.22
218.88.245.200 200.245.88.218.broad.bz.sc.dynamic.163data.com.cn.
218.94.198.6
219.137.49.236 236.49.137.219.broad.gz.gd.dynamic.163data.com.cn.
219.154.181.11 hn.kd.jz.adsl.
219.222.65.172
219.234.135.113
219.255.132.92
219.84.169.97 219-84-169-97.static.so-net.net.tw.
220.178.71.156
220.85.169.58
221.1.19.20
221.13.0.198
221.156.145.216
221.176.153.147
221.194.44.240
221.224.163.242
221.230.38.172
222.118.228.237
222.132.52.195
222.175.38.164
222.186.3.229
222.186.34.48
222.186.50.76
222.34.133.25
222.73.136.134
222.77.27.203 203.27.77.222.broad.qz.fj.dynamic.163data.com.cn.
222.82.31.95
222.92.183.234
222.94.42.238
222.96.190.71
223.65.36.160 160.36.65.223.static.js.chinamobile.com.
223.66.106.58 58.106.66.223.static.js.chinamobile.com.
223.81.193.121
223.84.128.17
23.118.116.128 23-118-116-128.lightspeed.mmphtn.sbcglobal.net.
23.254.201.51 hwvps162940.hostwindsdns.com.
24.193.7.236 cpe-24-193-7-236.nyc.res.rr.com.
24.217.109.233 24-217-109-233.dhcp.stls.mo.charter.com.
24.232.215.7 OL7-215.fibertel.com.ar.
24.35.131.108 24-35-131-108.fidnet.com.
27.118.28.244
27.225.70.32
27.49.208.7
27.78.211.112 localhost.
31.162.173.195
31.162.36.109
31.168.159.231 bzq-159-168-31-231.red.bezeqint.net.
31.192.187.127 127.187-192-31.telenet.ru.
31.204.108.84
31.41.228.216 31.41.228.216.sunnet.net.ru.
31.42.57.2 2-57-42-31.merlin.ua.
36.111.203.145
37.115.106.205 37-115-106-205.broadband.kyivstar.net.
37.229.250.144 37-229-250-144.broadband.kyivstar.net.
37.61.219.117
39.108.12.215
41.135.120.36 41-135-120-36.dsl.mweb.co.za.
41.226.255.94
42.51.193.10 htuidc.bgp.ip.
42.51.203.21 htuidc.bgp.ip.
42.95.163.115
43.243.128.21
43.243.213.172
45.55.0.10 worker-05-31-33.stretchoid.com.
45.55.6.104 worker-05-31-80.stretchoid.com.
46.185.163.8 46.185.x.8.go.com.jo.
46.209.192.115
46.235.80.106
46.236.109.197 46-236-109-197.customer.t3.se.
46.236.91.20 46-236-91-20.customer.t3.se.
46.237.82.223 46-237-82-223.pz.ddns.bulsat.com.
46.36.64.78
46.38.160.7 ihlondon.com.
46.98.185.137 137.185.dyn.PPPoE.fregat.ua.
47.156.138.212
47.199.10.154
49.204.135.244 broadband.actcorp.in.
49.205.149.246 broadband.actcorp.in.
49.205.159.96 broadband.actcorp.in.
49.205.197.88 broadband.actcorp.in.
49.206.249.43 broadband.actcorp.in.
49.64.243.195
5.140.149.151
5.206.182.5 apn-5-206-182-5.vodafone.hu.
5.8.48.13
5.8.49.21
50.173.255.252 c-50-173-255-252.hsd1.ca.comcast.net.
50.198.226.168 50-198-226-168-static.hfc.comcastbusiness.net.
50.32.148.148
52.173.199.53
54.174.161.76 ec2-54-174-161-76.compute-1.amazonaws.com.
58.164.2.163 CPE-58-164-2-163.lnse5.ken.bigpond.net.au.
58.213.31.142
58.214.91.111
58.221.237.158
58.245.198.159 159.198.245.58.adsl-pool.jlccptt.net.cn.
58.251.76.195 reverse.gdsz.cncnet.net.
58.63.245.131
59.111.96.16
59.125.45.24 59-125-45-24.HINET-IP.hinet.net.
59.126.193.244 59-126-193-244.HINET-IP.hinet.net.
59.126.7.2 59-126-7-2.HINET-IP.hinet.net.
59.127.34.163 59-127-34-163.HINET-IP.hinet.net.
59.38.212.130 130.212.38.59.broad.fs.gd.dynamic.163data.com.cn.
59.46.0.79 79.0.46.59.broad.sy.ln.dynamic.163data.com.cn.
59.63.188.2
59.72.29.161
60.10.194.20
60.168.51.109
60.191.38.78
60.195.250.65
60.231.125.226 CPE-60-231-125-226.lns5.cha.bigpond.net.au.
60.250.133.224 60-250-133-224.HINET-IP.hinet.net.
61.129.70.243 ; <<>> DiG 9.8.3-P1 <<>> -x 61.129.70.243 +short ;; global options: +cmd ;; connection timed out; no servers could be reached
61.136.70.164 164.70.136.61.ha.cnc.
61.139.124.136
61.14.208.44
61.152.154.115
61.155.106.222
61.160.254.19
61.182.57.141
61.216.64.116 61-216-64-116.HINET-IP.hinet.net.
61.222.213.190 61-222-213-190.HINET-IP.hinet.net.
61.228.116.198 61-228-116-198.dynamic-ip.hinet.net.
61.92.253.62 061092253062.ctinets.com.
62.210.189.248 62-210-189-248.rev.poneytelecom.eu.
62.210.28.227 62-210-28-227.rev.poneytelecom.eu.
62.217.223.149
68.109.127.119 ip68-109-127-119.ri.ri.cox.net.
68.191.217.198 68-191-217-198.static.dntn.tx.charter.com.
68.196.241.26 ool-44c4f11a.dyn.optonline.net.
68.228.153.209 ip68-228-153-209.ri.ri.cox.net.
69.121.55.154 ool-4579379a.dyn.optonline.net.
69.69.131.196 fl-69-69-131-196.sta.embarqhsd.net.
70.127.62.161 70-127-62-161.res.bhn.net.
72.251.243.206
72.252.231.225
73.168.31.143 c-73-168-31-143.hsd1.il.comcast.net.
74.109.20.225 pool-74-109-20-225.phlapa.fios.verizon.net.
74.130.109.201 cpe-74-130-109-201.kya.res.rr.com.
74.3.187.36
74.66.66.58 cpe-74-66-66-58.nyc.res.rr.com.
74.90.49.147 ool-4a5a3193.dyn.optonline.net.
76.169.21.67 cpe-76-169-21-67.socal.res.rr.com.
76.218.9.49 76-218-9-49.lightspeed.sntcca.sbcglobal.net.
76.72.204.95
77.234.17.75 pppoe-77-234-17-75.kosnet.ru.
77.77.77.5
78.131.198.98 78-131-198-98.tktelekom.pl.
78.138.117.2 v23460.domainxyz.de.
78.172.227.154 78.172.227.154.dynamic.ttnet.com.tr.
78.187.2.40 78.187.2.40.dynamic.ttnet.com.tr.
78.42.67.247 HSI-KBW-078-042-067-247.hsi3.kabel-badenwuerttemberg.de.
80.229.158.93 jwilson1999.plus.com.
80.82.70.26 vicnovo7x026.securolytics.io.
81.10.121.169 host-81.10.121.169.tedata.net.
81.198.179.140
81.214.125.151 81.214.125.151.dynamic.ttnet.com.tr.
82.102.8.244 h82-102-8-244.host.redstation.co.uk.
82.142.77.154 154.77.142.82.static.b26.cz.
83.209.255.17 h83-209-255-17.cust.se.alltele.net.
84.109.38.78 bzq-84-109-38-78.cablep.bezeqint.net. bzq-84-109-38-78.red.bezeqint.net.
84.47.157.46
85.102.10.131 85.102.10.131.dynamic.ttnet.com.tr.
85.11.23.113 85-11-23-113.mariedal.ac.
85.157.25.6 z6.ip1.netikka.fi.
85.96.183.219 85.96.183.219.dynamic.ttnet.com.tr.
86.122.192.80 static-86.122.192.80.targujiu.rdsnet.ro.
86.124.84.158 client.rdsnet.ro.
86.35.26.109
86.6.124.90 cpc81826-swin19-2-0-cust89.3-1.cable.virginm.net.
87.119.65.98 87.119.65.98.client.entry.bg.
88.150.253.145 h88-150-253-145.host.redstation.co.uk.
88.247.42.225 88.247.42.225.dynamic.ttnet.com.tr.
88.97.99.195 88-97-99-195.dsl.in-addr.zen.co.uk.
88.98.90.19 88-98-90-19.dsl.in-addr.zen.co.uk.
90.151.129.24
91.148.72.107 107-72-148-91.bsbnet.net.
91.197.220.110
91.197.233.11
91.197.234.40
91.197.234.79
91.23.93.56 p5B175D38.dip0.t-ipconnect.de.
91.230.47.4
91.84.11.235
91.93.61.128 host-91-93-61-128.reverse.superonline.net.
92.112.121.191 191-121-112-92.pool.ukrtel.net.
92.252.242.166
92.72.30.157 dslb-092-072-030-157.092.072.pools.vodafone-ip.de.
93.153.41.222 93-153-41-222.tmcz.cz.
94.22.139.255 c511.ip16.netikka.fi.
94.249.127.4
94.254.8.204 h-8-204.A268.priv.bahnhof.se.
95.6.45.48 95.6.45.48.static.ttnet.com.tr.
95.76.229.16
95.86.142.44 host-95-86-142-44.smart.az.
96.126.13.216
96.83.210.123 96-83-210-123-static.hfc.comcastbusiness.net.
96.84.27.206 96-84-27-206-static.hfc.comcastbusiness.net.
96.86.100.14 96-86-100-14-static.hfc.comcastbusiness.net.
96.87.122.123 96-87-122-123-static.hfc.comcastbusiness.net.
96.90.33.42 96-90-33-42-static.hfc.comcastbusiness.net.

Tuesday, June 13, 2017

Home IOT Ports ~ Echo, Apple and Interesting

Amazon Echo - so she can "understand" you:
33434 UDP
23.20.0.0-23.23.255.255

Apple Push Notifications
Ports listed on this page:
https://support.apple.com/en-us/HT203609
2195 TCP
2196 TCP
5223 TCP
Fall back if can't reach 5223  TCP
17.0.0.0-17.255.255

Google Play

I have read on various unofficial and not super clear web sites that the following ports are required for Google Play

5228-5223 TCP

I don't use Google Play and the odd thing is that traffic for this port is attempting to go out on my network to an Amazon IP. Is this something Amazonian or something trying to get out of my network using same ports as Google Play?

54.241.171.202