Monday, 24 August 2009

Facebook port scans

Looking through my router logs:

20:23:52 23 Aug IDS scan parser : tcp port scan: 69.63.176.190 scanned at least 10 ports at x.y.z.a. (1 of 1) : 69.63.176.190 x.y.z.a 0040 TCP 80->64876 [..AR..] seq 105673427 ack 753172620 win 0

tng@withnail:~$ host 69.63.176.190
190.176.63.69.in-addr.arpa domain name pointer channel30.01.05.sf2p.facebook.com.

A rogue app "tag photos" that one of my friends had installed might well have been the culprit. I got a mail saying I was tagged and of course refused the app install. The app was later reporting that it had been banned by facebook admins. Still, someone @facebook.com ran a port scan on my system.

Be careful out there.

1 comment:

facebookhackedme said...

Sep 25 05:56:38 home.gateway:firewall:info: 306997.994 Intrusion TCP FIN scan(17) -- 69.171.234.21 > myipaddress:36404


Country: United States
Region: California
City: Palo Alto
Postal Code: 94304
Latitude/Longitude: 37.376202 / -122.182602
ISP: "Facebook"
Organization: "Facebook"
Host Name: www-slb-10-08-prn1.facebook.com

IP address is numbered 69.171.234.21. The country of this IP address activation is United States, and it is registered in Palo Alto, California. IP Country code is US. IP address is assigned to "Facebook". In organization "Facebook". It is also assigned to a hostname www-slb-10-08-prn1.facebook.com. IP address latitude is 37.376202 and longitude is -122.182602. Postal code of this IP is 94304 and area code is 650.