Right before I go to bed, after I turn the lights off in my office, I look back into the darkened room – only to see what looks like a miniature airport. Everywhere you look there are tiny lights. Some are steady. Some blink. Some used to be steady but now blink or quiver with age.
Why are they all there? Why does every new piece of electronic equipment seem to need a light?
Most are dumb. They’re saying, “Hey, I’m plugged in” and nothing more. Some, like the light connected to the charging circuit on my camcorder, blink according to how close to fully charged the battery is.
My cable modem has five lights. One, the test light, is never on. I don’t know how to test the test light. It might be burned out. How would I know? Three others, Power, Cable and PC, remain lit ’round the clock. The data light blinks incessantly as computers from around the world attempt to connect to my computers.
That’s not a good thing.
The blinking data light is chronicling the computer equivalent of walking down the block, stopping at every door and jiggling the doorknob to see if it’s unlocked.
The router between my cable modem and computer acts as a defacto firewall, keeping the miscreants out, so this blinking doesn’t mean someone’s hurting me. Still, I know what some of them are trying to accomplish by looking in the log the router keeps.
It used to take a few days to fill the log. Now, it’s full in a few hours. Here’s a sample:
Thursday, December 18, 2003 9:01:42 PM Unrecognized access from 82.82.167.36:2219 to TCP port 1433
Thursday, December 18, 2003 9:01:45 PM Unrecognized access from 82.82.167.36:2219 to TCP port 1433
Thursday, December 18, 2003 9:02:00 PM Unrecognized access from 168.158.192.243:1115 to UDP port 1434
Thursday, December 18, 2003 9:03:17 PM Unrecognized access from 64.156.39.12:666 to UDP port 1026
Thursday, December 18, 2003 9:32:05 PM Unrecognized access from 68.63.66.150:4625 to TCP port 80
Thursday, December 18, 2003 9:32:08 PM Unrecognized access from 68.63.66.150:4625 to TCP port 80
Thursday, December 18, 2003 9:44:50 PM Unrecognized access from 67.26.94.85:2911 to TCP port 17300
Thursday, December 18, 2003 9:57:23 PM Unrecognized access from 67.201.162.153:2771 to TCP port 17300
Thursday, December 18, 2003 10:12:22 PM Unrecognized access from 82.139.65.182:55765 to TCP port 17300
Thursday, December 18, 2003 10:39:02 PM Unrecognized access from 203.40.196.206:1239 to UDP port 1434
Thursday, December 18, 2003 10:49:17 PM Unrecognized access from 68.63.64.108:3380 to TCP port 80
Thursday, December 18, 2003 10:49:20 PM Unrecognized access from 68.63.64.108:3380 to TCP port 80
Thursday, December 18, 2003 10:52:46 PM Unrecognized access from 208.30.189.21:4436 to TCP port 80
Thursday, December 18, 2003 10:52:49 PM Unrecognized access from 208.30.189.21:4436 to TCP port 80
Friday, December 19, 2003 12:03:32 AM Unrecognized access from 68.63.64.108:4846 to TCP port 80
Friday, December 19, 2003 12:03:35 AM Unrecognized access from 68.63.64.108:4846 to TCP port 80
Friday, December 19, 2003 12:05:17 AM Unrecognized access from 12.231.175.190:3764 to TCP port 17300
Friday, December 19, 2003 12:31:32 AM Unrecognized access from 68.63.64.108:3089 to TCP port 80
Friday, December 19, 2003 12:31:35 AM Unrecognized access from 68.63.64.108:3089 to TCP port 80
Friday, December 19, 2003 12:48:44 AM Unrecognized access from 202.103.172.45:59355 to UDP port 1026
Friday, December 19, 2003 12:56:01 AM Unrecognized access from 68.63.64.108:3359 to TCP port 80
Friday, December 19, 2003 12:56:04 AM Unrecognized access from 68.63.64.108:3359 to TCP port 80
Friday, December 19, 2003 12:57:24 AM Unrecognized access from 210.75.208.22:39452 to TCP port 443
Friday, December 19, 2003 12:57:27 AM Unrecognized access from 210.75.208.22:39452 to TCP port 443
Friday, December 19, 2003 12:57:33 AM Unrecognized access from 210.75.208.22:39452 to TCP port 443
Friday, December 19, 2003 1:26:37 AM Unrecognized access from 203.30.181.253:2136 to TCP port 4899
Friday, December 19, 2003 1:27:04 AM Unrecognized access from 68.63.64.108:4153 to TCP port 80
Friday, December 19, 2003 1:30:02 AM Unrecognized access from 67.120.13.53:3296 to TCP port 4000
Friday, December 19, 2003 1:30:04 AM Unrecognized access from 67.120.13.53:3296 to TCP port 4000
Friday, December 19, 2003 1:40:25 AM 192.168.123.101 login successful
Friday, December 19, 2003 1:44:11 AM Unrecognized access from 130.13.127.64:3788 to TCP port 17300
Friday, December 19, 2003 1:44:22 AM Unrecognized access from 66.169.181.90:1030 to TCP port 27347
Friday, December 19, 2003 1:47:39 AM Unrecognized access from 221.6.135.154:1097 to UDP port 1434
Friday, December 19, 2003 1:49:30 AM Unrecognized access from 68.63.64.108:2594 to TCP port 80
Friday, December 19, 2003 1:49:32 AM Unrecognized access from 68.63.64.108:2594 to TCP port 80
Friday, December 19, 2003 1:51:12 AM Unrecognized access from 67.119.218.75:4868 to TCP port 901
Friday, December 19, 2003 1:51:15 AM Unrecognized access from 67.119.218.75:4868 to TCP port 901
What does it all mean? Let’s take the first entry.
Thursday, December 18, 2003 8:19:35 PM Unrecognized access from 68.163.201.167:3102 to TCP port 17300
It comes from:
Honda Pen Motorcycles
268 Bush St #5000
San Francisco, CA, 94104
US
I have no idea who Honda Pen Motorcycles is, but they’re assigned 8 Internet addresses, including 68.163.201.167. The addresses are, in turn, controlled by a subsidiary of their local phone company:
Pac Bell Internet Services
208 Bush St. #5000
San Ramon, CA, 94104
US
When Honda Pen Motorcycles’ computer tried to contact mine, they’re probing port 17300. That implies that one of the computers at Honda Pen Motorcycles is infected with the Kuang2 virus. In all likelihood, it’s wandering around the Internet, checking for other infected machines, or machines susceptible to being infected. The folks at the Honda dealership have no clue this is going on, or if they do, don’t know how to stop it.
Thanks guys!
Most of the activity causing my data light to blink doesn’t even show up in the log. Little of it is data I asked for. Less is there for my benefit.
There are dozens of little lights in this room. Some, like the blinking light on my desk phone, I disregard. In fact, I disregard most of them. They’re mostly telling me that appliances without on/off switches are plugged in.
All of these together probably don’t draw as much power as a night light. Still, in the aggregate, all these little lights in homes and offices are causing power plants to burn a little more coal or oil.
However, in their defense, my darkened room look very high tech.