Curious log entries on DPT=17071
Last night 24 unique IP addresses all tried to 'connect' to port 17071 (using the UDP protocol) on my server within the course of a minute. Each unique IP address attempted between 9 and 18 times, giving a total of 242 attempts.
I ran `whois` on a couple of them, and it seems their origins are rather scattered around the world. The first thing that came to mind was that I had ran something like Limewire without making an exception in my firewall. That has about the same effect. But I didn't run anything at that time and sure no p2p client. Besides, it started and stopped and only took a minute.
I tried to get some info on what uses port 17071, but according to the IANA it is unassigned. I also double checked, but there's nothing running on that port on my side. At least, as far as I can tell.
Now I'm curious, what could such a sudden burst of attempts have been? If it was just one IP address it would not have concerned me much as that happens all the time (but not on that port), but these are 24 unique IP's coming from several different continents even in the course of a minute.
Two typical examples of log entries.
Jan 5 01:16:34 myserver kernel: HOSTILE_COUNTRY DROP IN=eth2 OUT= MAC=00:03:75:22:7d:64:13:1e:ca:20:12:05:08:00 SRC=96.229.xxx.xxx DST=62.108.xxx.xxx LEN=61 TOS=0x00 PREC=0x00 TTL=48 ID=63313 PROTO=UDP SPT=9345 DPT=17071 LEN=41
Jan 5 01:16:34 myserver kernel: UNMARKED_COUNTRY LOG IN=eth2 OUT= MAC=00:03:75:22:7d:64:13:1e:ca:20:12:05:08:00 SRC=75.53.xxx.xxx DST=62.108.xxx.xxx LEN=61 TOS=0x00 PREC=0x00 TTL=48 ID=63569 PROTO=UDP SPT=1345 DPT=17071 LEN=41