In addition to a self written gopher server [1] I also have a QOTD (Quote of the Day) server [2] accepting requests via TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). I never mentioned it as I just put it out there to really see what would happen. I will occasionally see a request go by, but over the past two weeks, some people have really been hitting it hard via UDP:
Table: Requests to the UDP QOTD server (over 1000 requests) host address requests ------------------------------ 38.21.240.153 252628 113.113.120.152 18547 148.70.95.145 11529 150.138.92.17 11400 149.248.50.17 9917 123.129.223.133 9373 222.186.49.221 8689 39.105.122.74 8261 182.150.0.73 8098 47.107.64.105 7575 101.132.44.244 5745 170.33.8.193 5566 140.249.60.227 5520 61.160.207.99 5278 47.244.154.2 5084 23.107.43.194 5067 47.101.222.141 5066 47.101.169.118 5024 47.101.68.112 4449 47.102.135.146 4325 47.75.116.41 4200 47.244.36.42 4137 104.25.221.35 3638 144.48.125.176 3440 219.234.29.229 3402 125.88.186.186 3219 47.99.152.166 3167 39.108.51.161 3166 47.101.51.117 3161 210.83.80.21 3154 47.100.96.218 3139 47.101.200.97 3137 120.79.0.221 3090 47.100.183.18 2971 39.96.31.5 2944 47.98.38.120 2758 101.132.182.251 2756 47.107.123.238 2492 139.99.16.112 2290 47.101.157.245 2258 106.14.158.7 2226 47.100.234.2 2183 47.100.201.32 2090 120.79.40.9 2047 47.100.125.115 2037 101.132.37.45 1997 120.78.5.80 1985 47.101.68.50 1950 47.96.172.52 1915 20.188.110.231 1781 106.14.137.34 1118 119.188.250.37 1095 ------------------------------ host address requests
There doesn't see to be much I can find about this, other than a potential link to XBox Live [3], but that doesn't [4] seem right [5]. It's hard to say. So to see what might be happening, I modified the QOTD program to record anything it receives via UDP. That way, I should be able to figure out if 38.21.240.153 is trying to attack something, or if it really just wants an up-to-date quotes file.
[2] https://www.ietf.org/rfc/rfc865.txt
[3] https://www.auditmypc.com/udp-port-17.asp
[4] https://support.xbox.com/en-US/xbox-360/networking/network-ports-used-xbox-live
[5] https://support.xbox.com/en-US/xbox-one/networking/network-ports-used-xbox-live