[LAN access from remote] over 80 diffrent IP Addresses logged. Why ?

[mozat]

On Oct-19-2016 Wednesday, I dont know what allowed this to happen but Every IP address wanted to access a local LAN connected PC or Laptop 192.168.1.9:21332 and only that port was used. Below is a small portion of my log,

[table="width: 800, class: outer_border, align: center"]
[tr]
[td][LAN access from remote] from 61.164.59.138:43283 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:32
[LAN access from remote] from 183.30.87.92:7146 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:31
[LAN access from remote] from 59.172.176.238:34892 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:31
[LAN access from remote] from 113.120.101.151:28312 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:29
[LAN access from remote] from 24.70.152.120:8784 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:28
[LAN access from remote] from 220.177.86.135:25371 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:28
[LAN access from remote] from 36.62.49.83:5273 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:28
[LAN access from remote] from 180.152.29.116:1587 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:26
[LAN access from remote] from 49.71.195.110:19427 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:26
[LAN access from remote] from 41.93.40.2:35330 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:26
[LAN access from remote] from 113.241.28.58:5130 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:26
[LAN access from remote] from 71.88.225.104:33427 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:24
[LAN access from remote] from 114.24.30.180:21732 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:23
[LAN access from remote] from 182.117.199.204:8341 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:23
[LAN access from remote] from 49.83.203.155:35927 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:23
[LAN access from remote] from 78.92.112.77:17275 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:22
[LAN access from remote] from 116.235.65.209:8688 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:22
[LAN access from remote] from 113.228.76.164:9783 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:20
[LAN access from remote] from 125.126.228.145:10638 to 192.168.1.9:21332, Wednesday, Oct 19,2016 11:39:20[/td]
[/tr]
[/table]

Can Someone Please tell me how that could have happen. I ruled out the PCs I have set Static IPs to. But why that port and could it have been a webpage that allowed this. See Im hate AntiVirus programs I love Linux but Windows I need for more of a development platform and design. I do use VM BOXES perhaps that could have been it or something I was testing on the Pi, or my Q1 Master Leelbox.... If someone has any idea as to what that port could have been and what vulnerability was manipulated ?

[Philip]

There are no specific applications I am aware of that listen to port 21332. Given the fact that you don't know what was running, and that those all seem chinese IPs, someone was either trying to break in or was actually connected to some potentially malicious service on that port on your LAN PC. I would run anti-virus scan, Malwarebytes, Adwcleaner, etc. I would also try to find out what specific service is listening on that port using the netstat command both for Linux or Windows. Here is the syntax for Windows: http://www.speedguide.net/faq/how-can-i ... -on-my-115

[Vadi]

how many PCs in your lan?