'[LOGS] probe to tcp:23 telnet'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       intrusions
Subject:    [LOGS] probe to tcp:23 telnet
From:       John Sage <jsage () finchhaven ! com>
Date:       2002-01-30 4:37:12
[Download RAW message or body]

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
ipchains:
Jan 29 19:42:41 greatwall snort: [1:0:0] TCP to 23 telnet {TCP}
 62.27.108.25:55399 -> 12.82.140.157:23
Jan 29 19:42:44 greatwall snort: [1:0:0] TCP to 23 telnet {TCP}
 62.27.108.25:55399 -> 12.82.140.157:23

snort:
Jan 29 19:42:41 greatwall kernel: Packet log: input DENY ppp0 PROTO=6
 62.27.108.25:55399 12.82.140.157:23 L=60 S=0x00 I=1220 F=0x4000 T=48 SYN (#64)
Jan 29 19:42:44 greatwall kernel: Packet log: input DENY ppp0 PROTO=6
 62.27.108.25:55399 12.82.140.157:23 L=60 S=0x00 I=1355 F=0x4000 T=48 SYN (#64)

p0f: (www.stearns.org/p0f/)
<Tue Jan 29 19:42:41 2002> 62.27.108.25 [17 hops]: Linux 2.2.9 - 2.2.18
 + 62.27.108.25:55399 -> 12.82.140.157:23 (timestamp: 58363688 @1012362161)
<Tue Jan 29 19:42:44 2002> 62.27.108.25 [17 hops]: Linux 2.2.9 - 2.2.18
 + 62.27.108.25:55399 -> 12.82.140.157:23 (timestamp: 58363988 @1012362164)



BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman 

% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html 

inetnum:      62.26.0.0 - 62.27.255.255
netname:      DE-NACAMAR-19991229
descr:        Nacamar Data Communications
descr:        PROVIDER Local Internet Registry
country:      DE
admin-c:      NAC1-RIPE
tech-c:       NAC1-RIPE
status:       ALLOCATED PA
notify:       guardian@nacamar.net
mnt-by:       RIPE-NCC-HM-MNT
mnt-lower:    NACAMAR-NET
mnt-routes:   NACAMAR-ROUTE
source:       RIPE 

route:        62.26.0.0/15
descr:        Tiscali
origin:       AS12312
mnt-by:       NACAMAR-ROUTE
changed:      dennis.kuchenbecker@de.tiscali.com 20011210
source:       RIPE 

route:        62.26.0.0/15
descr:        Nacamar Data Communications
origin:       AS3257
mnt-by:       NACAMAR-ROUTE
changed:      sven@nacamar.net 20000103
source:       RIPE 

role:         Domain Registration Role-Account
address:      nacamar Data Communications GmbH
address:      Robert-Bosch-Str. 32
address:      D-63303 Dreieich
address:      Germany



- John
-- 
Most people don't type their own logfiles;  but, what do I care?

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic