[prev in list] [next in list] [prev in thread] [next in thread]
List: intrusions
Subject: [LOGS] tcp:27374 subseven probe
From: John Sage <jsage () finchhaven ! com>
Date: 2002-01-30 7:00:54
[Download RAW message or body]
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
snort:
Jan 29 17:34:16 greatwall snort: [1:0:0] TCP to 27374 SubSeven {TCP}
211.169.151.105:2334 -> 12.82.140.157:27374
Jan 29 17:34:37 greatwall last message repeated 3 times
ipchains:
Jan 29 17:34:16 greatwall kernel: Packet log: input DENY ppp0 PROTO=6
211.169.151.105:2334 12.82.140.157:27374
L=48 S=0x00 I=52423 F=0x4000 T=107 SYN (#64)
Jan 29 17:34:19 greatwall kernel: Packet log: input DENY ppp0 PROTO=6
211.169.151.105:2334 12.82.140.157:27374
L=48 S=0x00 I=59591 F=0x4000 T=107 SYN (#64)
Jan 29 17:34:25 greatwall kernel: Packet log: input DENY ppp0 PROTO=6
211.169.151.105:2334 12.82.140.157:27374
L=48 S=0x00 I=9672 F=0x4000 T=107 SYN (#64)
Jan 29 17:34:37 greatwall kernel: Packet log: input DENY ppp0 PROTO=6
211.169.151.105:2334 12.82.140.157:27374
L=48 S=0x00 I=44744 F=0x4000 T=107 SYN (#64)
p0f: (www.stearns.org/p0f/)
<Tue Jan 29 17:34:16 2002> 211.169.151.105 [22 hops]: Windows 9x (1)
+ 211.169.151.105:2334 -> 12.82.140.157:27374
<Tue Jan 29 17:34:19 2002> 211.169.151.105 [22 hops]: Windows 9x (1)
+ 211.169.151.105:2334 -> 12.82.140.157:27374
<Tue Jan 29 17:34:25 2002> 211.169.151.105 [22 hops]: Windows 9x (1)
+ 211.169.151.105:2334 -> 12.82.140.157:27374
<Tue Jan 29 17:34:37 2002> 211.169.151.105 [22 hops]: Windows 9x (1)
+ 211.169.151.105:2334 -> 12.82.140.157:27374
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
Request: 211.169.151.105
connecting to whois.arin.net [192.149.252.34:43] ...
connecting to WHOIS.APNIC.NET [202.12.29.13:43] ...
% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html
% (whois6.apnic.net)
inetnum: 211.168.0.0 - 211.171.255.255
netname: KRNIC-KR
descr: KRNIC
descr: Korea Network Information Center
country: KR
admin-c: HM127-AP
tech-c: HM127-AP
remarks: ******************************************
remarks: KRNIC is the National Internet Registry
remarks: in Korea under APNIC. If you would like to
remarks: find assignment information in detail
remarks: please refer to the KRNIC Whois DB
remarks: http://whois.nic.or.kr/english/index.html
remarks: ******************************************
# ENGLISH
IP Address : 211.169.151.64-211.169.151.127
Network Name : GGPCROOM49398D
Connect ISP Name : BORANET
Connect Date : 20000710
Registration Date : 20000719
[ Organization Information ]
Orgnization ID : ORG130758
Org Name : GG PC Room
State : KYONGGI
Address : Hyundaei Multi Town 450-8
Zip Code : 422-040
[ Admin Contact Information]
Name : Jawon Lee
Org Name : GG PC Room
State : KYONGGI
Address : Hyundaei Multi Town 450-8 Songnae-dong Sosa-gu Bucheon-shi
Zip Code : 422-040
Phone : +82-16-385-5622
E-Mail : b0049398@users.bora.net
[ Technical Contact Information ]
Name : Jawon Lee
Org Name : GG PC Room
State : KYONGGI
Address : Hyundaei Multi Town 450-8 Songnae-dong Sosa-gu Bucheon-shi
Zip Code : 422-040
Phone : +82-16-385-5622
E-Mail : b0049398@users.bora.net
- John
--
Most people don't type their own logfiles; but, what do I care?
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic