[prev in list] [next in list] [prev in thread] [next in thread]
List: intrusions
Subject: [LOGS] March 23 2002
From: Laurie Zirkle <lat () cns ! vt ! edu>
Date: 2002-03-26 16:09:12
[Download RAW message or body]
=-=-=-=-=-=-=-=-=-=-=
Mar 23 00:05:31 hoste portsentry[105]: attackalert: Connect from host: \
213.204.65.66/213.204.65.66 to TCP port: 80
Mar 23 00:05:31 hoste portsentry[105]: attackalert: Connect from host: \
213.204.65.66/213.204.65.66 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 00:55:27 hosty snort: [ID 702911 local0.alert] [1:1322:4] BAD TRAFFIC bad frag \
bits [Classification: Misc activity] [Priority: 3]: {UDP} 200.255.253.241 -> z.y.x.34
=-=-=-=-=-=-=-=-=-=-=
Mar 23 01:21:48 hoste portsentry[105]: attackalert: Connect from host: \
68.15.19.42/68.15.19.42 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 05:55:22 hostdar in.ftpd[10776]: refused connect from page.jetpage.com
Mar 23 05:55:22 hostdar in.ftpd[10777]: refused connect from page.jetpage.com
=-=-=-=-=-=-=-=-=-=-=
Also on Mar 1 14:31:25 -> Mar 1 14:31:26, Mar 2 05:49:15 ->
Mar 2 05:49:16, Mar 8 23:04:42 -> Mar 8 23:04:43
Mar 23 05:55:26 hosthu icmpinfo: ICMP_Source_Quench < 66.28.31.74 > 66.28.98.1 \
sp=20480 dp=4542 seq=0xf2bb0b7e sz=36(+20)
Mar 23 05:55:26 hosthu icmpinfo: ICMP_Source_Quench < 66.28.31.74 > 66.28.98.1 \
sp=20480 dp=4542 seq=0xf2bb12a3 sz=36(+20)
Mar 23 05:55:26 hosthu snort: [1:477:1] ICMP Source Quench [Classification: \
Potentially Bad Traffic] [Priority: 2]: {ICMP} 66.28.31.74 -> \
a.b.w.62
Mar 23 05:55:26 hosthu snort: [1:477:1] ICMP Source Quench [Classification: \
Potentially Bad Traffic] [Priority: 2]: {ICMP} 66.28.31.74 -> a.b.w.62
=-=-=-=-=-=-=-=-=-=-=
Mar 23 06:24:55 hoste portsentry[105]: attackalert: Connect from host: \
24.156.155.252/24.156.155.252 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 06:31:52 hoste portsentry[105]: attackalert: Connect from host: \
65.170.14.217/65.170.14.217 to TCP port: 80
Mar 23 06:31:53 hoste portsentry[105]: attackalert: Connect from host: \
65.170.14.217/65.170.14.217 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Videotron Ltee (NETBLK-VL-D-MT-18CA6000)
2000 Rue Berri Montreal, QC H2L 4V7 CA
Netname: VL-D-MT-18CA6000
Netblock: 24.202.96.0 - 24.202.96.255
Mar 23 06:43:45 hostl proftpd[5900] hostl \
(modemcable029.96-202-24.mtl.mc.videotron.ca[24.202.96.29]): FTP \
session opened.
Mar 23 06:43:45 hostl proftpd[5900] hostl \
(modemcable029.96-202-24.mtl.mc.videotron.ca[24.202.96.29]): ANON anonymous: Login \
successful. modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:45 -0500] "PASS Igpuser@home.com" 230 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:46 -0500] \
"CWD /" 250 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:46 -0500] "CWD /_vti_pvt/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:46 -0500] \
"CWD /incoming/" 250 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:46 -0500] "CWD /pub/" 250 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:46 -0500] \
"CWD /pub/incoming/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:46 -0500] "CWD /public/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:46 -0500] \
"CWD /public/incoming/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:46 -0500] "CWD /upload/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:46 -0500] \
"MKD 020323064347p" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:46 -0500] "MKD 020323064348p" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:47 -0500] \
"CWD /" 250 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:47 -0500] "CWD /_vti_log/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:47 -0500] \
"CWD /_vti_pvt/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:47 -0500] "CWD /_vti_txt/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:47 -0500] \
"CWD /anonymous/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:47 -0500] "CWD /anonymous/_vti_pvt/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:47 -0500] \
"CWD /anonymous/incoming/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN \
ftp [23/Mar/2002:06:43:47 -0500] "CWD /in/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:47 -0500] \
"CWD /mailroot/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:47 -0500] "CWD /outgoing/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:47 -0500] \
"CWD /public/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:47 -0500] "CWD /temp/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:47 -0500] \
"CWD /tmp/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:47 -0500] "CWD /upload/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:47 -0500] \
"CWD /wwwroot/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:47 -0500] "MKD 020323064348p" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:48 -0500] \
"CWD /_private/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:48 -0500] "CWD /_vti_cnf/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:48 -0500] \
"CWD /anonymous/pub/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:48 -0500] "CWD /anonymous/public/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:48 -0500] \
"CWD /cgi-bin/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:48 -0500] "CWD /cgibin/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:48 -0500] \
"CWD /ftproot/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:48 -0500] "CWD /images/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:48 -0500] \
"CWD /usr/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:49 -0500] "CWD /" 250 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:49 -0500] \
"CWD /_vti_log/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:49 -0500] "CWD /_vti_pvt/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:49 -0500] \
"CWD /_vti_txt/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:49 -0500] "CWD /anonymous/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:49 -0500] \
"CWD /home/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:49 -0500] "CWD /in/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:49 -0500] \
"CWD /incoming/" 250 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:49 -0500] "CWD /mailroot/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:49 -0500] \
"CWD /pub/" 250 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:49 -0500] "CWD /pub/incoming/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:49 -0500] \
"CWD /public/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:49 -0500] "CWD /public/incoming/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:49 -0500] \
"CWD /upload/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:49 -0500] "CWD /usr/incoming/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:49 -0500] \
"CWD /wwwroot/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:49 -0500] "MKD 020323064350p" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:49 -0500] \
"MKD 020323064351p" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:50 -0500] "CWD /_private/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:50 -0500] \
"CWD /_vti_cnf/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:50 -0500] "CWD /anonymous/_vti_pvt/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:50 -0500] \
"CWD /anonymous/incoming/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN \
ftp [23/Mar/2002:06:43:50 -0500] "CWD /anonymous/pub/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:50 -0500] \
"CWD /anonymous/public/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN \
ftp [23/Mar/2002:06:43:50 -0500] "CWD /cgi-bin/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:50 -0500] \
"CWD /cgibin/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:50 -0500] "CWD /ftproot/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:50 -0500] \
"CWD /home/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:50 -0500] "CWD /images/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:50 -0500] \
"CWD /mailroot/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:50 -0500] "CWD /outgoing/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:50 -0500] \
"CWD /temp/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:50 -0500] "CWD /tmp/" 550 - \
modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp [23/Mar/2002:06:43:50 -0500] \
"CWD /usr/" 550 - modemcable029.96-202-24.mtl.mc.videotron.ca UNKNOWN ftp \
[23/Mar/2002:06:43:50 -0500] "CWD /usr/incoming/" 550 -
Mar 23 06:43:50 hostl proftpd[5900] hostl \
(modemcable029.96-202-24.mtl.mc.videotron.ca[24.202.96.29]): FTP session closed.
Mar 23 06:43:45 hostsa ftpd[11992]: refused connect from \
modemcable029.96-202-24.mtl.mc.videotron.ca
Mar 23 06:43:45 hostt ftpd[7678]: refused connect from \
modemcable029.96-202-24.mtl.mc.videotron.ca
Mar 23 06:43:45 hostz ftpd[11324]: refused connect from \
modemcable029.96-202-24.mtl.mc.videotron.ca
Mar 23 06:44:07 hostpol in.ftpd[18421]: [ID 947420 mail.warning] refused connect from \
modemcable029.96-202-24.mtl.mc.videotron.ca
Mar 23 06:44:07 hostpol in.ftpd[18422]: [ID 947420 mail.warning] refused connect from \
modemcable029.96-202-24.mtl.mc.videotron.ca
Mar 23 06:44:07 hostpol in.ftpd[18423]: [ID 947420 mail.warning] refused connect from \
modemcable029.96-202-24.mtl.mc.videotron.ca
Mar 23 06:44:07 hostpol in.ftpd[18424]: [ID 947420 mail.warning] refused connect from \
modemcable029.96-202-24.mtl.mc.videotron.ca
Mar 23 06:44:55 hostca in.ftpd[25585]: refused connect from \
modemcable029.96-202-24.mtl.mc.videotron.ca
Mar 23 06:44:55 hostca in.ftpd[25586]: refused connect from \
modemcable029.96-202-24.mtl.mc.videotron.ca
Mar 23 06:44:58 hostca in.ftpd[25587]: refused connect from \
modemcable029.96-202-24.mtl.mc.videotron.ca
Mar 23 06:53:07 hostmau Connection attempt to TCP z.y.w.12:21 from 24.202.96.29:2459
Mar 23 06:53:13 hostmau Connection attempt to TCP z.y.w.12:21 from 24.202.96.29:2459
=-=-=-=-=-=-=-=-=-=-=
Mar 23 06:52:23 hoste portsentry[105]: attackalert: Connect from host: \
202.106.86.6/202.106.86.6 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 07:33:28 hoste portsentry[105]: attackalert: Connect from host: \
67.112.180.154/67.112.180.154 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 08:09:49 hoste portsentry[105]: attackalert: Connect from host: \
166.82.223.239/166.82.223.239 to TCP port: 80
Mar 23 08:09:49 hoste portsentry[105]: attackalert: Connect from host: \
166.82.223.239/166.82.223.239 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 09:40:39 hostdar in.ftpd[10884]: refused connect from 195.202.239.43
=-=-=-=-=-=-=-=-=-=-=
Mar 23 10:01:54 hostl portsentry[455]: [ID 702911 daemon.notice] attackalert: Connect \
from host: 218.58.1.237/218.58.1.237 to TCP port: 6001
=-=-=-=-=-=-=-=-=-=-=
Mar 23 11:12:26 hoste portsentry[105]: attackalert: Connect from host: \
168.115.33.129/168.115.33.129 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 12:29:40 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:40 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:41 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:41 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:41 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:42 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:42 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:43 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:43 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:44 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:44 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:45 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:45 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:46 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:46 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
Mar 23 12:29:46 hostf portsentry[19054]: attackalert: Connect from host: \
61.174.153.68/61.174.153.68 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 12:50:57 hoste portsentry[105]: attackalert: Connect from host: \
205.151.61.77/205.151.61.77 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 12:56:16 hostdar in.ftpd[10983]: refused connect from usr069.rosenet.ne.jp
Mar 23 12:56:16 hostdar in.ftpd[10984]: refused connect from usr069.rosenet.ne.jp
Mar 23 12:56:16 hostdar in.ftpd[10985]: refused connect from usr069.rosenet.ne.jp
Mar 23 12:56:16 hostdar in.ftpd[10986]: refused connect from usr069.rosenet.ne.jp
=-=-=-=-=-=-=-=-=-=-=
Mar 23 13:16:30 hoste portsentry[105]: attackalert: Connect from host: \
200.48.147.163/200.48.147.163 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 13:56:54 hoste portsentry[105]: attackalert: Connect from host: \
202.130.13.163/202.130.13.163 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
inetnum: 217.0.0.0 - 217.5.127.255
netname: DTAG-DIAL13
descr: Deutsche Telekom AG
country: DE
Mar 23 15:26:57 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3791 -> z.y.x.34:80
Mar 23 15:26:57 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3804 -> z.y.x.34:80
Mar 23 15:26:57 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3818 -> z.y.x.34:80
Mar 23 15:26:58 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3838 -> z.y.x.34:80
Mar 23 15:26:58 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3859 -> z.y.x.34:80
Mar 23 15:26:59 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3872 -> z.y.x.34:80
Mar 23 15:26:59 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3885 -> z.y.x.34:80
Mar 23 15:26:59 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3909 -> z.y.x.34:80
Mar 23 15:26:59 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3926 -> z.y.x.34:80
Mar 23 15:27:00 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3942 -> z.y.x.34:80
Mar 23 15:27:00 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3964 -> z.y.x.34:80
Mar 23 15:27:00 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
217.0.241.119:3978 -> z.y.x.34:80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 16:30:55 hoste portsentry[105]: attackalert: Connect from host: \
61.201.255.218/61.201.255.218 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 17:11:05 hoste portsentry[105]: attackalert: Connect from host: \
210.116.171.28/210.116.171.28 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 17:12:22 hoste portsentry[105]: attackalert: Connect from host: \
194.78.204.200/194.78.204.200 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 17:15:21 hoste portsentry[105]: attackalert: Connect from host: \
61.188.199.63/61.188.199.63 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 17:40:28 hoste portsentry[105]: attackalert: Connect from host: \
213.170.56.36/213.170.56.36 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Also on Mar 22 04:27:54
Mar 23 17:44:22 hostdar portsentry[306]: attackalert: Connect from host: \
134.102.72.37/134.102.72.37 to TCP port: 1524
=-=-=-=-=-=-=-=-=-=-=
Palm Springs Resort Rentals (NETBLK-DGIS-PSRSRTRNTL)
1701 N. Palm Canyon Suite 6 Palm Springs, CA 92262 US
Netname: DGIS-PSRSRTRNTL
Netblock: 63.118.141.80 - 63.118.141.87
Mar 23 18:48:11 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55528 -> z.y.x.34:80
Mar 23 18:48:11 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55539 -> z.y.x.34:80
Mar 23 18:48:12 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55559 -> z.y.x.34:80
Mar 23 18:48:12 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55573 -> z.y.x.34:80
Mar 23 18:48:12 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55578 -> z.y.x.34:80
Mar 23 18:48:15 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55550 -> z.y.x.34:80
Mar 23 18:48:15 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55602 -> z.y.x.34:80
Mar 23 18:48:16 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55756 -> z.y.x.34:80
Mar 23 18:48:16 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55774 -> z.y.x.34:80
Mar 23 18:48:17 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55792 -> z.y.x.34:80
Mar 23 18:48:17 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55806 -> z.y.x.34:80
Mar 23 18:48:17 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
63.118.141.80:55819 -> z.y.x.34:80
Mar 26 01:13:08 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:09 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:09 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:09 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:09 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:10 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:13 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:13 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:13 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:13 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:14 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:14 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:14 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:14 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:15 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
Mar 26 01:13:18 hostmau portsentry[210]: attackalert: Connect from host: \
80.141.118.63.dis.net/63.118.141.80 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
364-NOTWER (NETBLK-NEWE-364-L)
Private Address WICHITA, KS 67202 US
Netname: NEWE-364-L
Netblock: 216.171.140.160 - 216.171.140.191
Mar 23 19:13:10 hosthu portmap[17726]: connect from 216.171.140.168 to \
getport(status): request from unauthorized host
Mar 23 19:13:10 hosthu snort: [1:587:2] RPC portmap request status [Classification: \
Decode of an RPC Query] [Priority: 2]: {UDP} 216.171.140.168:1006 -> a.b.w.62:111
=-=-=-=-=-=-=-=-=-=-=
Mar 23 19:24:53 hostmau Connection attempt to TCP z.y.w.12:6346 from \
66.108.126.138:2611
Mar 23 19:24:54 hostmau Connection attempt to TCP z.y.w.12:6346 from \
66.108.126.138:2611
Mar 23 19:24:54 hostmau Connection attempt to TCP z.y.w.12:6346 from \
66.108.126.138:2611
=-=-=-=-=-=-=-=-=-=-=
Mar 23 19:27:27 hoste portsentry[105]: attackalert: Connect from host: \
212.58.4.70/212.58.4.70 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Universidad Nacional Autonoma de Mexico (NET-REDUNAM)
CU, Mexico DF, CP 04510 MX
Netname: REDUNAM
Netblock: 132.248.0.0 - 132.248.255.255
Mar 23 19:32:12 hostl proftpd[12885] hostl \
(pcbiol.fciencias.unam.mx[132.248.195.162]): FTP session opened.
Mar 23 19:32:12 hostl proftpd[12885] hostl \
(pcbiol.fciencias.unam.mx[132.248.195.162]): FTP session closed.
Mar 23 19:32:12 hostl proftpd[12886] hostl \
(pcbiol.fciencias.unam.mx[132.248.195.162]): FTP session opened.
Mar 23 19:32:12 hostl proftpd[12886] hostl \
(pcbiol.fciencias.unam.mx[132.248.195.162]): FTP session closed.
Mar 23 19:32:12 hostsa ftpd[13378]: refused connect from pcbiol.fciencias.unam.mx
Mar 23 19:32:12 hostt ftpd[302]: refused connect from pcbiol.fciencias.unam.mx
Mar 23 19:32:13 hostsa ftpd[18896]: refused connect from pcbiol.fciencias.unam.mx
Mar 23 19:32:21 hostpol in.ftpd[18596]: [ID 947420 mail.warning] refused connect from \
pcbiol.fciencias.unam.mx
Mar 23 19:32:21 hostpol in.ftpd[18597]: [ID 947420 mail.warning] refused connect from \
pcbiol.fciencias.unam.mx
Mar 23 19:32:21 hostpol in.ftpd[18598]: [ID 947420 mail.warning] refused connect from \
pcbiol.fciencias.unam.mx
Mar 23 19:32:21 hostpol in.ftpd[18599]: [ID 947420 mail.warning] refused connect from \
pcbiol.fciencias.unam.mx
Mar 23 19:32:12 hostz ftpd[19653]: refused connect from pcbiol.fciencias.unam.mx
Mar 23 19:33:21 hostca in.ftpd[26070]: refused connect from pcbiol.fciencias.unam.mx
Mar 23 19:33:21 hostca in.ftpd[26071]: refused connect from pcbiol.fciencias.unam.mx
Mar 23 19:33:21 hostca in.ftpd[26072]: refused connect from pcbiol.fciencias.unam.mx
Mar 23 19:33:21 hostca in.ftpd[26073]: refused connect from pcbiol.fciencias.unam.mx
Mar 23 19:41:36 hostmau Connection attempt to TCP z.y.w.12:21 from \
132.248.195.162:4643
=-=-=-=-=-=-=-=-=-=-=
Mar 23 19:38:53 hostmau Connection attempt to TCP z.y.w.12:21 from 212.162.48.123:21
Mar 23 20:04:40 hostdar in.ftpd[11200]: refused connect from 212.162.48.123
Mar 23 20:04:40 hostdar in.ftpd[11201]: refused connect from 212.162.48.123
=-=-=-=-=-=-=-=-=-=-=
Mar 23 20:02:15 hoste portsentry[105]: attackalert: Connect from host: \
213.213.71.66/213.213.71.66 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 20:07:39 hoste portsentry[105]: attackalert: Connect from host: \
217.136.248.156/217.136.248.156 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 20:09:58 hoste portsentry[105]: attackalert: Connect from host: \
195.228.18.253/195.228.18.253 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 20:22:20 hoste portsentry[105]: attackalert: Connect from host: \
211.78.185.39/211.78.185.39 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 22:15:21 hoste portsentry[105]: attackalert: Connect from host: \
211.96.205.29/211.96.205.29 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 22:27:04 hoste portsentry[105]: attackalert: Connect from host: \
211.94.228.65/211.94.228.65 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 23 22:46:44 hoste portsentry[105]: attackalert: Connect from host: \
216.166.214.201/216.166.214.201 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Everyones Internet, Inc. (NETBLK-EVRY-BLK-6)
2600 Southwest Frwy Suite 500 Houston, TX 77098 US
Netname: EVRY-BLK-6
Netblock: 216.40.192.0 - 216.40.255.255
Maintainer: EVRY
Mar 23 23:43:09 hosthu portmap[18590]: connect from 216.40.196.62 to getport(status): \
request from unauthorized host
Mar 23 23:43:09 hosthu snort: [1:587:2] RPC portmap request status [Classification: \
Decode of an RPC Query] [Priority: 2]: {UDP} 216.40.196.62:710 -> a.b.w.62:111
=-=-=-=-=-=-=-=-=-=-=
University of Nebraska-Lincoln (NET-HUSKERNET)
Information Services 29 WSEC Lincoln, NE 68588-0657 US
Netname: HUSKERNET
Netblock: 129.93.0.0 - 129.93.255.255
Mar 23 23:57:32 hosthu portmap[18652]: connect from 129.93.9.182 to getport(status): \
request from unauthorized host
Mar 23 23:57:33 hosthu snort: [1:587:2] RPC portmap request status [Classification: \
Decode of an RPC Query] [Priority: 2]: {UDP} 129.93.9.182:781 -> \
a.b.w.62:111
Mar 24 22:24:51 hosthu portmap[23160]: connect from 129.93.9.182 to getport(status): \
request from unauthorized host
Mar 24 22:24:51 hosthu snort: [1:587:2] RPC portmap request status [Classification: \
Decode of an RPC Query] [Priority: 2]: {UDP} 129.93.9.182:691 -> a.b.w.62:111
--
Laurie
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic