[prev in list] [next in list] [prev in thread] [next in thread]
List: intrusions
Subject: [LOGS] March 25, 2002
From: Laurie Zirkle <lat () cns ! vt ! edu>
Date: 2002-03-27 15:36:09
[Download RAW message or body]
=-=-=-=-=-=-=-=-=-=-=
Mar 25 00:58:52 hosthu /kernel: Connection attempt to UDP a.b.w.62:137 from \
217.136.96.245:1033
Mar 25 00:58:52 hosthu /kernel: Connection attempt to UDP a.b.w.62:137 from \
217.136.96.245:1033
Mar 25 01:07:08 hosthu /kernel: Connection attempt to UDP a.b.w.62:137 from \
217.136.96.245:1033
Mar 25 01:07:08 hosthu /kernel: Connection attempt to UDP a.b.w.62:137 from \
217.136.96.245:1033
=-=-=-=-=-=-=-=-=-=-=
Also on Mar 11 10:18:17
Mar 25 02:17:49 hosty snort: [ID 702911 local0.alert] [1:473:1] ICMP redirect net \
[Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 195.244.68.2 -> \
z.y.x.34
Mar 25 04:10:50 hosty snort: [ID 702911 local0.alert] [1:473:1] ICMP redirect net \
[Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 195.244.68.2 -> \
z.y.x.34
=-=-=-=-=-=-=-=-=-=-=
Mar 25 02:29:16 hostdar in.ftpd[12494]: refused connect from 202.111.187.66
Mar 25 02:29:16 hostdar in.ftpd[12495]: refused connect from 202.111.187.66
Mar 25 02:29:16 hostdar in.ftpd[12496]: refused connect from 202.111.187.66
Mar 25 02:29:16 hostdar in.ftpd[12497]: refused connect from 202.111.187.66
=-=-=-=-=-=-=-=-=-=-=
XO Communications (NET-XOXO-BLK-14)
1400 Parkmoor Avenue San Jose, CA 95126-3429 US
Netname: XOXO-BLK-14
Netblock: 64.0.0.0 - 64.3.255.255
Maintainer: XOXO
Mar 25 03:20:57 hostpoo sendmail[16691]: NOQUEUE: Null connection from \
ts016d14.cam-ma.concentric.net [64.2.142.26]
Mar 25 03:20:57 hostpoo sendmail[16692]: NOQUEUE: Null connection from \
ts016d14.cam-ma.concentric.net [64.2.142.26]
Mar 25 03:22:32 hostca sendmail[27382]: NOQUEUE: ts016d14.cam-ma.concentric.net \
[64.2.142.26] did not issue MAIL/EXPN/VRFY/ETRN during connection to \
MTA
Mar 25 03:22:32 hostca sendmail[27383]: NOQUEUE: ts016d14.cam-ma.concentric.net \
[64.2.142.26] did not issue MAIL/EXPN/VRFY/ETRN during connection to \
MTA
Mar 25 03:22:52 hostca sendmail[27384]: NOQUEUE: ts016d14.cam-ma.concentric.net \
[64.2.142.26] did not issue MAIL/EXPN/VRFY/ETRN during connection to \
MTA
Mar 25 03:22:56 hostca sendmail[27385]: NOQUEUE: ts016d14.cam-ma.concentric.net \
[64.2.142.26] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
=-=-=-=-=-=-=-=-=-=-=
Mar 25 03:24:23 hoste portsentry[105]: attackalert: Connect from host: \
212.68.87.250/212.68.87.250 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 04:45:10 hoste portsentry[105]: attackalert: Connect from host: \
68.1.243.28/68.1.243.28 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 06:42:15 hoste portsentry[105]: attackalert: Connect from host: \
68.47.196.249/68.47.196.249 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 07:00:40 hoste portsentry[105]: attackalert: Connect from host: \
198.252.132.200/198.252.132.200 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 07:17:09 hostdar in.ftpd[12660]: refused connect from 209.69.151.99
Mar 25 07:17:09 hostdar in.ftpd[12661]: refused connect from 209.69.151.99
Mar 25 07:17:10 hostdar in.ftpd[12662]: refused connect from 209.69.151.99
Mar 25 07:17:10 hostdar in.ftpd[12663]: refused connect from 209.69.151.99
=-=-=-=-=-=-=-=-=-=-=
Mar 25 07:17:09 hosty named[7451]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [198.142.1.242].0
=-=-=-=-=-=-=-=-=-=-=
Mar 25 07:26:45 hostmi named[7971]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [203.60.16.12].0
Mar 25 07:36:47 hosty named[7451]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [203.60.16.12].0
=-=-=-=-=-=-=-=-=-=-=
Mar 25 07:32:24 hosty named[7451]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [202.161.124.222].0
=-=-=-=-=-=-=-=-=-=-=
Mar 25 07:30:14 hostmi named[7971]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [207.8.219.208].0
Mar 25 07:42:54 hosty named[7451]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [207.8.219.208].0
Mar 25 07:44:43 hosty named[7451]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [207.8.219.208].0
=-=-=-=-=-=-=-=-=-=-=
Mar 25 07:42:01 hostl sshd[9738]: [ID 800047 auth.info] Did not receive \
identification string from 129.132.77.16.
=-=-=-=-=-=-=-=-=-=-=
Mar 25 07:56:43 hostmi named[7971]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [130.130.68.100].0
Mar 25 08:23:53 hosty named[7451]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [130.130.68.100].0
Mar 25 08:23:53 hosty named[7451]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [130.130.68.100].0
=-=-=-=-=-=-=-=-=-=-=
Mar 25 08:24:23 hostmi named[7971]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [198.142.1.243].0
=-=-=-=-=-=-=-=-=-=-=
Mar 25 08:26:04 hostmi named[7971]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [203.60.16.12].0
=-=-=-=-=-=-=-=-=-=-=
Mar 25 08:29:24 hostmi named[7971]: [ID 295310 daemon.notice] security: notice: \
dropping source port zero packet from [207.8.219.208].0
=-=-=-=-=-=-=-=-=-=-=
Mar 25 09:30:23 hostmau Connection attempt to TCP z.y.w.12:6346 from \
206.28.215.90:1302
Mar 25 09:30:23 hostmau Connection attempt to TCP z.y.w.12:6346 from \
206.28.215.90:1302
=-=-=-=-=-=-=-=-=-=-=
Mar 25 10:06:38 hostpol in.ftpd[19257]: [ID 947420 mail.warning] refused connect from \
adsl-42816.turboline.skynet.be
Mar 25 10:07:37 hostca in.ftpd[570]: refused connect from \
adsl-42816.turboline.skynet.be
=-=-=-=-=-=-=-=-=-=-=
Mar 25 11:57:22 hoste portsentry[105]: attackalert: Connect from host: \
211.217.30.59/211.217.30.59 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 12:44:10 hoste portsentry[105]: attackalert: Connect from host: \
61.188.210.35/61.188.210.35 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 12:46:29 hoste portsentry[105]: attackalert: Connect from host: \
172.180.39.232/172.180.39.232 to TCP port: 80
Mar 25 12:55:45 hostmau portsentry[210]: attackalert: Connect from host: \
ACB427E8.ipt.aol.com/172.180.39.232 to TCP port: 80
Mar 25 12:55:45 hostmau portsentry[210]: attackalert: Connect from host: \
ACB427E8.ipt.aol.com/172.180.39.232 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 13:44:19 hostmau portsentry[210]: attackalert: Connect from host: \
198.142.106.113.optusnet.com.au/198.142.106.113 to TCP port: 80
Mar 25 13:44:25 hostmau portsentry[210]: attackalert: Connect from host: \
198.142.106.113.optusnet.com.au/198.142.106.113 to TCP port: 80
Mar 25 13:44:33 hostmau portsentry[210]: attackalert: Connect from host: \
198.142.106.113.optusnet.com.au/198.142.106.113 to TCP port: 80
Mar 25 13:44:40 hostmau portsentry[210]: attackalert: Connect from host: \
198.142.106.113.optusnet.com.au/198.142.106.113 to TCP port: 80
Mar 25 13:44:47 hostmau portsentry[210]: attackalert: Connect from host: \
198.142.106.113.optusnet.com.au/198.142.106.113 to TCP port: 80
Mar 25 13:44:54 hostmau portsentry[210]: attackalert: Connect from host: \
198.142.106.113.optusnet.com.au/198.142.106.113 to TCP port: 80
Mar 25 13:45:01 hostmau portsentry[210]: attackalert: Connect from host: \
198.142.106.113.optusnet.com.au/198.142.106.113 to TCP port: 80
Mar 25 13:45:09 hostmau portsentry[210]: attackalert: Connect from host: \
198.142.106.113.optusnet.com.au/198.142.106.113 to TCP port: 80
Mar 25 13:45:17 hostmau portsentry[210]: attackalert: Connect from host: \
198.142.106.113.optusnet.com.au/198.142.106.113 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 13:58:02 hostca in.ftpd[1750]: refused connect from 217.57.19.28
Mar 25 13:58:02 hostca in.ftpd[1752]: refused connect from 217.57.19.28
=-=-=-=-=-=-=-=-=-=-=
inetnum: 213.20.0.0 - 213.20.255.255
netname: DE-MEDIAWAYS-990820
descr: mediaWays GmbH
descr: PROVIDER
country: DE
brln-d51481b8.dsl.mediaWays.net. 13h18m20s IN A 213.20.129.184
Also on Mar 24 22:18:39, Mar 24 22:20:24, Mar 24 22:23:15 ->
Mar 24 22:23:17
Mar 25 14:02:49 hostdar in.ftpd[12846]: refused connect from \
brln-d51481b8.dsl.mediaWays.net
Mar 25 14:02:50 hostdar in.ftpd[12847]: refused connect from \
brln-d51481b8.dsl.mediaWays.net
Mar 25 14:02:50 hostdar in.ftpd[12848]: refused connect from \
brln-d51481b8.dsl.mediaWays.net
Mar 25 14:02:50 hostdar in.ftpd[12849]: refused connect from \
brln-d51481b8.dsl.mediaWays.net
=-=-=-=-=-=-=-=-=-=-=
Mar 25 14:13:28 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:28 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:29 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:29 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:29 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:30 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:30 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:30 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:31 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:31 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:32 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:32 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:33 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:33 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:33 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to \
TCP port: 80
Mar 25 14:13:34 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 200-158-106-78.dsl.telesp.net.br/200.158.106.78 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Also on Nov 9 11:01:52 -> Nov 9 23:49:05 (total of 211),
Nov 10 00:35:24 -> Nov 10 10:26:41 (total of 171), Nov 13 13:22:04,
Nov 16 15:50:13, Nov 17 05:38:02, Nov 21 09:39:29, Nov 25 13:39:41,
Nov 26 13:47:50, Dec 1 17:58:29, Dec 3 10:21:42, Dec 6 16:00:57,
Dec 6 22:54:14 -> Dec 6 22:54:25, Dec 7 00:35:44 -> Dec 7 00:35:56,
Dec 7 02:17:14 -> Dec 7 02:17:31, Dec 7 03:57:14 -> Dec 7 03:57:31,
Dec 7 05:37:14 -> Dec 7 05:37:31, Dec 7 07:17:15, Dec 7 09:36:29,
Dec 7 14:48:34, Dec 8 08:17:17, Dec 10 10:15:53, Dec 14 13:54:57,
Dec 17 15:01:04, Dec 23 16:09:42, Jan 1 14:53:18, Jan 25 10:25:49,
Jan 28 10:17:19, Feb 1 17:36:20, Feb 2 20:39:29, Feb 4 01:22:19,
Feb 9 21:56:03, Feb 12 16:59:38, Feb 15 14:59:38, Feb 18 10:42:39,
Feb 25 13:52:00, Mar 1 08:11:29, Mar 6 11:58:43, Mar 7 12:52:16,
Mar 7 14:05:04, Mar 10 20:06:31, Mar 13 09:34:09, Mar 14 16:16:58,
Mar 15 11:50:09, Mar 18 10:51:17, Mar 19 12:16:10, Mar 20 11:41:24,
Mar 20 17:07:03, Mar 20 19:57:38, Mar 21 16:25:55
Mar 25 14:34:43 hosty snort: [ID 702911 local0.alert] [1:487:2] ICMP Destination \
Unreachable (Communication with Destination Network is Administratively Prohibited) \
[Classification: Misc activity] [Priority: 3]: {ICMP} 152.85.133.14 \
-> z.y.x.34
Mar 27 08:30:49 hosty snort: [ID 702911 local0.alert] [1:487:2] ICMP Destination \
Unreachable (Communication with Destination Network is Administratively Prohibited) \
[Classification: Misc activity] [Priority: 3]: {ICMP} 152.85.133.14 -> z.y.x.34
=-=-=-=-=-=-=-=-=-=-=
Mar 25 14:38:11 hoste portsentry[105]: attackalert: Connect from host: \
218.20.59.163/218.20.59.163 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
America Online, Inc. (NETBLK-AOL-172BLK)
12100 Sunrise Valley Drive Reston, VA 20191 US
Netname: AOL-172BLK
Netblock: 172.128.0.0 - 172.191.255.255
Maintainer: AOL
Mar 25 14:40:48 hosty portsentry[6160]: [ID 702911 daemon.notice] attackalert: \
Connect from host: ACB73049.ipt.aol.com/172.183.48.73 to TCP port: 80
Mar 25 14:40:48 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
172.183.48.73:2389 -> z.y.x.34:80
Mar 25 14:40:49 hosty portsentry[6160]: [ID 702911 daemon.notice] attackalert: \
Connect from host: ACB73049.ipt.aol.com/172.183.48.73 to TCP port: 80
Mar 25 14:41:10 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: ACB73049.ipt.aol.com/172.183.48.73 to TCP port: 80
Mar 25 14:41:10 hostj portsentry[13043]: [ID 702911 daemon.notice] attackalert: \
Connect from host: ACB73049.ipt.aol.com/172.183.48.73 to TCP port: 80
Mar 25 14:41:34 hostmi portsentry[4313]: [ID 702911 daemon.notice] attackalert: \
Connect from host: ACB73049.ipt.aol.com/172.183.48.73 to TCP port: 80
Mar 25 14:41:34 hostmi portsentry[4313]: [ID 702911 daemon.notice] attackalert: \
Connect from host: ACB73049.ipt.aol.com/172.183.48.73 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 15:37:45 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3701 -> z.y.x.34:80
Mar 25 15:37:45 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3726 -> z.y.x.34:80
Mar 25 15:37:45 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3742 -> z.y.x.34:80
Mar 25 15:37:46 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3754 -> z.y.x.34:80
Mar 25 15:37:46 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3768 -> z.y.x.34:80
Mar 25 15:37:46 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3783 -> z.y.x.34:80
Mar 25 15:37:46 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3804 -> z.y.x.34:80
Mar 25 15:37:46 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3811 -> z.y.x.34:80
Mar 25 15:37:47 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3831 -> z.y.x.34:80
Mar 25 15:37:47 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3844 -> z.y.x.34:80
Mar 25 15:37:47 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3853 -> z.y.x.34:80
Mar 25 15:37:47 hosty snort: [ID 702911 local0.alert] [1:1113:1] WEB-MISC http \
directory traversal [Classification: Attempted Information Leak] [Priority: 2]: {TCP} \
198.173.2.16:3868 -> z.y.x.34:80
=-=-=-=-=-=-=-=-=-=-=
Also on Oct 30 16:03:33, Nov 1 13:46:44, Nov 9 08:35:49,
Nov 12 16:26:11, Nov 15 09:37:29, Nov 17 16:48:26, Nov 21 15:45:30,
Nov 25 20:53:16, Nov 26 10:19:07, Nov 26 14:53:07, Dec 20 03:31:36,
Dec 20 22:10:49, Dec 29 21:45:36, Dec 30 04:32:33, Dec 31 15:04:35,
Jan 2 15:51:04, Jan 13 13:00:37, Jan 23 17:25:53, Jan 24 14:35:42,
Jan 25 09:42:45, Jan 25 16:46:44, Jan 29 22:26:17, Feb 4 12:58:45
Feb 6 14:27:54, Feb 6 18:13:29, Feb 7 14:08:46, Feb 8 14:00:48,
Feb 15 11:33:53, Feb 17 18:47:05, Feb 27 15:49:06, Feb 28 07:39:21,
Mar 18 17:27:48, Mar 21 08:10:32, Mar 21 19:17:29
Mar 25 16:15:18 hosty snort: [ID 702911 local0.alert] [1:472:1] ICMP redirect host \
[Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 202.50.119.118 -> \
z.y.x.34
Mar 26 16:11:25 hosty snort: [ID 702911 local0.alert] [1:472:1] ICMP redirect host \
[Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 202.50.119.118 -> \
z.y.x.34
=-=-=-=-=-=-=-=-=-=-=
Mar 25 16:18:50 hoste portsentry[105]: attackalert: Connect from host: \
163.18.22.99/163.18.22.99 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 18:55:14 hostca in.ftpd[2433]: refused connect from 216.206.112.5
Mar 25 18:55:14 hostca in.ftpd[2434]: refused connect from 216.206.112.5
Mar 25 18:55:14 hostca in.ftpd[2435]: refused connect from 216.206.112.5
Mar 25 18:55:14 hostca in.ftpd[2436]: refused connect from 216.206.112.5
=-=-=-=-=-=-=-=-=-=-=
Mar 25 19:19:46 hostpol portsentry[23050]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 211.250.97.130/211.250.97.130 to TCP port: 515
=-=-=-=-=-=-=-=-=-=-=
Mar 25 19:35:16 hoste portsentry[105]: attackalert: Connect from host: \
218.20.218.183/218.20.218.183 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
IP Address : 211.239.168.0-211.239.168.255
Network Name : GNG-IDC-MPLUSTECH
Connect ISP Name : GNGIDC
Connect Date : 20010713
Registration Date : 20011121
[ Organization Information ]
Orgnization ID : ORG215915
Org Name : mPlusTech
State : KYONGGI
Address : 1428-2 Gyanyang-1Dong Dongan-Gu Anyang-Si
Zip Code : 431-061
Mar 25 20:41:03 hostmi portsentry[4313]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 211.239.168.28/211.239.168.28 to TCP port: 513
Mar 25 20:41:03 hosty named[7451]: [ID 295310 daemon.notice] security: notice: denied \
query from [211.239.168.28].1054 for "VERSION.BIND" TXT/CHAOS
Mar 25 20:41:03 hosty named[7451]: [ID 295310 daemon.notice] security: notice: denied \
query from [211.239.168.28].1054 for "VERSION.BIND" TXT/CHAOS
Mar 25 20:41:03 hosty portsentry[6160]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 211.239.168.28/211.239.168.28 to TCP port: 513
Mar 25 20:41:04 hostmi named[7971]: [ID 295310 daemon.notice] security: notice: \
denied query from [211.239.168.28].1054 for "VERSION.BIND" TXT/CHAOS
Mar 25 20:41:04 hostmi named[7971]: [ID 295310 daemon.notice] security: notice: \
denied query from [211.239.168.28].1054 for "VERSION.BIND" TXT/CHAOS
=-=-=-=-=-=-=-=-=-=-=
inetnum 211.152.66.0 - 211.152.66.127
netname YINGXINNET
descr YINGXIN communication Co.,Ltd.
descr communication
descr Beijing,China
country CN
Mar 25 21:47:03 hostci portsentry[9368]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 211.152.66.12/211.152.66.12 to TCP port: 514
Mar 25 21:47:19 hostcl telnetd[15247]: refused connect from 211.152.66.12
Mar 25 21:47:28 hostba portsentry[605]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 211.152.66.12/211.152.66.12 to TCP port: 514
Mar 25 21:47:28 hostdr portsentry[2434]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 211.152.66.12/211.152.66.12 to TCP port: 514
Mar 25 21:47:28 hostl portsentry[455]: [ID 702911 daemon.notice] attackalert: Connect \
from host: 211.152.66.12/211.152.66.12 to TCP port: 513
Mar 25 21:47:28 hostst portsentry[352]: [ID 702911 daemon.notice] attackalert: \
Connect from host: 211.152.66.12/211.152.66.12 to TCP port: 513
Mar 25 21:47:38 hoste portsentry[105]: attackalert: Connect from host: \
211.152.66.12/211.152.66.12 to TCP port: 515
Mar 25 21:57:03 hostmau portsentry[210]: attackalert: Connect from host: \
211.152.66.12/211.152.66.12 to TCP port: 513
=-=-=-=-=-=-=-=-=-=-=
Mar 25 21:57:28 hoste portsentry[105]: attackalert: Connect from host: \
63.202.178.255/63.202.178.255 to TCP port: 80
=-=-=-=-=-=-=-=-=-=-=
Mar 25 22:54:29 hoste portsentry[105]: attackalert: Connect from host: \
210.82.183.50/210.82.183.50 to TCP port: 80
--
Laurie
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic