[Intrusions] [LOGS] Summary of large-scale portscanning detects
Ken Connelly
ken.connelly at uni.edu
Mon Jul 19 00:25:29 GMT 2004
A lot of what I've seen (probably 1/3 of the sources) over the past
couple weeks has originated in China. For example, see what's here for
221.202.148.218 as typical of what I see coming out of China these days.
I never did see the large scale FTP scans that was mentioned in the
Handler's Diary. So far, in July, the most common port target I've seen
is 1433. Second place is pretty much a tie betwen 9898 and 5554, with
fourth going to 1023. That's not every day, but over the month how
things average out. Also, I block 135 and 445 outside the sensor, so
they don't show up in the things I normally look at, but from the ACL
counts, they are FAR and away higher than what I see from anything
that's coming through to the blocks inside the sensor.
- ken
Timothy Chase wrote:
>Ken,
>
>Although I get a fair amount of activity on those ports (the usual
>worms and bots, mostly, and then an occasional exploit), searching my
>logs over the past week, I didn't see any of the ip addresses you
>listed:
>
>61.50.246.252
>61.82.67.229
>63.239.115.105
>64.158.178.108
>65.213.144.145
>68.115.77.104
>82.37.172.102
>140.211.24.23
>141.153.91.65
>198.107.7.121
>198.248.98.194
>200.187.173.198
>203.200.22.214
>209.42.209.62
>216.150.136.170
>218.224.189.219
>220.76.240.211
>220.81.173.235
>221.217.15.143
>
>However, the July 12th "Handler's Diary" at the Internet Storm Center:
>
>http://isc.incidents.org/
>
>mentions specifically that suspicious ftp activity had been targeting
>schools. My thoughts are that the activity you are currently seeing
>might be part of a next stage -- in which case it is something which
>would be picked up only by schools -- and might help to explain why
>none of your offenders are showing up on my list.
>
>--
>
>Tim Chase
>
>On Sat, 17 Jul 2004 05:59:05 -0500 (CDT), ken.connelly at uni.edu
><ken.connelly at uni.edu> wrote:
>
>
>>The following extracts show the beginning and ending of scan activity
>>was detected on my network. The number following each set is the total
>>number of probes for that source. Timestamps are GMT-0500.
>>
>>Jul 16 08:22:32 82.37.172.102:2028 -> xxx.yyy.1.0:1433 SYN ******S*
>>Jul 16 08:22:32 82.37.172.102:2029 -> xxx.yyy.1.1:1433 SYN ******S*
>>Jul 16 08:22:32 82.37.172.102:2030 -> xxx.yyy.1.2:1433 SYN ******S*
>>Jul 16 08:22:29 82.37.172.102:2031 -> xxx.yyy.1.3:1433 SYN ******S*
>>Jul 16 08:22:32 82.37.172.102:2032 -> xxx.yyy.1.4:1433 SYN ******S*
>>Jul 16 08:22:32 82.37.172.102:2033 -> xxx.yyy.1.5:1433 SYN ******S*
>>Jul 16 08:22:32 82.37.172.102:2034 -> xxx.yyy.1.6:1433 SYN ******S*
>>Jul 16 08:22:32 82.37.172.102:2035 -> xxx.yyy.1.7:1433 SYN ******S*
>>[...]
>>Jul 16 12:11:19 82.37.172.102:3176 -> xxx.yyy.255.242:1433 SYN ******S*
>>Jul 16 12:11:19 82.37.172.102:3185 -> xxx.yyy.255.243:1433 SYN ******S*
>>Jul 16 12:11:20 82.37.172.102:3196 -> xxx.yyy.255.244:1433 SYN ******S*
>>Jul 16 12:11:20 82.37.172.102:3205 -> xxx.yyy.255.246:1433 SYN ******S*
>>Jul 16 12:11:20 82.37.172.102:3206 -> xxx.yyy.255.247:1433 SYN ******S*
>>Jul 16 12:11:20 82.37.172.102:3216 -> xxx.yyy.255.248:1433 SYN ******S*
>>Jul 16 12:11:21 82.37.172.102:3218 -> xxx.yyy.255.249:1433 SYN ******S*
>>Jul 16 12:11:22 82.37.172.102:3245 -> xxx.yyy.255.250:1433 SYN ******S*
>>Jul 16 12:11:23 82.37.172.102:3261 -> xxx.yyy.255.251:1433 SYN ******S*
>>87018
>>
>>Jul 16 11:21:43 63.239.115.105:3879 -> xxx.yyy.1.1:139 SYN ******S*
>>Jul 16 11:21:43 63.239.115.105:3880 -> xxx.yyy.1.2:139 SYN ******S*
>>Jul 16 11:21:46 63.239.115.105:3881 -> xxx.yyy.1.3:139 SYN ******S*
>>Jul 16 11:21:46 63.239.115.105:3882 -> xxx.yyy.1.4:139 SYN ******S*
>>Jul 16 11:21:46 63.239.115.105:3883 -> xxx.yyy.1.5:139 SYN ******S*
>>Jul 16 11:21:46 63.239.115.105:3884 -> xxx.yyy.1.6:139 SYN ******S*
>>Jul 16 11:21:46 63.239.115.105:3885 -> xxx.yyy.1.7:139 SYN ******S*
>>Jul 16 11:21:46 63.239.115.105:3886 -> xxx.yyy.1.8:139 SYN ******S*
>>[...]
>>Jul 16 12:10:09 63.239.115.105:2028 -> xxx.yyy.255.247:139 SYN ******S*
>>Jul 16 12:10:09 63.239.115.105:2025 -> xxx.yyy.255.244:139 SYN ******S*
>>Jul 16 12:10:09 63.239.115.105:2022 -> xxx.yyy.255.241:139 SYN ******S*
>>Jul 16 12:10:09 63.239.115.105:2033 -> xxx.yyy.255.252:139 SYN ******S*
>>Jul 16 12:10:09 63.239.115.105:2030 -> xxx.yyy.255.249:139 SYN ******S*
>>Jul 16 12:10:09 63.239.115.105:2034 -> xxx.yyy.255.253:139 SYN ******S*
>>Jul 16 12:10:09 63.239.115.105:2031 -> xxx.yyy.255.250:139 SYN ******S*
>>Jul 16 12:10:09 63.239.115.105:2035 -> xxx.yyy.255.254:139 SYN ******S*
>>Jul 16 12:10:09 63.239.115.105:2032 -> xxx.yyy.255.251:139 SYN ******S*
>>73345
>>
>>Jul 16 21:06:08 203.200.22.214:3737 -> xxx.yyy.1.1:1433 SYN ******S*
>>Jul 16 21:06:08 203.200.22.214:3738 -> xxx.yyy.1.2:1433 SYN ******S*
>>Jul 16 21:06:08 203.200.22.214:3739 -> xxx.yyy.1.3:1433 SYN ******S*
>>Jul 16 21:06:08 203.200.22.214:3740 -> xxx.yyy.1.4:1433 SYN ******S*
>>Jul 16 21:06:08 203.200.22.214:3741 -> xxx.yyy.1.5:1433 SYN ******S*
>>Jul 16 21:06:05 203.200.22.214:3743 -> xxx.yyy.1.7:1433 SYN ******S*
>>Jul 16 21:06:05 203.200.22.214:3744 -> xxx.yyy.1.8:1433 SYN ******S*
>>Jul 16 21:06:08 203.200.22.214:3742 -> xxx.yyy.1.6:1433 SYN ******S*
>>[...]
>>Jul 16 21:52:01 203.200.22.214:3250 -> xxx.yyy.255.227:1433 SYN ******S*
>>Jul 16 21:52:01 203.200.22.214:3278 -> xxx.yyy.255.254:1433 SYN ******S*
>>Jul 16 21:52:01 203.200.22.214:3258 -> xxx.yyy.255.235:1433 SYN ******S*
>>Jul 16 21:52:01 203.200.22.214:3274 -> xxx.yyy.255.251:1433 SYN ******S*
>>Jul 16 21:52:01 203.200.22.214:3255 -> xxx.yyy.255.232:1433 SYN ******S*
>>Jul 16 21:52:01 203.200.22.214:3271 -> xxx.yyy.255.248:1433 SYN ******S*
>>Jul 16 21:52:01 203.200.22.214:3263 -> xxx.yyy.255.240:1433 SYN ******S*
>>Jul 16 21:52:01 203.200.22.214:3247 -> xxx.yyy.255.224:1433 SYN ******S*
>>72594
>>
>>Jul 16 22:00:54 198.107.7.121:3500 -> xxx.yyy.1.1:1433 SYN ******S*
>>Jul 16 22:00:51 198.107.7.121:3501 -> xxx.yyy.1.2:1433 SYN ******S*
>>Jul 16 22:00:54 198.107.7.121:3502 -> xxx.yyy.1.3:1433 SYN ******S*
>>Jul 16 22:00:54 198.107.7.121:3503 -> xxx.yyy.1.4:1433 SYN ******S*
>>Jul 16 22:00:54 198.107.7.121:3504 -> xxx.yyy.1.5:1433 SYN ******S*
>>Jul 16 22:00:54 198.107.7.121:3505 -> xxx.yyy.1.6:1433 SYN ******S*
>>Jul 16 22:00:54 198.107.7.121:3506 -> xxx.yyy.1.7:1433 SYN ******S*
>>Jul 16 22:00:54 198.107.7.121:3507 -> xxx.yyy.1.8:1433 SYN ******S*
>>[...]
>>Jul 16 22:12:41 198.107.7.121:3548 -> xxx.yyy.255.249:1433 SYN ******S*
>>Jul 16 22:12:41 198.107.7.121:3545 -> xxx.yyy.255.246:1433 SYN ******S*
>>Jul 16 22:12:41 198.107.7.121:3549 -> xxx.yyy.255.250:1433 SYN ******S*
>>Jul 16 22:12:41 198.107.7.121:3546 -> xxx.yyy.255.247:1433 SYN ******S*
>>Jul 16 22:12:41 198.107.7.121:3543 -> xxx.yyy.255.244:1433 SYN ******S*
>>Jul 16 22:12:41 198.107.7.121:3547 -> xxx.yyy.255.248:1433 SYN ******S*
>>Jul 16 22:12:41 198.107.7.121:3544 -> xxx.yyy.255.245:1433 SYN ******S*
>>Jul 16 22:12:41 198.107.7.121:3552 -> xxx.yyy.255.253:1433 SYN ******S*
>>Jul 16 22:12:41 198.107.7.121:3553 -> xxx.yyy.255.254:1433 SYN ******S*
>>71739
>>
>>Jul 16 22:35:24 217.219.199.130:3004 -> xxx.yyy.1.1:1433 SYN ******S*
>>Jul 16 22:35:24 217.219.199.130:3006 -> xxx.yyy.1.2:1433 SYN ******S*
>>Jul 16 22:35:27 217.219.199.130:3008 -> xxx.yyy.1.3:1433 SYN ******S*
>>Jul 16 22:35:27 217.219.199.130:3010 -> xxx.yyy.1.4:1433 SYN ******S*
>>Jul 16 22:35:27 217.219.199.130:3012 -> xxx.yyy.1.5:1433 SYN ******S*
>>Jul 16 22:35:27 217.219.199.130:3014 -> xxx.yyy.1.6:1433 SYN ******S*
>>Jul 16 22:35:27 217.219.199.130:3016 -> xxx.yyy.1.7:1433 SYN ******S*
>>Jul 16 22:35:27 217.219.199.130:3018 -> xxx.yyy.1.8:1433 SYN ******S*
>>[...]
>>Jul 16 22:47:17 217.219.199.130:1045 -> xxx.yyy.255.245:1433 SYN ******S*
>>Jul 16 22:47:17 217.219.199.130:1042 -> xxx.yyy.255.242:1433 SYN ******S*
>>Jul 16 22:47:17 217.219.199.130:1046 -> xxx.yyy.255.246:1433 SYN ******S*
>>Jul 16 22:47:17 217.219.199.130:1043 -> xxx.yyy.255.243:1433 SYN ******S*
>>Jul 16 22:47:17 217.219.199.130:1053 -> xxx.yyy.255.253:1433 SYN ******S*
>>Jul 16 22:47:17 217.219.199.130:1050 -> xxx.yyy.255.250:1433 SYN ******S*
>>Jul 16 22:47:17 217.219.199.130:1054 -> xxx.yyy.255.254:1433 SYN ******S*
>>Jul 16 22:47:17 217.219.199.130:1051 -> xxx.yyy.255.251:1433 SYN ******S*
>>Jul 16 22:47:17 217.219.199.130:1052 -> xxx.yyy.255.252:1433 SYN ******S*
>>71114
>>
>>Jul 16 12:21:29 221.146.70.155:2985 -> xxx.yyy.1.12:1433 SYN ******S*
>>Jul 16 12:21:29 221.146.70.155:2975 -> xxx.yyy.1.11:1433 SYN ******S*
>>Jul 16 12:21:29 221.146.70.155:2992 -> xxx.yyy.1.13:1433 SYN ******S*
>>Jul 16 12:21:29 221.146.70.155:3004 -> xxx.yyy.1.14:1433 SYN ******S*
>>Jul 16 12:21:29 221.146.70.155:3015 -> xxx.yyy.1.15:1433 SYN ******S*
>>Jul 16 12:21:26 221.146.70.155:3020 -> xxx.yyy.1.16:1433 SYN ******S*
>>Jul 16 12:21:29 221.146.70.155:3028 -> xxx.yyy.1.17:1433 SYN ******S*
>>Jul 16 12:21:29 221.146.70.155:3049 -> xxx.yyy.1.19:1433 SYN ******S*
>>[...]
>>Jul 16 12:33:22 221.146.70.155:4803 -> xxx.yyy.255.248:1433 SYN ******S*
>>Jul 16 12:33:22 221.146.70.155:4785 -> xxx.yyy.255.245:1433 SYN ******S*
>>Jul 16 12:33:22 221.146.70.155:4789 -> xxx.yyy.255.246:1433 SYN ******S*
>>Jul 16 12:33:22 221.146.70.155:4811 -> xxx.yyy.255.249:1433 SYN ******S*
>>Jul 16 12:33:22 221.146.70.155:4835 -> xxx.yyy.255.252:1433 SYN ******S*
>>Jul 16 12:33:22 221.146.70.155:4849 -> xxx.yyy.255.254:1433 SYN ******S*
>>Jul 16 12:33:22 221.146.70.155:4827 -> xxx.yyy.255.251:1433 SYN ******S*
>>Jul 16 12:33:22 221.146.70.155:4843 -> xxx.yyy.255.253:1433 SYN ******S*
>>69698
>>
>>Jul 16 01:25:35 198.248.98.194:2606 -> xxx.yyy.1.1:80 SYN ******S*
>>Jul 16 01:25:35 198.248.98.194:2607 -> xxx.yyy.1.2:80 SYN ******S*
>>Jul 16 01:25:34 198.248.98.194:2608 -> xxx.yyy.1.3:80 SYN ******S*
>>Jul 16 01:25:37 198.248.98.194:2609 -> xxx.yyy.1.4:80 SYN ******S*
>>Jul 16 01:25:34 198.248.98.194:2610 -> xxx.yyy.1.5:80 SYN ******S*
>>Jul 16 01:25:34 198.248.98.194:2611 -> xxx.yyy.1.6:80 SYN ******S*
>>Jul 16 01:25:37 198.248.98.194:2612 -> xxx.yyy.1.7:80 SYN ******S*
>>Jul 16 01:25:37 198.248.98.194:2613 -> xxx.yyy.1.8:80 SYN ******S*
>>[...]
>>Jul 16 01:30:12 198.248.98.194:1297 -> xxx.yyy.255.233:80 SYN ******S*
>>Jul 16 01:30:12 198.248.98.194:1277 -> xxx.yyy.255.214:80 SYN ******S*
>>Jul 16 01:30:12 198.248.98.194:1294 -> xxx.yyy.255.230:80 SYN ******S*
>>Jul 16 01:30:12 198.248.98.194:1274 -> xxx.yyy.255.211:80 SYN ******S*
>>Jul 16 01:30:12 198.248.98.194:1310 -> xxx.yyy.255.246:80 SYN ******S*
>>Jul 16 01:30:12 198.248.98.194:1290 -> xxx.yyy.255.227:80 SYN ******S*
>>Jul 16 01:30:12 198.248.98.194:1258 -> xxx.yyy.255.195:80 SYN ******S*
>>Jul 16 01:30:12 198.248.98.194:1287 -> xxx.yyy.255.224:80 SYN ******S*
>>62754
>>
>>Jul 16 10:25:10 61.82.67.229:20094 -> xxx.yyy.1.1:4899 SYN ******S*
>>Jul 16 10:25:10 61.82.67.229:47723 -> xxx.yyy.1.2:4899 SYN ******S*
>>Jul 16 10:25:10 61.82.67.229:33979 -> xxx.yyy.1.3:4899 SYN ******S*
>>Jul 16 10:25:12 61.82.67.229:34048 -> xxx.yyy.1.4:4899 SYN ******S*
>>Jul 16 10:25:12 61.82.67.229:21070 -> xxx.yyy.1.5:4899 SYN ******S*
>>Jul 16 10:25:12 61.82.67.229:12458 -> xxx.yyy.1.7:4899 SYN ******S*
>>Jul 16 10:25:12 61.82.67.229:51416 -> xxx.yyy.1.8:4899 SYN ******S*
>>Jul 16 10:25:12 61.82.67.229:7751 -> xxx.yyy.1.6:4899 SYN ******S*
>>[...]
>>Jul 16 10:38:38 61.82.67.229:48975 -> xxx.yyy.255.248:4899 SYN ******S*
>>Jul 16 10:38:38 61.82.67.229:59265 -> xxx.yyy.255.249:4899 SYN ******S*
>>Jul 16 10:38:38 61.82.67.229:49034 -> xxx.yyy.255.247:4899 SYN ******S*
>>Jul 16 10:38:38 61.82.67.229:45087 -> xxx.yyy.255.246:4899 SYN ******S*
>>Jul 16 10:38:38 61.82.67.229:16548 -> xxx.yyy.255.245:4899 SYN ******S*
>>Jul 16 10:38:38 61.82.67.229:35131 -> xxx.yyy.255.250:4899 SYN ******S*
>>Jul 16 10:38:38 61.82.67.229:17582 -> xxx.yyy.255.254:4899 SYN ******S*
>>Jul 16 10:38:38 61.82.67.229:6311 -> xxx.yyy.255.252:4899 SYN ******S*
>>Jul 16 10:38:38 61.82.67.229:62734 -> xxx.yyy.255.253:4899 SYN ******S*
>>49978
>>
>>Jul 16 18:00:08 221.232.150.21:3475 -> xxx.yyy.1.1:80 SYN ******S*
>>Jul 16 18:00:10 221.232.150.21:3477 -> xxx.yyy.1.3:80 SYN ******S*
>>Jul 16 18:00:08 221.232.150.21:3478 -> xxx.yyy.1.4:80 SYN ******S*
>>Jul 16 18:00:11 221.232.150.21:3479 -> xxx.yyy.1.5:80 SYN ******S*
>>Jul 16 18:00:11 221.232.150.21:3481 -> xxx.yyy.1.7:80 SYN ******S*
>>Jul 16 18:00:08 221.232.150.21:3482 -> xxx.yyy.1.8:80 SYN ******S*
>>Jul 16 18:00:11 221.232.150.21:3483 -> xxx.yyy.1.9:80 SYN ******S*
>>Jul 16 18:00:11 221.232.150.21:3484 -> xxx.yyy.1.10:80 SYN ******S*
>>[...]
>>Jul 16 18:05:40 221.232.150.21:2376 -> xxx.yyy.255.244:80 SYN ******S*
>>Jul 16 18:05:40 221.232.150.21:2369 -> xxx.yyy.255.237:80 SYN ******S*
>>Jul 16 18:05:40 221.232.150.21:2385 -> xxx.yyy.255.253:80 SYN ******S*
>>Jul 16 18:05:40 221.232.150.21:2363 -> xxx.yyy.255.231:80 SYN ******S*
>>Jul 16 18:05:40 221.232.150.21:2386 -> xxx.yyy.255.254:80 SYN ******S*
>>Jul 16 18:05:40 221.232.150.21:2371 -> xxx.yyy.255.239:80 SYN ******S*
>>Jul 16 18:05:40 221.232.150.21:2382 -> xxx.yyy.255.250:80 SYN ******S*
>>Jul 16 18:05:40 221.232.150.21:2381 -> xxx.yyy.255.249:80 SYN ******S*
>>49862
>>
>>Jul 16 00:48:28 211.221.17.7:4609 -> xxx.yyy.1.2:4899 SYN ******S*
>>Jul 16 00:48:26 211.221.17.7:4611 -> xxx.yyy.1.4:4899 SYN ******S*
>>Jul 16 00:48:26 211.221.17.7:4613 -> xxx.yyy.1.6:4899 SYN ******S*
>>Jul 16 00:48:28 211.221.17.7:4608 -> xxx.yyy.1.1:4899 SYN ******S*
>>Jul 16 00:48:26 211.221.17.7:4610 -> xxx.yyy.1.3:4899 SYN ******S*
>>Jul 16 00:48:26 211.221.17.7:4612 -> xxx.yyy.1.5:4899 SYN ******S*
>>Jul 16 00:48:28 211.221.17.7:4620 -> xxx.yyy.1.11:4899 SYN ******S*
>>Jul 16 00:48:26 211.221.17.7:4622 -> xxx.yyy.1.12:4899 SYN ******S*
>>[...]
>>Jul 16 00:52:29 211.221.17.7:3504 -> xxx.yyy.254.243:4899 SYN ******S*
>>Jul 16 00:52:29 211.221.17.7:3510 -> xxx.yyy.254.249:4899 SYN ******S*
>>Jul 16 00:52:29 211.221.17.7:3509 -> xxx.yyy.254.248:4899 SYN ******S*
>>Jul 16 00:52:29 211.221.17.7:3511 -> xxx.yyy.254.250:4899 SYN ******S*
>>Jul 16 00:52:29 211.221.17.7:3507 -> xxx.yyy.254.246:4899 SYN ******S*
>>Jul 16 00:52:29 211.221.17.7:3513 -> xxx.yyy.254.252:4899 SYN ******S*
>>Jul 16 00:52:29 211.221.17.7:3512 -> xxx.yyy.254.251:4899 SYN ******S*
>>Jul 16 00:52:29 211.221.17.7:3514 -> xxx.yyy.254.253:4899 SYN ******S*
>>44162
>>
>>Jul 16 01:11:20 141.153.91.65:3341 -> xxx.yyy.10.0:1433 SYN ******S*
>>Jul 16 01:11:20 141.153.91.65:3343 -> xxx.yyy.10.1:1433 SYN ******S*
>>Jul 16 01:11:20 141.153.91.65:3345 -> xxx.yyy.10.2:1433 SYN ******S*
>>Jul 16 01:11:20 141.153.91.65:3346 -> xxx.yyy.10.3:1433 SYN ******S*
>>Jul 16 01:11:20 141.153.91.65:3349 -> xxx.yyy.10.4:1433 SYN ******S*
>>Jul 16 01:11:20 141.153.91.65:3351 -> xxx.yyy.10.5:1433 SYN ******S*
>>Jul 16 01:11:20 141.153.91.65:3352 -> xxx.yyy.10.6:1433 SYN ******S*
>>Jul 16 01:11:20 141.153.91.65:3353 -> xxx.yyy.10.7:1433 SYN ******S*
>>[...]
>>Jul 16 03:08:09 141.153.91.65:4303 -> xxx.yyy.165.200:1433 SYN ******S*
>>Jul 16 03:08:09 141.153.91.65:4328 -> xxx.yyy.165.201:1433 SYN ******S*
>>Jul 16 03:08:09 141.153.91.65:4337 -> xxx.yyy.165.202:1433 SYN ******S*
>>Jul 16 03:08:09 141.153.91.65:4338 -> xxx.yyy.165.203:1433 SYN ******S*
>>Jul 16 03:08:09 141.153.91.65:4344 -> xxx.yyy.165.204:1433 SYN ******S*
>>Jul 16 03:08:09 141.153.91.65:4345 -> xxx.yyy.165.205:1433 SYN ******S*
>>Jul 16 03:08:09 141.153.91.65:4355 -> xxx.yyy.165.206:1433 SYN ******S*
>>Jul 16 03:08:09 141.153.91.65:4366 -> xxx.yyy.165.207:1433 SYN ******S*
>>Jul 16 03:08:09 141.153.91.65:4379 -> xxx.yyy.165.208:1433 SYN ******S*
>>44123
>>
>>Jul 16 00:56:33 218.61.23.51:1211 -> xxx.yyy.71.160:5554 SYN ******S*
>>Jul 16 00:56:33 218.61.23.51:1226 -> xxx.yyy.71.161:5554 SYN ******S*
>>Jul 16 00:56:33 218.61.23.51:1227 -> xxx.yyy.71.162:5554 SYN ******S*
>>Jul 16 00:56:33 218.61.23.51:1231 -> xxx.yyy.71.163:5554 SYN ******S*
>>Jul 16 00:56:33 218.61.23.51:1234 -> xxx.yyy.71.172:5554 SYN ******S*
>>Jul 16 00:56:33 218.61.23.51:1235 -> xxx.yyy.71.164:5554 SYN ******S*
>>Jul 16 00:56:33 218.61.23.51:1236 -> xxx.yyy.71.165:5554 SYN ******S*
>>Jul 16 00:56:33 218.61.23.51:1237 -> xxx.yyy.71.166:5554 SYN ******S*
>>[...]
>>Jul 16 01:14:55 218.61.23.51:2598 -> xxx.yyy.92.18:9898 SYN ******S*
>>Jul 16 01:14:55 218.61.23.51:2600 -> xxx.yyy.92.19:9898 SYN ******S*
>>Jul 16 01:14:55 218.61.23.51:2595 -> xxx.yyy.92.17:9898 SYN ******S*
>>Jul 16 01:14:56 218.61.23.51:2629 -> xxx.yyy.92.22:9898 SYN ******S*
>>Jul 16 01:14:56 218.61.23.51:2633 -> xxx.yyy.92.26:9898 SYN ******S*
>>Jul 16 01:14:56 218.61.23.51:2640 -> xxx.yyy.92.24:9898 SYN ******S*
>>Jul 16 01:14:56 218.61.23.51:2632 -> xxx.yyy.92.25:9898 SYN ******S*
>>Jul 16 01:14:56 218.61.23.51:2639 -> xxx.yyy.92.23:9898 SYN ******S*
>>Jul 16 01:14:56 218.61.23.51:2631 -> xxx.yyy.92.21:9898 SYN ******S*
>>42216
>>
>>Jul 16 15:37:30 65.213.144.145:40275 -> xxx.yyy.72.47:443 SYN ******S*
>>Jul 16 15:37:30 65.213.144.145:40275 -> xxx.yyy.73.127:443 SYN ******S*
>>Jul 16 15:37:31 65.213.144.145:40275 -> xxx.yyy.91.148:443 SYN ******S*
>>Jul 16 15:37:32 65.213.144.145:40275 -> xxx.yyy.203.31:443 SYN ******S*
>>Jul 16 15:37:33 65.213.144.145:40275 -> xxx.yyy.89.110:443 SYN ******S*
>>Jul 16 15:37:33 65.213.144.145:40275 -> xxx.yyy.174.39:443 SYN ******S*
>>Jul 16 15:37:33 65.213.144.145:40275 -> xxx.yyy.206.102:443 SYN ******S*
>>Jul 16 15:37:33 65.213.144.145:40275 -> xxx.yyy.229.255:443 SYN ******S*
>>[...]
>>Jul 16 23:59:52 65.213.144.145:40275 -> xxx.yyy.73.128:443 SYN ******S*
>>Jul 16 23:59:53 65.213.144.145:40275 -> xxx.yyy.243.226:443 SYN ******S*
>>Jul 16 23:59:54 65.213.144.145:40275 -> xxx.yyy.250.153:443 SYN ******S*
>>Jul 16 23:59:54 65.213.144.145:40275 -> xxx.yyy.219.97:443 SYN ******S*
>>Jul 16 23:59:54 65.213.144.145:40275 -> xxx.yyy.86.192:443 SYN ******S*
>>Jul 16 23:59:55 65.213.144.145:40275 -> xxx.yyy.89.163:443 SYN ******S*
>>Jul 16 23:59:56 65.213.144.145:40275 -> xxx.yyy.181.65:443 SYN ******S*
>>Jul 16 23:59:57 65.213.144.145:40275 -> xxx.yyy.196.191:443 SYN ******S*
>>40942
>>
>>Jul 16 14:11:50 64.158.178.108:36 -> xxx.yyy.184.176:443 SYN ******S*
>>Jul 16 14:11:50 64.158.178.108:36 -> xxx.yyy.92.64:443 SYN ******S*
>>Jul 16 14:11:51 64.158.178.108:36 -> xxx.yyy.71.251:443 SYN ******S*
>>Jul 16 14:11:52 64.158.178.108:36 -> xxx.yyy.131.141:443 SYN ******S*
>>Jul 16 14:11:53 64.158.178.108:36 -> xxx.yyy.134.250:443 SYN ******S*
>>Jul 16 14:11:53 64.158.178.108:36 -> xxx.yyy.89.107:443 SYN ******S*
>>Jul 16 14:11:53 64.158.178.108:36 -> xxx.yyy.201.43:443 SYN ******S*
>>Jul 16 14:11:54 64.158.178.108:36 -> xxx.yyy.72.77:443 SYN ******S*
>>[...]
>>Jul 16 23:34:26 64.158.178.108:36 -> xxx.yyy.225.12:443 SYN ******S*
>>Jul 16 23:34:27 64.158.178.108:36 -> xxx.yyy.250.213:443 SYN ******S*
>>Jul 16 23:34:27 64.158.178.108:36 -> xxx.yyy.155.235:443 SYN ******S*
>>Jul 16 23:34:27 64.158.178.108:36 -> xxx.yyy.78.196:443 SYN ******S*
>>Jul 16 23:34:28 64.158.178.108:36 -> xxx.yyy.88.130:443 SYN ******S*
>>Jul 16 23:34:29 64.158.178.108:36 -> xxx.yyy.138.96:443 SYN ******S*
>>Jul 16 23:34:30 64.158.178.108:36 -> xxx.yyy.73.12:443 SYN ******S*
>>Jul 16 23:34:30 64.158.178.108:36 -> xxx.yyy.128.18:443 SYN ******S*
>>Jul 16 23:34:31 64.158.178.108:36 -> xxx.yyy.184.146:443 SYN ******S*
>>34879
>>
>>Jul 16 06:53:23 140.211.24.23:45766 -> xxx.yyy.74.118:443 SYN ******S*
>>Jul 16 06:53:24 140.211.24.23:45766 -> xxx.yyy.82.118:443 SYN ******S*
>>Jul 16 06:53:24 140.211.24.23:45766 -> xxx.yyy.85.35:443 SYN ******S*
>>Jul 16 06:53:24 140.211.24.23:45766 -> xxx.yyy.253.72:443 SYN ******S*
>>Jul 16 06:53:25 140.211.24.23:45766 -> xxx.yyy.231.160:443 SYN ******S*
>>Jul 16 06:53:27 140.211.24.23:45766 -> xxx.yyy.178.84:443 SYN ******S*
>>Jul 16 06:53:28 140.211.24.23:45766 -> xxx.yyy.70.63:443 SYN ******S*
>>Jul 16 06:53:29 140.211.24.23:45766 -> xxx.yyy.220.219:443 SYN ******S*
>>[...]
>>Jul 16 11:24:26 140.211.24.23:45766 -> xxx.yyy.246.24:443 SYN ******S*
>>Jul 16 11:24:26 140.211.24.23:45766 -> xxx.yyy.176.183:443 SYN ******S*
>>Jul 16 11:24:28 140.211.24.23:45766 -> xxx.yyy.74.211:443 SYN ******S*
>>Jul 16 11:24:28 140.211.24.23:45766 -> xxx.yyy.67.91:443 SYN ******S*
>>Jul 16 11:24:29 140.211.24.23:45766 -> xxx.yyy.214.40:443 SYN ******S*
>>Jul 16 11:24:29 140.211.24.23:45766 -> xxx.yyy.205.138:443 SYN ******S*
>>Jul 16 11:24:29 140.211.24.23:45766 -> xxx.yyy.144.168:443 SYN ******S*
>>Jul 16 11:24:29 140.211.24.23:45766 -> xxx.yyy.239.218:443 SYN ******S*
>>Jul 16 11:24:30 140.211.24.23:45766 -> xxx.yyy.92.246:443 SYN ******S*
>>26600
>>
>>Jul 16 07:48:57 200.187.173.198:2976 -> xxx.yyy.1.0:6112 SYN ******S*
>>Jul 16 07:48:57 200.187.173.198:2992 -> xxx.yyy.1.14:6112 SYN ******S*
>>Jul 16 07:48:57 200.187.173.198:3003 -> xxx.yyy.1.24:6112 SYN ******S*
>>Jul 16 07:48:57 200.187.173.198:3028 -> xxx.yyy.1.46:6112 SYN ******S*
>>Jul 16 07:48:58 200.187.173.198:3257 -> xxx.yyy.1.61:6112 SYN ******S*
>>Jul 16 07:48:58 200.187.173.198:3258 -> xxx.yyy.1.62:6112 SYN ******S*
>>Jul 16 07:48:58 200.187.173.198:3259 -> xxx.yyy.1.63:6112 SYN ******S*
>>Jul 16 07:48:58 200.187.173.198:3260 -> xxx.yyy.1.64:6112 SYN ******S*
>>[...]
>>Jul 16 07:55:56 200.187.173.198:1591 -> xxx.yyy.255.246:6112 SYN ******S*
>>Jul 16 07:55:56 200.187.173.198:1592 -> xxx.yyy.255.247:6112 SYN ******S*
>>Jul 16 07:55:56 200.187.173.198:1593 -> xxx.yyy.255.248:6112 SYN ******S*
>>Jul 16 07:55:56 200.187.173.198:1594 -> xxx.yyy.255.249:6112 SYN ******S*
>>Jul 16 07:55:56 200.187.173.198:1595 -> xxx.yyy.255.250:6112 SYN ******S*
>>Jul 16 07:55:56 200.187.173.198:1596 -> xxx.yyy.255.251:6112 SYN ******S*
>>Jul 16 07:55:56 200.187.173.198:1597 -> xxx.yyy.255.252:6112 SYN ******S*
>>Jul 16 07:55:57 200.187.173.198:1598 -> xxx.yyy.255.253:6112 SYN ******S*
>>Jul 16 07:55:57 200.187.173.198:1599 -> xxx.yyy.255.254:6112 SYN ******S*
>>25267
>>
>>Jul 16 00:59:27 221.202.148.218:3589 -> xxx.yyy.174.234:5554 SYN ******S*
>>Jul 16 00:59:28 221.202.148.218:4029 -> xxx.yyy.174.234:1023 SYN ******S*
>>Jul 16 00:59:30 221.202.148.218:1230 -> xxx.yyy.174.234:9898 SYN ******S*
>>Jul 16 00:59:27 221.202.148.218:3588 -> xxx.yyy.174.222:5554 SYN ******S*
>>Jul 16 00:59:28 221.202.148.218:4023 -> xxx.yyy.174.222:1023 SYN ******S*
>>Jul 16 00:59:30 221.202.148.218:1210 -> xxx.yyy.174.222:9898 SYN ******S*
>>Jul 16 00:59:27 221.202.148.218:3594 -> xxx.yyy.174.241:5554 SYN ******S*
>>Jul 16 00:59:28 221.202.148.218:4034 -> xxx.yyy.174.241:1023 SYN ******S*
>>[...]
>>Jul 16 01:00:16 221.202.148.218:3871 -> xxx.yyy.176.66:9898 SYN ******S*
>>Jul 16 01:00:16 221.202.148.218:3872 -> xxx.yyy.176.64:9898 SYN ******S*
>>Jul 16 01:00:16 221.202.148.218:3870 -> xxx.yyy.176.65:9898 SYN ******S*
>>Jul 16 01:00:16 221.202.148.218:3875 -> xxx.yyy.176.43:9898 SYN ******S*
>>Jul 16 01:00:16 221.202.148.218:3876 -> xxx.yyy.176.68:9898 SYN ******S*
>>Jul 16 01:00:16 221.202.148.218:3886 -> xxx.yyy.176.69:9898 SYN ******S*
>>Jul 16 01:00:16 221.202.148.218:3892 -> xxx.yyy.176.70:9898 SYN ******S*
>>Jul 16 01:00:16 221.202.148.218:3915 -> xxx.yyy.176.67:9898 SYN ******S*
>>Jul 16 01:00:16 221.202.148.218:3946 -> xxx.yyy.176.71:9898 SYN ******S*
>>14952
>>
>>Jul 16 01:03:44 61.50.246.252:3259 -> xxx.yyy.154.101:5554 SYN ******S*
>>Jul 16 01:03:45 61.50.246.252:3876 -> xxx.yyy.154.101:1023 SYN ******S*
>>Jul 16 01:03:47 61.50.246.252:1124 -> xxx.yyy.154.101:9898 SYN ******S*
>>Jul 16 01:03:44 61.50.246.252:3260 -> xxx.yyy.154.104:5554 SYN ******S*
>>Jul 16 01:03:45 61.50.246.252:3868 -> xxx.yyy.154.104:1023 SYN ******S*
>>Jul 16 01:03:47 61.50.246.252:1083 -> xxx.yyy.154.104:9898 SYN ******S*
>>Jul 16 01:03:44 61.50.246.252:3263 -> xxx.yyy.154.103:5554 SYN ******S*
>>Jul 16 01:03:45 61.50.246.252:3870 -> xxx.yyy.154.103:1023 SYN ******S*
>>[...]
>>Jul 16 01:04:28 61.50.246.252:3218 -> xxx.yyy.165.22:9898 SYN ******S*
>>Jul 16 01:04:28 61.50.246.252:3221 -> xxx.yyy.165.28:9898 SYN ******S*
>>Jul 16 01:04:28 61.50.246.252:3222 -> xxx.yyy.165.29:9898 SYN ******S*
>>Jul 16 01:04:28 61.50.246.252:3228 -> xxx.yyy.165.26:9898 SYN ******S*
>>Jul 16 01:04:28 61.50.246.252:3229 -> xxx.yyy.165.25:9898 SYN ******S*
>>Jul 16 01:04:28 61.50.246.252:3230 -> xxx.yyy.165.31:9898 SYN ******S*
>>Jul 16 01:04:28 61.50.246.252:3237 -> xxx.yyy.165.24:9898 SYN ******S*
>>Jul 16 01:04:28 61.50.246.252:3243 -> xxx.yyy.165.30:9898 SYN ******S*
>>Jul 16 01:04:28 61.50.246.252:3259 -> xxx.yyy.165.23:9898 SYN ******S*
>>14807
>>
>>Jul 16 20:58:30 68.115.77.104:22002 -> xxx.yyy.1.0:3127 SYN ******S*
>>Jul 16 20:58:31 68.115.77.104:22002 -> xxx.yyy.1.0:1080 SYN ******S*
>>Jul 16 20:58:31 68.115.77.104:22002 -> xxx.yyy.1.0:10080 SYN ******S*
>>Jul 16 20:58:31 68.115.77.104:22002 -> xxx.yyy.1.0:3128 SYN ******S*
>>Jul 16 20:58:31 68.115.77.104:22002 -> xxx.yyy.1.1:3127 SYN ******S*
>>Jul 16 20:58:31 68.115.77.104:22002 -> xxx.yyy.1.1:1080 SYN ******S*
>>Jul 16 20:58:31 68.115.77.104:22002 -> xxx.yyy.1.1:10080 SYN ******S*
>>Jul 16 20:58:31 68.115.77.104:22002 -> xxx.yyy.1.1:3128 SYN ******S*
>>[...]
>>Jul 16 23:59:57 68.115.77.104:22002 -> xxx.yyy.64.217:1080 SYN ******S*
>>Jul 16 23:59:57 68.115.77.104:22002 -> xxx.yyy.64.217:10080 SYN ******S*
>>Jul 16 23:59:57 68.115.77.104:22002 -> xxx.yyy.64.217:3128 SYN ******S*
>>Jul 16 23:59:57 68.115.77.104:22002 -> xxx.yyy.64.218:3127 SYN ******S*
>>Jul 16 23:59:57 68.115.77.104:22002 -> xxx.yyy.64.218:1080 SYN ******S*
>>Jul 16 23:59:57 68.115.77.104:22002 -> xxx.yyy.64.218:10080 SYN ******S*
>>Jul 16 23:59:57 68.115.77.104:22002 -> xxx.yyy.64.218:3128 SYN ******S*
>>Jul 16 23:59:57 68.115.77.104:22002 -> xxx.yyy.64.219:3127 SYN ******S*
>>13950
>>
>>Jul 16 06:42:10 209.42.209.62:41057 -> xxx.yyy.171.206:443 SYN ******S*
>>Jul 16 06:42:11 209.42.209.62:41057 -> xxx.yyy.68.218:443 SYN ******S*
>>Jul 16 06:42:11 209.42.209.62:41057 -> xxx.yyy.254.218:443 SYN ******S*
>>Jul 16 06:42:11 209.42.209.62:41057 -> xxx.yyy.217.43:443 SYN ******S*
>>Jul 16 06:42:11 209.42.209.62:41057 -> xxx.yyy.209.141:443 SYN ******S*
>>Jul 16 06:42:12 209.42.209.62:41057 -> xxx.yyy.183.251:443 SYN ******S*
>>Jul 16 06:42:14 209.42.209.62:41057 -> xxx.yyy.231.100:443 SYN ******S*
>>Jul 16 06:42:16 209.42.209.62:41057 -> xxx.yyy.185.88:443 SYN ******S*
>>[...]
>>Jul 16 11:03:35 209.42.209.62:41057 -> xxx.yyy.232.68:443 SYN ******S*
>>Jul 16 11:03:36 209.42.209.62:41057 -> xxx.yyy.164.154:443 SYN ******S*
>>Jul 16 11:03:37 209.42.209.62:41057 -> xxx.yyy.154.244:443 SYN ******S*
>>Jul 16 11:03:37 209.42.209.62:41057 -> xxx.yyy.169.226:443 SYN ******S*
>>Jul 16 11:03:37 209.42.209.62:41057 -> xxx.yyy.70.39:443 SYN ******S*
>>Jul 16 11:03:38 209.42.209.62:41057 -> xxx.yyy.64.193:443 SYN ******S*
>>Jul 16 11:03:39 209.42.209.62:41057 -> xxx.yyy.229.86:443 SYN ******S*
>>Jul 16 11:03:39 209.42.209.62:41057 -> xxx.yyy.246.84:443 SYN ******S*
>>Jul 16 11:03:39 209.42.209.62:41057 -> xxx.yyy.208.4:443 SYN ******S*
>>13768
>>
>>Jul 16 23:56:09 218.224.189.219:2642 -> xxx.yyy.235.112:5554 SYN ******S*
>>Jul 16 23:56:10 218.224.189.219:3292 -> xxx.yyy.235.112:1023 SYN ******S*
>>Jul 16 23:56:12 218.224.189.219:4771 -> xxx.yyy.235.112:9898 SYN ******S*
>>Jul 16 23:56:09 218.224.189.219:2644 -> xxx.yyy.235.114:5554 SYN ******S*
>>Jul 16 23:56:10 218.224.189.219:3279 -> xxx.yyy.235.114:1023 SYN ******S*
>>Jul 16 23:56:12 218.224.189.219:4751 -> xxx.yyy.235.114:9898 SYN ******S*
>>Jul 16 23:56:09 218.224.189.219:2645 -> xxx.yyy.235.115:5554 SYN ******S*
>>Jul 16 23:56:10 218.224.189.219:3293 -> xxx.yyy.235.115:1023 SYN ******S*
>>[...]
>>Jul 16 23:56:52 218.224.189.219:3169 -> xxx.yyy.255.161:9898 SYN ******S*
>>Jul 16 23:56:52 218.224.189.219:3170 -> xxx.yyy.255.162:9898 SYN ******S*
>>Jul 16 23:56:52 218.224.189.219:3160 -> xxx.yyy.255.150:9898 SYN ******S*
>>Jul 16 23:56:52 218.224.189.219:3172 -> xxx.yyy.255.164:9898 SYN ******S*
>>Jul 16 23:56:52 218.224.189.219:3163 -> xxx.yyy.255.153:9898 SYN ******S*
>>Jul 16 23:56:52 218.224.189.219:3164 -> xxx.yyy.255.154:9898 SYN ******S*
>>Jul 16 23:56:52 218.224.189.219:3165 -> xxx.yyy.255.155:9898 SYN ******S*
>>Jul 16 23:56:52 218.224.189.219:3177 -> xxx.yyy.255.157:9898 SYN ******S*
>>Jul 16 23:56:52 218.224.189.219:3182 -> xxx.yyy.255.158:9898 SYN ******S*
>>13318
>>
>>Jul 16 00:56:03 61.149.196.197:1084 -> xxx.yyy.71.160:5554 SYN ******S*
>>Jul 16 00:56:04 61.149.196.197:1811 -> xxx.yyy.71.160:1023 SYN ******S*
>>Jul 16 00:56:06 61.149.196.197:3151 -> xxx.yyy.71.160:9898 SYN ******S*
>>Jul 16 00:56:03 61.149.196.197:1187 -> xxx.yyy.71.161:5554 SYN ******S*
>>Jul 16 00:56:04 61.149.196.197:1915 -> xxx.yyy.71.161:1023 SYN ******S*
>>Jul 16 00:56:06 61.149.196.197:3287 -> xxx.yyy.71.161:9898 SYN ******S*
>>Jul 16 00:56:03 61.149.196.197:1188 -> xxx.yyy.71.162:5554 SYN ******S*
>>Jul 16 00:56:04 61.149.196.197:1916 -> xxx.yyy.71.162:1023 SYN ******S*
>>[...]
>>Jul 16 00:56:49 61.149.196.197:4703 -> xxx.yyy.91.178:9898 SYN ******S*
>>Jul 16 00:56:49 61.149.196.197:4875 -> xxx.yyy.91.179:9898 SYN ******S*
>>Jul 16 00:56:49 61.149.196.197:4876 -> xxx.yyy.91.180:9898 SYN ******S*
>>Jul 16 00:56:50 61.149.196.197:1153 -> xxx.yyy.91.192:9898 SYN ******S*
>>Jul 16 00:56:50 61.149.196.197:1158 -> xxx.yyy.91.193:9898 SYN ******S*
>>Jul 16 00:56:50 61.149.196.197:1159 -> xxx.yyy.91.194:9898 SYN ******S*
>>Jul 16 00:56:50 61.149.196.197:1160 -> xxx.yyy.91.197:9898 SYN ******S*
>>Jul 16 00:56:50 61.149.196.197:1470 -> xxx.yyy.91.247:9898 SYN ******S*
>>Jul 16 00:56:50 61.149.196.197:1571 -> xxx.yyy.92.21:9898 SYN ******S*
>>13186
>>
>>Jul 16 23:56:34 220.76.240.211:2986 -> xxx.yyy.133.21:5554 SYN ******S*
>>Jul 16 23:56:35 220.76.240.211:3194 -> xxx.yyy.133.21:1023 SYN ******S*
>>Jul 16 23:56:37 220.76.240.211:3670 -> xxx.yyy.133.21:9898 SYN ******S*
>>Jul 16 23:56:34 220.76.240.211:2992 -> xxx.yyy.133.27:5554 SYN ******S*
>>Jul 16 23:56:35 220.76.240.211:3214 -> xxx.yyy.133.27:1023 SYN ******S*
>>Jul 16 23:56:37 220.76.240.211:3696 -> xxx.yyy.133.27:9898 SYN ******S*
>>Jul 16 23:56:34 220.76.240.211:2998 -> xxx.yyy.133.16:5554 SYN ******S*
>>Jul 16 23:56:35 220.76.240.211:3199 -> xxx.yyy.133.16:1023 SYN ******S*
>>[...]
>>Jul 16 23:59:41 220.76.240.211:4740 -> xxx.yyy.133.157:9898 SYN ******S*
>>Jul 16 23:59:41 220.76.240.211:4743 -> xxx.yyy.133.160:9898 SYN ******S*
>>Jul 16 23:59:41 220.76.240.211:4751 -> xxx.yyy.133.168:9898 SYN ******S*
>>Jul 16 23:59:41 220.76.240.211:4755 -> xxx.yyy.133.175:9898 SYN ******S*
>>Jul 16 23:59:41 220.76.240.211:4771 -> xxx.yyy.133.176:9898 SYN ******S*
>>Jul 16 23:59:41 220.76.240.211:4772 -> xxx.yyy.133.178:9898 SYN ******S*
>>Jul 16 23:59:41 220.76.240.211:4775 -> xxx.yyy.133.173:9898 SYN ******S*
>>Jul 16 23:59:41 220.76.240.211:4776 -> xxx.yyy.133.174:9898 SYN ******S*
>>13154
>>
>>Jul 16 00:56:58 221.217.15.143:1469 -> xxx.yyy.236.76:5554 SYN ******S*
>>Jul 16 00:57:01 221.217.15.143:3691 -> xxx.yyy.236.76:9898 SYN ******S*
>>Jul 16 00:56:58 221.217.15.143:1472 -> xxx.yyy.236.77:5554 SYN ******S*
>>Jul 16 00:57:01 221.217.15.143:3722 -> xxx.yyy.236.77:9898 SYN ******S*
>>Jul 16 00:56:58 221.217.15.143:1504 -> xxx.yyy.236.78:5554 SYN ******S*
>>Jul 16 00:57:01 221.217.15.143:3769 -> xxx.yyy.236.78:9898 SYN ******S*
>>Jul 16 00:56:58 221.217.15.143:1505 -> xxx.yyy.236.79:5554 SYN ******S*
>>Jul 16 00:57:01 221.217.15.143:3773 -> xxx.yyy.236.79:9898 SYN ******S*
>>[...]
>>Jul 16 00:58:06 221.217.15.143:2169 -> xxx.yyy.255.24:9898 SYN ******S*
>>Jul 16 00:58:06 221.217.15.143:2430 -> xxx.yyy.255.196:1023 SYN ******S*
>>Jul 16 00:58:08 221.217.15.143:3919 -> xxx.yyy.255.196:9898 SYN ******S*
>>Jul 16 00:58:07 221.217.15.143:2710 -> xxx.yyy.255.117:9898 SYN ******S*
>>Jul 16 00:58:07 221.217.15.143:2913 -> xxx.yyy.255.126:9898 SYN ******S*
>>Jul 16 00:58:07 221.217.15.143:2915 -> xxx.yyy.255.118:9898 SYN ******S*
>>Jul 16 00:58:07 221.217.15.143:2920 -> xxx.yyy.255.143:9898 SYN ******S*
>>Jul 16 00:58:07 221.217.15.143:3064 -> xxx.yyy.255.144:9898 SYN ******S*
>>12019
>>
>>Jul 16 23:56:38 220.81.173.235:4620 -> xxx.yyy.133.237:5554 SYN ******S*
>>Jul 16 23:56:39 220.81.173.235:1398 -> xxx.yyy.133.237:1023 SYN ******S*
>>Jul 16 23:56:41 220.81.173.235:3995 -> xxx.yyy.133.237:9898 SYN ******S*
>>Jul 16 23:56:38 220.81.173.235:4619 -> xxx.yyy.133.236:5554 SYN ******S*
>>Jul 16 23:56:39 220.81.173.235:1397 -> xxx.yyy.133.236:1023 SYN ******S*
>>Jul 16 23:56:41 220.81.173.235:3994 -> xxx.yyy.133.236:9898 SYN ******S*
>>Jul 16 23:56:38 220.81.173.235:4622 -> xxx.yyy.133.239:5554 SYN ******S*
>>Jul 16 23:56:39 220.81.173.235:1400 -> xxx.yyy.133.239:1023 SYN ******S*
>>[...]
>>Jul 16 23:57:36 220.81.173.235:2389 -> xxx.yyy.154.100:9898 SYN ******S*
>>Jul 16 23:57:36 220.81.173.235:2309 -> xxx.yyy.154.68:9898 SYN ******S*
>>Jul 16 23:57:36 220.81.173.235:2332 -> xxx.yyy.154.76:9898 SYN ******S*
>>Jul 16 23:57:36 220.81.173.235:2405 -> xxx.yyy.154.88:9898 SYN ******S*
>>Jul 16 23:57:36 220.81.173.235:2339 -> xxx.yyy.154.77:9898 SYN ******S*
>>Jul 16 23:57:36 220.81.173.235:2343 -> xxx.yyy.154.79:9898 SYN ******S*
>>Jul 16 23:57:36 220.81.173.235:2371 -> xxx.yyy.154.61:9898 SYN ******S*
>>Jul 16 23:57:36 220.81.173.235:2375 -> xxx.yyy.154.65:9898 SYN ******S*
>>11875
>>
>>Jul 16 18:04:56 216.150.136.170:60916 -> xxx.yyy.186.138:443 SYN ******S*
>>Jul 16 18:04:56 216.150.136.170:60916 -> xxx.yyy.128.50:443 SYN ******S*
>>Jul 16 18:04:57 216.150.136.170:60916 -> xxx.yyy.194.168:443 SYN ******S*
>>Jul 16 18:04:57 216.150.136.170:60916 -> xxx.yyy.204.246:443 SYN ******S*
>>Jul 16 18:04:58 216.150.136.170:60916 -> xxx.yyy.155.243:443 SYN ******S*
>>Jul 16 18:04:59 216.150.136.170:60916 -> xxx.yyy.130.10:443 SYN ******S*
>>Jul 16 18:05:01 216.150.136.170:60916 -> xxx.yyy.199.25:443 SYN ******S*
>>Jul 16 18:05:01 216.150.136.170:60916 -> xxx.yyy.105.42:443 SYN ******S*
>>[...]
>>Jul 16 20:26:15 216.150.136.170:60916 -> xxx.yyy.164.216:443 SYN ******S*
>>Jul 16 20:26:16 216.150.136.170:60916 -> xxx.yyy.72.22:443 SYN ******S*
>>Jul 16 20:26:17 216.150.136.170:60916 -> xxx.yyy.159.124:443 SYN ******S*
>>Jul 16 20:26:18 216.150.136.170:60916 -> xxx.yyy.66.66:443 SYN ******S*
>>Jul 16 20:26:19 216.150.136.170:60916 -> xxx.yyy.242.170:443 SYN ******S*
>>Jul 16 20:26:19 216.150.136.170:60916 -> xxx.yyy.208.209:443 SYN ******S*
>>Jul 16 20:26:20 216.150.136.170:60916 -> xxx.yyy.233.35:443 SYN ******S*
>>Jul 16 20:26:20 216.150.136.170:60916 -> xxx.yyy.191.170:443 SYN ******S*
>>Jul 16 20:26:22 216.150.136.170:60916 -> xxx.yyy.199.247:443 SYN ******S*
>>11770
>>
>>--
>>- Ken
>>===========================================================================
>>Ken Connelly (KC152) Systems and Operations Manager, ITS - Network Services
>>University of Northern Iowa Cedar Falls, IA 50614-0121
>>email: Ken.Connelly at uni.edu phone: (319) 273-5850 fax: (319) 273-7373
>>_______________________________________________
>>Intrusions mailing list
>>Intrusions at lists.sans.org
>>http://www.dshield.org/mailman/listinfo/intrusions
>>
>>
>>
>_______________________________________________
>Intrusions mailing list
>Intrusions at lists.sans.org
>http://www.dshield.org/mailman/listinfo/intrusions
>
>
More information about the Intrusions
mailing list