[Intrusions] [LOGS] Summary of large-scale portscanning detects
PK
pakoppan at cox.net
Thu Feb 3 15:58:16 GMT 2005
Ken,
It is a true statement if I don't know what this is I shouldn't be
looking at it.
Anyway I'll try and maybe you will explain this to me so I can get out
of your hair.
Jan 30 19:19:03 61.186.94.251:1816 -> xxx.yyy. 78.70:1025 SYN
******S*
Date Time Whose IP and port? ??????? Whose IP
???? ?????????
--------------------------------------------------------------------------------------
there have been attempts to brute force at least one of our servers > with
over 306 usernames from 140.115.35.159
How this affect me in particular? What is brute force concept? I guess it's
someone trying to pass through and do something nasty.
Is this correct?
If you could set aside a couple of minutes to give me short explanation I'd
appreciate. I'll be learning a lot with the answers.
Thank your for your time
peter
----- Original Message -----
From: <Ken.Connelly at uni.edu>
To: <intrusions at lists.sans.org>
Sent: Monday, January 31, 2005 10:59 AM
Subject: [Intrusions] [LOGS] Summary of large-scale portscanning detects
> The following extracts show the beginning and ending of scan activity
> was detected on my network. The number following each set is the total
> number of probes for that source. Timestamps are GMT-0600.
>
> Jan 30 19:19:03 61.186.94.251:1816 -> xxx.yyy.78.70:1025 SYN ******S*
> Jan 30 19:19:03 61.186.94.251:1845 -> xxx.yyy.78.70:3410 SYN ******S*
> Jan 30 19:19:06 61.186.94.251:1840 -> xxx.yyy.78.70:6129 SYN ******S*
> Jan 30 19:19:03 61.186.94.251:1832 -> xxx.yyy.166.124:1025 SYN ******S*
> Jan 30 19:19:03 61.186.94.251:1841 -> xxx.yyy.166.124:3410 SYN ******S*
> Jan 30 19:19:06 61.186.94.251:1847 -> xxx.yyy.166.124:1433 SYN ******S*
> Jan 30 19:19:03 61.186.94.251:1848 -> xxx.yyy.166.124:5000 SYN ******S*
> Jan 30 19:19:06 61.186.94.251:1843 -> xxx.yyy.166.124:5554 SYN ******S*
> [...]
> Jan 31 00:00:02 61.186.94.251:2062 -> xxx.yyy.212.134:1025 SYN ******S*
> Jan 31 00:00:02 61.186.94.251:2064 -> xxx.yyy.212.134:6129 SYN ******S*
> Jan 31 00:00:02 61.186.94.251:2067 -> xxx.yyy.212.134:5554 SYN ******S*
> Jan 31 00:00:02 61.186.94.251:2068 -> xxx.yyy.212.134:1433 SYN ******S*
> Jan 31 00:00:02 61.186.94.251:2069 -> xxx.yyy.212.134:5000 SYN ******S*
> Jan 31 00:00:02 61.186.94.251:2070 -> xxx.yyy.212.134:80 SYN ******S*
> Jan 31 00:00:02 61.186.94.251:2074 -> xxx.yyy.164.195:1025 SYN ******S*
> Jan 31 00:00:02 61.186.94.251:2076 -> xxx.yyy.164.195:6129 SYN ******S*
> Jan 31 00:00:02 61.186.94.251:1801 -> xxx.yyy.212.181:1025 SYN ******S*
> 174997
>
> Jan 30 07:07:31 65.23.71.13:2949 -> xxx.yyy.1.0:1433 SYN ******S*
> Jan 30 07:07:31 65.23.71.13:2952 -> xxx.yyy.1.1:1433 SYN ******S*
> Jan 30 07:07:31 65.23.71.13:2959 -> xxx.yyy.1.2:1433 SYN ******S*
> Jan 30 07:07:31 65.23.71.13:2961 -> xxx.yyy.1.3:1433 SYN ******S*
> Jan 30 07:07:31 65.23.71.13:2965 -> xxx.yyy.1.4:1433 SYN ******S*
> Jan 30 07:07:31 65.23.71.13:2968 -> xxx.yyy.1.5:1433 SYN ******S*
> Jan 30 07:07:31 65.23.71.13:2973 -> xxx.yyy.1.6:1433 SYN ******S*
> Jan 30 07:07:31 65.23.71.13:2978 -> xxx.yyy.1.7:1433 SYN ******S*
> [...]
> Jan 30 10:58:04 65.23.71.13:3204 -> xxx.yyy.255.249:1433 SYN ******S*
> Jan 30 10:58:04 65.23.71.13:3211 -> xxx.yyy.255.250:1433 SYN ******S*
> Jan 30 10:58:04 65.23.71.13:3199 -> xxx.yyy.255.248:1433 SYN ******S*
> Jan 30 10:58:04 65.23.71.13:3223 -> xxx.yyy.255.252:1433 SYN ******S*
> Jan 30 10:58:04 65.23.71.13:3216 -> xxx.yyy.255.251:1433 SYN ******S*
> Jan 30 10:58:08 65.23.71.13:4623 -> xxx.yyy.255.253:1433 SYN ******S*
> Jan 30 10:58:08 65.23.71.13:4658 -> xxx.yyy.255.254:1433 SYN ******S*
> Jan 30 10:58:11 65.23.71.13:4658 -> xxx.yyy.255.254:1433 SYN ******S*
> Jan 30 10:58:16 65.23.71.13:4623 -> xxx.yyy.255.253:1433 SYN ******S*
> 117481
>
> Jan 30 06:38:19 64.168.95.35:3735 -> xxx.yyy.1.1:1433 SYN ******S*
> Jan 30 06:38:16 64.168.95.35:3738 -> xxx.yyy.1.4:1433 SYN ******S*
> Jan 30 06:38:19 64.168.95.35:3736 -> xxx.yyy.1.2:1433 SYN ******S*
> Jan 30 06:38:19 64.168.95.35:3739 -> xxx.yyy.1.5:1433 SYN ******S*
> Jan 30 06:38:16 64.168.95.35:3737 -> xxx.yyy.1.3:1433 SYN ******S*
> Jan 30 06:38:19 64.168.95.35:3740 -> xxx.yyy.1.6:1433 SYN ******S*
> Jan 30 06:38:19 64.168.95.35:3741 -> xxx.yyy.1.7:1433 SYN ******S*
> Jan 30 06:38:19 64.168.95.35:3742 -> xxx.yyy.1.8:1433 SYN ******S*
> [...]
> Jan 30 06:49:58 64.168.95.35:2360 -> xxx.yyy.255.243:1433 SYN ******S*
> Jan 30 06:49:58 64.168.95.35:2364 -> xxx.yyy.255.247:1433 SYN ******S*
> Jan 30 06:49:58 64.168.95.35:2359 -> xxx.yyy.255.242:1433 SYN ******S*
> Jan 30 06:49:58 64.168.95.35:2369 -> xxx.yyy.255.252:1433 SYN ******S*
> Jan 30 06:49:58 64.168.95.35:2370 -> xxx.yyy.255.253:1433 SYN ******S*
> Jan 30 06:49:58 64.168.95.35:2367 -> xxx.yyy.255.250:1433 SYN ******S*
> Jan 30 06:49:58 64.168.95.35:2371 -> xxx.yyy.255.254:1433 SYN ******S*
> Jan 30 06:49:58 64.168.95.35:2368 -> xxx.yyy.255.251:1433 SYN ******S*
> 71406
>
> Jan 30 06:24:09 210.0.176.66:4372 -> xxx.yyy.1.1:1433 SYN ******S*
> Jan 30 06:24:09 210.0.176.66:4374 -> xxx.yyy.1.2:1433 SYN ******S*
> Jan 30 06:24:09 210.0.176.66:4376 -> xxx.yyy.1.3:1433 SYN ******S*
> Jan 30 06:24:06 210.0.176.66:4378 -> xxx.yyy.1.4:1433 SYN ******S*
> Jan 30 06:24:06 210.0.176.66:4380 -> xxx.yyy.1.5:1433 SYN ******S*
> Jan 30 06:24:09 210.0.176.66:4382 -> xxx.yyy.1.6:1433 SYN ******S*
> Jan 30 06:24:09 210.0.176.66:4384 -> xxx.yyy.1.7:1433 SYN ******S*
> Jan 30 06:24:09 210.0.176.66:4388 -> xxx.yyy.1.8:1433 SYN ******S*
> [...]
> Jan 30 06:35:54 210.0.176.66:4754 -> xxx.yyy.255.245:1433 SYN ******S*
> Jan 30 06:35:54 210.0.176.66:4758 -> xxx.yyy.255.247:1433 SYN ******S*
> Jan 30 06:35:54 210.0.176.66:4762 -> xxx.yyy.255.249:1433 SYN ******S*
> Jan 30 06:35:54 210.0.176.66:4760 -> xxx.yyy.255.248:1433 SYN ******S*
> Jan 30 06:35:54 210.0.176.66:4750 -> xxx.yyy.255.243:1433 SYN ******S*
> Jan 30 06:35:54 210.0.176.66:4768 -> xxx.yyy.255.252:1433 SYN ******S*
> Jan 30 06:35:54 210.0.176.66:4770 -> xxx.yyy.255.253:1433 SYN ******S*
> Jan 30 06:35:54 210.0.176.66:4772 -> xxx.yyy.255.254:1433 SYN ******S*
> 71276
>
> Jan 30 00:00:02 213.251.101.101:1607 -> xxx.yyy.138.191:1433 SYN ******S*
> Jan 30 00:00:04 213.251.101.101:1542 -> xxx.yyy.138.179:1433 SYN ******S*
> Jan 30 00:00:07 213.251.101.101:1717 -> xxx.yyy.138.237:1433 SYN ******S*
> Jan 30 00:00:07 213.251.101.101:1719 -> xxx.yyy.138.238:1433 SYN ******S*
> Jan 30 00:00:07 213.251.101.101:1721 -> xxx.yyy.138.239:1433 SYN ******S*
> Jan 30 00:00:04 213.251.101.101:1660 -> xxx.yyy.138.210:1433 SYN ******S*
> Jan 30 00:00:04 213.251.101.101:1659 -> xxx.yyy.138.209:1433 SYN ******S*
> Jan 30 00:00:07 213.251.101.101:1725 -> xxx.yyy.138.241:1433 SYN ******S*
> [...]
> Jan 30 01:45:17 213.251.101.101:2569 -> xxx.yyy.255.242:1433 SYN ******S*
> Jan 30 01:45:17 213.251.101.101:2567 -> xxx.yyy.255.241:1433 SYN ******S*
> Jan 30 01:45:17 213.251.101.101:2565 -> xxx.yyy.255.240:1433 SYN ******S*
> Jan 30 01:45:17 213.251.101.101:2571 -> xxx.yyy.255.243:1433 SYN ******S*
> Jan 30 01:45:17 213.251.101.101:2573 -> xxx.yyy.255.244:1433 SYN ******S*
> Jan 30 01:45:17 213.251.101.101:2577 -> xxx.yyy.255.246:1433 SYN ******S*
> Jan 30 01:45:18 213.251.101.101:2595 -> xxx.yyy.255.249:1433 SYN ******S*
> Jan 30 01:45:18 213.251.101.101:2605 -> xxx.yyy.255.250:1433 SYN ******S*
> Jan 30 01:45:19 213.251.101.101:2607 -> xxx.yyy.255.251:1433 SYN ******S*
> 70096
>
> Jan 30 07:06:53 210.93.49.151:3433 -> xxx.yyy.1.3:3306 SYN ******S*
> Jan 30 07:06:53 210.93.49.151:3442 -> xxx.yyy.1.8:3306 SYN ******S*
> Jan 30 07:06:53 210.93.49.151:3446 -> xxx.yyy.1.10:3306 SYN ******S*
> Jan 30 07:06:53 210.93.49.151:3448 -> xxx.yyy.1.12:3306 SYN ******S*
> Jan 30 07:06:53 210.93.49.151:3453 -> xxx.yyy.1.16:3306 SYN ******S*
> Jan 30 07:06:53 210.93.49.151:3438 -> xxx.yyy.1.5:3306 SYN ******S*
> Jan 30 07:06:53 210.93.49.151:3444 -> xxx.yyy.1.9:3306 SYN ******S*
> Jan 30 07:06:53 210.93.49.151:3439 -> xxx.yyy.1.6:3306 SYN ******S*
> [...]
> Jan 30 07:10:42 210.93.49.151:1031 -> xxx.yyy.255.231:3306 SYN ******S*
> Jan 30 07:10:42 210.93.49.151:4970 -> xxx.yyy.255.203:3306 SYN ******S*
> Jan 30 07:10:42 210.93.49.151:4987 -> xxx.yyy.255.216:3306 SYN ******S*
> Jan 30 07:10:42 210.93.49.151:1046 -> xxx.yyy.255.241:3306 SYN ******S*
> Jan 30 07:10:42 210.93.49.151:4994 -> xxx.yyy.255.224:3306 SYN ******S*
> Jan 30 07:10:42 210.93.49.151:4985 -> xxx.yyy.255.215:3306 SYN ******S*
> Jan 30 07:10:42 210.93.49.151:1055 -> xxx.yyy.255.250:3306 SYN ******S*
> Jan 30 07:10:42 210.93.49.151:4982 -> xxx.yyy.255.212:3306 SYN ******S*
> Jan 30 07:10:42 210.93.49.151:1058 -> xxx.yyy.255.251:3306 SYN ******S*
> 69639
>
> Jan 30 02:25:34 69.28.77.34:1425 -> xxx.yyy.1.0:6366 SYN ******S*
> Jan 30 02:25:34 69.28.77.34:1426 -> xxx.yyy.1.1:6366 SYN ******S*
> Jan 30 02:25:34 69.28.77.34:1427 -> xxx.yyy.1.2:6366 SYN ******S*
> Jan 30 02:25:36 69.28.77.34:1430 -> xxx.yyy.1.5:6366 SYN ******S*
> Jan 30 02:25:36 69.28.77.34:1431 -> xxx.yyy.1.6:6366 SYN ******S*
> Jan 30 02:25:36 69.28.77.34:1432 -> xxx.yyy.1.7:6366 SYN ******S*
> Jan 30 02:25:34 69.28.77.34:1433 -> xxx.yyy.1.8:6366 SYN ******S*
> Jan 30 02:25:34 69.28.77.34:1434 -> xxx.yyy.1.9:6366 SYN ******S*
> [...]
> Jan 30 02:37:16 69.28.77.34:2135 -> xxx.yyy.255.170:6366 SYN ******S*
> Jan 30 02:37:16 69.28.77.34:2148 -> xxx.yyy.255.180:6366 SYN ******S*
> Jan 30 02:37:16 69.28.77.34:2150 -> xxx.yyy.255.182:6366 SYN ******S*
> Jan 30 02:37:16 69.28.77.34:2147 -> xxx.yyy.255.179:6366 SYN ******S*
> Jan 30 02:37:16 69.28.77.34:2149 -> xxx.yyy.255.181:6366 SYN ******S*
> Jan 30 02:37:16 69.28.77.34:2143 -> xxx.yyy.255.176:6366 SYN ******S*
> Jan 30 02:37:16 69.28.77.34:2146 -> xxx.yyy.255.178:6366 SYN ******S*
> Jan 30 02:37:17 69.28.77.34:2169 -> xxx.yyy.255.201:6366 SYN ******S*
> Jan 30 02:37:17 69.28.77.34:2163 -> xxx.yyy.255.195:6366 SYN ******S*
> 66886
>
> Jan 30 04:35:57 129.74.42.182:4779 -> xxx.yyy.1.1:1521 SYN ******S*
> Jan 30 04:35:57 129.74.42.182:4780 -> xxx.yyy.1.2:1521 SYN ******S*
> Jan 30 04:35:57 129.74.42.182:4781 -> xxx.yyy.1.3:1521 SYN ******S*
> Jan 30 04:35:59 129.74.42.182:4790 -> xxx.yyy.1.12:1521 SYN ******S*
> Jan 30 04:35:57 129.74.42.182:4794 -> xxx.yyy.1.16:1521 SYN ******S*
> Jan 30 04:35:57 129.74.42.182:4797 -> xxx.yyy.1.19:1521 SYN ******S*
> Jan 30 04:35:57 129.74.42.182:4798 -> xxx.yyy.1.20:1521 SYN ******S*
> Jan 30 04:35:57 129.74.42.182:4799 -> xxx.yyy.1.21:1521 SYN ******S*
> [...]
> Jan 30 04:54:04 129.74.42.182:2192 -> xxx.yyy.255.225:1521 SYN ******S*
> Jan 30 04:54:04 129.74.42.182:2212 -> xxx.yyy.255.245:1521 SYN ******S*
> Jan 30 04:54:04 129.74.42.182:2216 -> xxx.yyy.255.249:1521 SYN ******S*
> Jan 30 04:54:04 129.74.42.182:2176 -> xxx.yyy.255.209:1521 SYN ******S*
> Jan 30 04:54:04 129.74.42.182:2184 -> xxx.yyy.255.217:1521 SYN ******S*
> Jan 30 04:54:04 129.74.42.182:2200 -> xxx.yyy.255.233:1521 SYN ******S*
> Jan 30 04:54:04 129.74.42.182:2220 -> xxx.yyy.255.253:1521 SYN ******S*
> Jan 30 04:54:04 129.74.42.182:2196 -> xxx.yyy.255.229:1521 SYN ******S*
> Jan 30 04:54:04 129.74.42.182:2208 -> xxx.yyy.255.241:1521 SYN ******S*
> 65203
>
> Jan 30 20:23:10 199.107.154.1:1205 -> xxx.yyy.64.4:1433 SYN ******S*
> Jan 30 20:23:10 199.107.154.1:1207 -> xxx.yyy.64.6:1433 SYN ******S*
> Jan 30 20:23:13 199.107.154.1:1208 -> xxx.yyy.64.7:1433 SYN ******S*
> Jan 30 20:23:13 199.107.154.1:1209 -> xxx.yyy.64.8:1433 SYN ******S*
> Jan 30 20:23:13 199.107.154.1:1213 -> xxx.yyy.64.11:1433 SYN ******S*
> Jan 30 20:23:10 199.107.154.1:1217 -> xxx.yyy.64.13:1433 SYN ******S*
> Jan 30 20:23:10 199.107.154.1:1221 -> xxx.yyy.64.15:1433 SYN ******S*
> Jan 30 20:23:13 199.107.154.1:1229 -> xxx.yyy.64.19:1433 SYN ******S*
> [...]
> Jan 30 21:49:45 199.107.154.1:1064 -> xxx.yyy.255.241:1433 SYN ******S*
> Jan 30 21:49:45 199.107.154.1:1076 -> xxx.yyy.255.243:1433 SYN ******S*
> Jan 30 21:49:45 199.107.154.1:1078 -> xxx.yyy.255.244:1433 SYN ******S*
> Jan 30 21:49:45 199.107.154.1:1081 -> xxx.yyy.255.246:1433 SYN ******S*
> Jan 30 21:49:45 199.107.154.1:1082 -> xxx.yyy.255.247:1433 SYN ******S*
> Jan 30 21:49:45 199.107.154.1:1079 -> xxx.yyy.255.245:1433 SYN ******S*
> Jan 30 21:49:45 199.107.154.1:1094 -> xxx.yyy.255.252:1433 SYN ******S*
> Jan 30 21:49:45 199.107.154.1:1093 -> xxx.yyy.255.251:1433 SYN ******S*
> Jan 30 21:49:45 199.107.154.1:1092 -> xxx.yyy.255.250:1433 SYN ******S*
> 65185
>
> Jan 30 03:20:09 218.86.57.52:3539 -> xxx.yyy.1.1:42 SYN ******S*
> Jan 30 03:20:09 218.86.57.52:3540 -> xxx.yyy.1.2:42 SYN ******S*
> Jan 30 03:20:06 218.86.57.52:3541 -> xxx.yyy.1.3:42 SYN ******S*
> Jan 30 03:20:09 218.86.57.52:3544 -> xxx.yyy.1.6:42 SYN ******S*
> Jan 30 03:20:06 218.86.57.52:3545 -> xxx.yyy.1.7:42 SYN ******S*
> Jan 30 03:20:06 218.86.57.52:3546 -> xxx.yyy.1.8:42 SYN ******S*
> Jan 30 03:20:09 218.86.57.52:3548 -> xxx.yyy.1.10:42 SYN ******S*
> Jan 30 03:20:06 218.86.57.52:3549 -> xxx.yyy.1.11:42 SYN ******S*
> [...]
> Jan 30 03:31:58 218.86.57.52:3771 -> xxx.yyy.255.192:42 SYN ******S*
> Jan 30 03:31:59 218.86.57.52:3779 -> xxx.yyy.255.200:42 SYN ******S*
> Jan 30 03:31:59 218.86.57.52:3791 -> xxx.yyy.255.212:42 SYN ******S*
> Jan 30 03:31:59 218.86.57.52:3800 -> xxx.yyy.255.221:42 SYN ******S*
> Jan 30 03:31:59 218.86.57.52:3806 -> xxx.yyy.255.227:42 SYN ******S*
> Jan 30 03:31:59 218.86.57.52:3826 -> xxx.yyy.255.247:42 SYN ******S*
> Jan 30 03:31:59 218.86.57.52:3823 -> xxx.yyy.255.244:42 SYN ******S*
> Jan 30 03:31:59 218.86.57.52:3832 -> xxx.yyy.255.253:42 SYN ******S*
> 61437
>
> Jan 30 10:02:49 61.72.251.199:2432 -> xxx.yyy.1.2:2050 SYN ******S*
> Jan 30 10:02:50 61.72.251.199:2434 -> xxx.yyy.1.4:2050 SYN ******S*
> Jan 30 10:02:50 61.72.251.199:2435 -> xxx.yyy.1.5:2050 SYN ******S*
> Jan 30 10:02:50 61.72.251.199:2436 -> xxx.yyy.1.6:2050 SYN ******S*
> Jan 30 10:02:50 61.72.251.199:2437 -> xxx.yyy.1.7:2050 SYN ******S*
> Jan 30 10:02:50 61.72.251.199:2440 -> xxx.yyy.1.10:2050 SYN ******S*
> Jan 30 10:02:49 61.72.251.199:2433 -> xxx.yyy.1.3:2050 SYN ******S*
> Jan 30 10:02:49 61.72.251.199:2441 -> xxx.yyy.1.11:2050 SYN ******S*
> [...]
> Jan 30 10:13:50 61.72.251.199:3267 -> xxx.yyy.255.188:2050 SYN ******S*
> Jan 30 10:13:50 61.72.251.199:3232 -> xxx.yyy.255.153:2050 SYN ******S*
> Jan 30 10:13:50 61.72.251.199:3321 -> xxx.yyy.255.241:2050 SYN ******S*
> Jan 30 10:13:50 61.72.251.199:3281 -> xxx.yyy.255.201:2050 SYN ******S*
> Jan 30 10:13:50 61.72.251.199:3332 -> xxx.yyy.255.252:2050 SYN ******S*
> Jan 30 10:13:50 61.72.251.199:3258 -> xxx.yyy.255.179:2050 SYN ******S*
> Jan 30 10:13:50 61.72.251.199:3297 -> xxx.yyy.255.217:2050 SYN ******S*
> Jan 30 10:13:50 61.72.251.199:3234 -> xxx.yyy.255.155:2050 SYN ******S*
> Jan 30 10:13:50 61.72.251.199:3243 -> xxx.yyy.255.164:2050 SYN ******S*
> 59683
>
> Jan 30 21:31:24 211.47.226.40:3423 -> xxx.yyy.1.12:4899 SYN ******S*
> Jan 30 21:31:24 211.47.226.40:3426 -> xxx.yyy.1.15:4899 SYN ******S*
> Jan 30 21:31:24 211.47.226.40:3419 -> xxx.yyy.1.8:4899 SYN ******S*
> Jan 30 21:31:25 211.47.226.40:3428 -> xxx.yyy.1.17:4899 SYN ******S*
> Jan 30 21:31:27 211.47.226.40:3429 -> xxx.yyy.1.18:4899 SYN ******S*
> Jan 30 21:31:25 211.47.226.40:3433 -> xxx.yyy.1.22:4899 SYN ******S*
> Jan 30 21:31:27 211.47.226.40:3424 -> xxx.yyy.1.13:4899 SYN ******S*
> Jan 30 21:31:24 211.47.226.40:3442 -> xxx.yyy.1.31:4899 SYN ******S*
> [...]
> Jan 30 22:01:54 211.47.226.40:1231 -> xxx.yyy.255.250:4899 SYN ******S*
> Jan 30 22:01:54 211.47.226.40:1218 -> xxx.yyy.255.239:4899 SYN ******S*
> Jan 30 22:01:54 211.47.226.40:1207 -> xxx.yyy.255.228:4899 SYN ******S*
> Jan 30 22:01:54 211.47.226.40:1209 -> xxx.yyy.255.230:4899 SYN ******S*
> Jan 30 22:01:54 211.47.226.40:1216 -> xxx.yyy.255.237:4899 SYN ******S*
> Jan 30 22:01:54 211.47.226.40:1196 -> xxx.yyy.255.218:4899 SYN ******S*
> Jan 30 22:01:54 211.47.226.40:1213 -> xxx.yyy.255.232:4899 SYN ******S*
> Jan 30 22:01:54 211.47.226.40:1201 -> xxx.yyy.255.223:4899 SYN ******S*
> Jan 30 22:01:54 211.47.226.40:1228 -> xxx.yyy.255.248:4899 SYN ******S*
> 55764
>
> Jan 30 03:12:38 213.180.210.35:58749 -> xxx.yyy.148.137:1080 SYN ******S*
> Jan 30 03:12:38 213.180.210.35:59027 -> xxx.yyy.148.137:1075 SYN ******S*
> Jan 30 03:12:38 213.180.210.35:63571 -> xxx.yyy.148.137:80 SYN ******S*
> Jan 30 03:12:38 213.180.210.35:43658 -> xxx.yyy.148.137:81 SYN ******S*
> Jan 30 03:12:38 213.180.210.35:46855 -> xxx.yyy.148.137:3128 SYN ******S*
> Jan 30 03:12:38 213.180.210.35:42684 -> xxx.yyy.148.137:4480 SYN ******S*
> Jan 30 03:12:38 213.180.210.35:36558 -> xxx.yyy.148.137:6588 SYN ******S*
> Jan 30 03:12:38 213.180.210.35:45999 -> xxx.yyy.148.137:8000 SYN ******S*
> [...]
> Jan 30 18:21:16 213.180.210.35:34647 -> xxx.yyy.104.197:12345 SYN ******S*
> Jan 30 18:21:16 213.180.210.35:34647 -> xxx.yyy.104.197:1434 SYN ******S*
> Jan 30 18:52:09 213.180.210.35:43442 -> xxx.yyy.104.197:1976 SYN ******S*
> Jan 30 18:52:09 213.180.210.35:34866 -> xxx.yyy.104.197:1978 SYN ******S*
> Jan 30 18:52:09 213.180.210.35:50979 -> xxx.yyy.104.197:3389 SYN ******S*
> Jan 30 18:52:06 213.180.210.35:43802 -> xxx.yyy.104.197:6500 SYN ******S*
> Jan 30 18:52:09 213.180.210.35:41682 -> xxx.yyy.104.197:1998 SYN ******S*
> Jan 30 18:52:09 213.180.210.35:51678 -> xxx.yyy.104.197:2001 SYN ******S*
> 38068
>
> Jan 30 10:12:20 83.16.176.250:1681 -> xxx.yyy.1.0:1433 SYN ******S*
> Jan 30 10:12:18 83.16.176.250:1685 -> xxx.yyy.1.2:1433 SYN ******S*
> Jan 30 10:12:18 83.16.176.250:1687 -> xxx.yyy.1.3:1433 SYN ******S*
> Jan 30 10:12:20 83.16.176.250:1689 -> xxx.yyy.1.4:1433 SYN ******S*
> Jan 30 10:12:18 83.16.176.250:1691 -> xxx.yyy.1.5:1433 SYN ******S*
> Jan 30 10:12:20 83.16.176.250:1695 -> xxx.yyy.1.7:1433 SYN ******S*
> Jan 30 10:12:20 83.16.176.250:1697 -> xxx.yyy.1.8:1433 SYN ******S*
> Jan 30 10:12:21 83.16.176.250:1699 -> xxx.yyy.1.9:1433 SYN ******S*
> [...]
> Jan 30 11:51:55 83.16.176.250:2324 -> xxx.yyy.111.244:1433 SYN ******S*
> Jan 30 11:51:56 83.16.176.250:2323 -> xxx.yyy.111.243:1433 SYN ******S*
> Jan 30 11:51:56 83.16.176.250:2322 -> xxx.yyy.111.242:1433 SYN ******S*
> Jan 30 11:51:56 83.16.176.250:2329 -> xxx.yyy.111.248:1433 SYN ******S*
> Jan 30 11:51:56 83.16.176.250:2332 -> xxx.yyy.111.249:1433 SYN ******S*
> Jan 30 11:51:56 83.16.176.250:2342 -> xxx.yyy.111.250:1433 SYN ******S*
> Jan 30 11:51:56 83.16.176.250:2344 -> xxx.yyy.111.251:1433 SYN ******S*
> Jan 30 11:51:56 83.16.176.250:2352 -> xxx.yyy.111.255:1433 SYN ******S*
> Jan 30 11:51:56 83.16.176.250:2350 -> xxx.yyy.111.254:1433 SYN ******S*
> 32249
>
> Jan 30 08:32:55 217.235.95.110:3512 -> xxx.yyy.1.1:80 SYN ******S*
> Jan 30 08:32:54 217.235.95.110:3520 -> xxx.yyy.1.9:80 SYN ******S*
> Jan 30 08:32:54 217.235.95.110:3528 -> xxx.yyy.1.17:80 SYN ******S*
> Jan 30 08:32:54 217.235.95.110:3537 -> xxx.yyy.1.26:80 SYN ******S*
> Jan 30 08:32:55 217.235.95.110:3544 -> xxx.yyy.1.33:80 SYN ******S*
> Jan 30 08:32:55 217.235.95.110:3552 -> xxx.yyy.1.41:80 SYN ******S*
> Jan 30 08:32:54 217.235.95.110:3561 -> xxx.yyy.1.50:80 SYN ******S*
> Jan 30 08:32:54 217.235.95.110:3568 -> xxx.yyy.1.57:80 SYN ******S*
> [...]
> Jan 30 08:42:12 217.235.95.110:1693 -> xxx.yyy.255.143:80 SYN ******S*
> Jan 30 08:42:12 217.235.95.110:1694 -> xxx.yyy.255.144:80 SYN ******S*
> Jan 30 08:42:12 217.235.95.110:1695 -> xxx.yyy.255.145:80 SYN ******S*
> Jan 30 08:42:12 217.235.95.110:1696 -> xxx.yyy.255.146:80 SYN ******S*
> Jan 30 08:42:12 217.235.95.110:1697 -> xxx.yyy.255.147:80 SYN ******S*
> Jan 30 08:42:12 217.235.95.110:1698 -> xxx.yyy.255.148:80 SYN ******S*
> Jan 30 08:42:12 217.235.95.110:1699 -> xxx.yyy.255.149:80 SYN ******S*
> Jan 30 08:42:12 217.235.95.110:1781 -> xxx.yyy.255.231:80 SYN ******S*
> 25302
>
> Jan 30 21:47:50 193.77.154.84:23280 -> xxx.yyy.1.6:6101 SYN ******S*
> Jan 30 21:47:50 193.77.154.84:23296 -> xxx.yyy.1.22:6101 SYN ******S*
> Jan 30 21:47:50 193.77.154.84:23293 -> xxx.yyy.1.19:6101 SYN ******S*
> Jan 30 21:47:50 193.77.154.84:23277 -> xxx.yyy.1.3:6101 SYN ******S*
> Jan 30 21:47:50 193.77.154.84:23303 -> xxx.yyy.1.29:6101 SYN ******S*
> Jan 30 21:47:50 193.77.154.84:23287 -> xxx.yyy.1.13:6101 SYN ******S*
> Jan 30 21:47:50 193.77.154.84:23300 -> xxx.yyy.1.26:6101 SYN ******S*
> Jan 30 21:47:50 193.77.154.84:23392 -> xxx.yyy.1.118:6101 SYN ******S*
> [...]
> Jan 30 21:56:08 193.77.154.84:29938 -> xxx.yyy.255.234:6101 SYN ******S*
> Jan 30 21:56:08 193.77.154.84:29954 -> xxx.yyy.255.250:6101 SYN ******S*
> Jan 30 21:56:08 193.77.154.84:29951 -> xxx.yyy.255.247:6101 SYN ******S*
> Jan 30 21:56:08 193.77.154.84:29945 -> xxx.yyy.255.241:6101 SYN ******S*
> Jan 30 21:56:08 193.77.154.84:29958 -> xxx.yyy.255.254:6101 SYN ******S*
> Jan 30 21:56:08 193.77.154.84:29939 -> xxx.yyy.255.235:6101 SYN ******S*
> Jan 30 21:56:08 193.77.154.84:29933 -> xxx.yyy.255.229:6101 SYN ******S*
> Jan 30 21:56:08 193.77.154.84:29946 -> xxx.yyy.255.242:6101 SYN ******S*
> 20414
>
> [...]
> 20411
>
> [...]
> 18272
>
> Jan 30 04:20:29 82.207.60.164:4867 -> xxx.yyy.64.2:1433 SYN ******S*
> Jan 30 04:20:29 82.207.60.164:4864 -> xxx.yyy.64.1:1433 SYN ******S*
> Jan 30 04:20:32 82.207.60.164:4963 -> xxx.yyy.64.12:1433 SYN ******S*
> Jan 30 04:20:30 82.207.60.164:4989 -> xxx.yyy.64.15:1433 SYN ******S*
> Jan 30 04:20:30 82.207.60.164:3015 -> xxx.yyy.64.16:1433 SYN ******S*
> Jan 30 04:20:30 82.207.60.164:4861 -> xxx.yyy.64.0:1433 SYN ******S*
> Jan 30 04:20:30 82.207.60.164:4891 -> xxx.yyy.64.5:1433 SYN ******S*
> Jan 30 04:20:30 82.207.60.164:4940 -> xxx.yyy.64.9:1433 SYN ******S*
> [...]
> Jan 30 05:18:47 82.207.60.164:3884 -> xxx.yyy.128.189:1433 SYN ******S*
> Jan 30 05:18:47 82.207.60.164:4065 -> xxx.yyy.128.199:1433 SYN ******S*
> Jan 30 05:18:47 82.207.60.164:3925 -> xxx.yyy.128.192:1433 SYN ******S*
> Jan 30 05:18:47 82.207.60.164:4173 -> xxx.yyy.128.201:1433 SYN ******S*
> Jan 30 05:18:47 82.207.60.164:4154 -> xxx.yyy.128.200:1433 SYN ******S*
> Jan 30 05:18:47 82.207.60.164:3936 -> xxx.yyy.128.193:1433 SYN ******S*
> Jan 30 05:18:47 82.207.60.164:4217 -> xxx.yyy.128.202:1433 SYN ******S*
> Jan 30 05:18:48 82.207.60.164:4219 -> xxx.yyy.128.203:1433 SYN ******S*
> Jan 30 05:18:49 82.207.60.164:4322 -> xxx.yyy.128.204:1433 SYN ******S*
> 17494
>
> [...]
> 16364
>
> Jan 30 22:32:55 61.52.95.6:2639 -> xxx.yyy.1.2:1433 SYN ******S*
> Jan 30 22:32:58 61.52.95.6:2641 -> xxx.yyy.1.4:1433 SYN ******S*
> Jan 30 22:32:55 61.52.95.6:2642 -> xxx.yyy.1.5:1433 SYN ******S*
> Jan 30 22:32:55 61.52.95.6:2651 -> xxx.yyy.1.10:1433 SYN ******S*
> Jan 30 22:32:55 61.52.95.6:2663 -> xxx.yyy.1.16:1433 SYN ******S*
> Jan 30 22:32:58 61.52.95.6:2640 -> xxx.yyy.1.3:1433 SYN ******S*
> Jan 30 22:32:55 61.52.95.6:2648 -> xxx.yyy.1.8:1433 SYN ******S*
> Jan 30 22:32:58 61.52.95.6:2679 -> xxx.yyy.1.26:1433 SYN ******S*
> [...]
> Jan 30 23:58:14 61.52.95.6:2337 -> xxx.yyy.95.241:1433 SYN ******S*
> Jan 30 23:58:14 61.52.95.6:2351 -> xxx.yyy.95.244:1433 SYN ******S*
> Jan 30 23:58:14 61.52.95.6:2356 -> xxx.yyy.95.245:1433 SYN ******S*
> Jan 30 23:58:14 61.52.95.6:2357 -> xxx.yyy.95.246:1433 SYN ******S*
> Jan 30 23:58:14 61.52.95.6:2362 -> xxx.yyy.95.247:1433 SYN ******S*
> Jan 30 23:58:14 61.52.95.6:2367 -> xxx.yyy.95.248:1433 SYN ******S*
> Jan 30 23:58:15 61.52.95.6:2380 -> xxx.yyy.95.253:1433 SYN ******S*
> Jan 30 23:58:15 61.52.95.6:2378 -> xxx.yyy.95.251:1433 SYN ******S*
> Jan 30 23:58:15 61.52.95.6:2383 -> xxx.yyy.95.254:1433 SYN ******S*
> 15267
>
> Jan 30 16:48:32 64.65.250.71:46373 -> xxx.yyy.1.95:22 SYN ******S*
> Jan 30 16:48:35 64.65.250.71:46427 -> xxx.yyy.1.146:22 SYN ******S*
> Jan 30 16:48:35 64.65.250.71:46388 -> xxx.yyy.1.110:22 SYN ******S*
> Jan 30 16:48:35 64.65.250.71:46389 -> xxx.yyy.1.111:22 SYN ******S*
> Jan 30 16:48:35 64.65.250.71:46390 -> xxx.yyy.1.112:22 SYN ******S*
> Jan 30 16:48:35 64.65.250.71:46391 -> xxx.yyy.1.113:22 SYN ******S*
> Jan 30 16:48:35 64.65.250.71:46392 -> xxx.yyy.1.114:22 SYN ******S*
> Jan 30 16:48:38 64.65.250.71:46494 -> xxx.yyy.1.147:22 SYN ******S*
> [...]
> Jan 30 17:07:01 64.65.250.71:57815 -> xxx.yyy.229.182:22 SYN ******S*
> Jan 30 17:07:04 64.65.250.71:58593 -> xxx.yyy.140.109:22 SYN ******S*
> Jan 30 17:07:07 64.65.250.71:59802 -> xxx.yyy.140.143:22 SYN ******S*
> Jan 30 17:07:08 64.65.250.71:59804 -> xxx.yyy.229.182:22 SYN ******S*
> Jan 30 17:07:10 64.65.250.71:59845 -> xxx.yyy.229.182:22 SYN ******S*
> Jan 30 17:07:15 64.65.250.71:32786 -> xxx.yyy.229.182:22 SYN ******S*
> Jan 30 17:07:20 64.65.250.71:34047 -> xxx.yyy.229.182:22 SYN ******S*
> Jan 30 17:07:22 64.65.250.71:35218 -> xxx.yyy.229.182:22 SYN ******S*
> Jan 30 17:07:28 64.65.250.71:35258 -> xxx.yyy.229.182:22 SYN ******S*
> 10587
>
> Jan 30 00:04:42 220.169.122.17:4968 -> xxx.yyy.214.250:5554 SYN ******S*
> Jan 30 00:04:43 220.169.122.17:1319 -> xxx.yyy.214.250:1023 SYN ******S*
> Jan 30 00:04:45 220.169.122.17:1994 -> xxx.yyy.214.250:9898 SYN ******S*
> Jan 30 00:04:42 220.169.122.17:4978 -> xxx.yyy.214.252:5554 SYN ******S*
> Jan 30 00:04:43 220.169.122.17:1327 -> xxx.yyy.214.252:1023 SYN ******S*
> Jan 30 00:04:42 220.169.122.17:4995 -> xxx.yyy.215.175:5554 SYN ******S*
> Jan 30 00:04:42 220.169.122.17:4997 -> xxx.yyy.215.177:5554 SYN ******S*
> Jan 30 00:04:42 220.169.122.17:4972 -> xxx.yyy.214.255:5554 SYN ******S*
> [...]
> Jan 30 00:05:49 220.169.122.17:4666 -> xxx.yyy.215.167:9898 SYN ******S*
> Jan 30 00:05:49 220.169.122.17:4667 -> xxx.yyy.215.171:9898 SYN ******S*
> Jan 30 00:05:49 220.169.122.17:4618 -> xxx.yyy.215.166:9898 SYN ******S*
> Jan 30 00:05:49 220.169.122.17:4615 -> xxx.yyy.215.148:9898 SYN ******S*
> Jan 30 00:05:49 220.169.122.17:4630 -> xxx.yyy.215.168:9898 SYN ******S*
> Jan 30 00:05:49 220.169.122.17:4632 -> xxx.yyy.215.164:9898 SYN ******S*
> Jan 30 00:05:49 220.169.122.17:4649 -> xxx.yyy.215.170:9898 SYN ******S*
> Jan 30 00:05:49 220.169.122.17:4661 -> xxx.yyy.215.162:9898 SYN ******S*
> 10407
>
> Jan 30 19:53:41 221.168.207.141:2276 -> xxx.yyy.1.0:12345 SYN ******S*
> Jan 30 19:53:41 221.168.207.141:2279 -> xxx.yyy.1.0:3410 SYN ******S*
> Jan 30 19:53:42 221.168.207.141:2278 -> xxx.yyy.1.0:901 SYN ******S*
> Jan 30 19:53:44 221.168.207.141:2281 -> xxx.yyy.1.1:27374 SYN ******S*
> Jan 30 19:53:42 221.168.207.141:2282 -> xxx.yyy.1.1:901 SYN ******S*
> Jan 30 19:53:41 221.168.207.141:2283 -> xxx.yyy.1.1:3410 SYN ******S*
> Jan 30 19:53:44 221.168.207.141:2280 -> xxx.yyy.1.1:12345 SYN ******S*
> Jan 30 19:53:44 221.168.207.141:2284 -> xxx.yyy.1.2:12345 SYN ******S*
> [...]
> Jan 30 20:16:45 221.168.207.141:2771 -> xxx.yyy.20.248:27374 SYN ******S*
> Jan 30 20:16:45 221.168.207.141:2772 -> xxx.yyy.20.248:901 SYN ******S*
> Jan 30 20:16:45 221.168.207.141:2773 -> xxx.yyy.20.248:3410 SYN ******S*
> Jan 30 20:16:47 221.168.207.141:2791 -> xxx.yyy.20.253:27374 SYN ******S*
> Jan 30 20:16:47 221.168.207.141:2792 -> xxx.yyy.20.253:901 SYN ******S*
> Jan 30 20:16:47 221.168.207.141:2795 -> xxx.yyy.20.254:27374 SYN ******S*
> Jan 30 20:16:47 221.168.207.141:2796 -> xxx.yyy.20.254:901 SYN ******S*
> Jan 30 20:16:47 221.168.207.141:2797 -> xxx.yyy.20.254:3410 SYN ******S*
> Jan 30 20:16:47 221.168.207.141:2799 -> xxx.yyy.20.255:27374 SYN ******S*
> 9811
>
> [...]
> 9279
>
> Jan 30 23:56:20 218.76.118.247:1481 -> xxx.yyy.71.161:5554 SYN ******S*
> Jan 30 23:56:21 218.76.118.247:1829 -> xxx.yyy.71.161:1023 SYN ******S*
> Jan 30 23:56:20 218.76.118.247:1483 -> xxx.yyy.71.163:5554 SYN ******S*
> Jan 30 23:56:21 218.76.118.247:1831 -> xxx.yyy.71.163:1023 SYN ******S*
> Jan 30 23:56:23 218.76.118.247:2480 -> xxx.yyy.71.163:9898 SYN ******S*
> Jan 30 23:56:20 218.76.118.247:1499 -> xxx.yyy.71.179:5554 SYN ******S*
> Jan 30 23:56:23 218.76.118.247:2510 -> xxx.yyy.71.179:9898 SYN ******S*
> Jan 30 23:56:20 218.76.118.247:1503 -> xxx.yyy.71.183:5554 SYN ******S*
> [...]
> Jan 30 23:57:24 218.76.118.247:1384 -> xxx.yyy.92.5:9898 SYN ******S*
> Jan 30 23:57:24 218.76.118.247:1429 -> xxx.yyy.92.22:9898 SYN ******S*
> Jan 30 23:57:24 218.76.118.247:1432 -> xxx.yyy.92.24:9898 SYN ******S*
> Jan 30 23:57:24 218.76.118.247:1393 -> xxx.yyy.92.9:9898 SYN ******S*
> Jan 30 23:57:24 218.76.118.247:1395 -> xxx.yyy.92.11:9898 SYN ******S*
> Jan 30 23:57:24 218.76.118.247:1443 -> xxx.yyy.92.26:9898 SYN ******S*
> Jan 30 23:57:24 218.76.118.247:1420 -> xxx.yyy.92.15:9898 SYN ******S*
> Jan 30 23:57:24 218.76.118.247:1430 -> xxx.yyy.92.23:9898 SYN ******S*
> Jan 30 23:57:24 218.76.118.247:1433 -> xxx.yyy.92.25:9898 SYN ******S*
> 8389
>
> --
> - Ken
> ===========================================================================
> Ken Connelly (KC152) Systems and Operations Manager, ITS - Network
> Services
> University of Northern Iowa Cedar Falls, IA
> 50614-0121
> email: Ken.Connelly at uni.edu phone: (319) 273-5850 fax: (319)
> 273-7373
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
More information about the Intrusions
mailing list