[Intrusions] [LOGS] Summary of large-scale portscanning detects
Smith, Donald
Donald.Smith at qwest.com
Wed Mar 16 14:08:47 GMT 2005
Ken, while I will admit I didn't read EVERY report I wanted to say thanks for providing them.
donald.smith at qwest.com giac
________________________________
From: intrusions-bounces at lists.sans.org on behalf of Ken.Connelly at uni.edu
Sent: Tue 3/15/2005 12:35 PM
To: intrusions at lists.sans.org
Subject: [Intrusions] [LOGS] Summary of large-scale portscanning detects
This will be the last of these postings for some unknown interval. As of
today, I am moving on to a newer version of my IDS that logs scans
differently. Dilbert says, "Change is good. You go first." Well, it
seems like it's my turn to go... When I figure out how to easily automate
a similar report from the new format, these may return. Until then, it's
been nice... - ken
The following extracts show the beginning and ending of scan activity
was detected on my network. The number following each set is the total
number of probes for that source. Timestamps are GMT-0600.
Mar 14 11:49:37 195.132.74.109:4591 -> xxx.yyy.1.0:1433 SYN ******S*
Mar 14 11:49:37 195.132.74.109:4592 -> xxx.yyy.1.1:1433 SYN ******S*
Mar 14 11:49:38 195.132.74.109:4800 -> xxx.yyy.1.23:1433 SYN ******S*
Mar 14 11:49:38 195.132.74.109:4801 -> xxx.yyy.1.24:1433 SYN ******S*
Mar 14 11:49:38 195.132.74.109:4796 -> xxx.yyy.1.22:1433 SYN ******S*
Mar 14 11:49:38 195.132.74.109:4795 -> xxx.yyy.1.21:1433 SYN ******S*
Mar 14 11:49:38 195.132.74.109:4802 -> xxx.yyy.1.25:1433 SYN ******S*
Mar 14 11:49:38 195.132.74.109:4836 -> xxx.yyy.1.30:1433 SYN ******S*
[...]
Mar 14 15:21:36 195.132.74.109:4012 -> xxx.yyy.255.193:1433 SYN ******S*
Mar 14 15:21:36 195.132.74.109:4099 -> xxx.yyy.255.196:1433 SYN ******S*
Mar 14 15:21:37 195.132.74.109:4132 -> xxx.yyy.255.204:1433 SYN ******S*
Mar 14 15:21:37 195.132.74.109:4200 -> xxx.yyy.255.207:1433 SYN ******S*
Mar 14 15:21:37 195.132.74.109:4391 -> xxx.yyy.255.219:1433 SYN ******S*
Mar 14 15:21:38 195.132.74.109:4435 -> xxx.yyy.255.237:1433 SYN ******S*
Mar 14 15:21:39 195.132.74.109:4504 -> xxx.yyy.255.242:1433 SYN ******S*
Mar 14 15:21:39 195.132.74.109:4566 -> xxx.yyy.255.253:1433 SYN ******S*
93703
Mar 14 09:13:10 212.143.180.113:1975 -> xxx.yyy.1.0:1433 SYN ******S*
Mar 14 09:13:10 212.143.180.113:1977 -> xxx.yyy.1.1:1433 SYN ******S*
Mar 14 09:13:10 212.143.180.113:1981 -> xxx.yyy.1.3:1433 SYN ******S*
Mar 14 09:13:10 212.143.180.113:1983 -> xxx.yyy.1.4:1433 SYN ******S*
Mar 14 09:13:10 212.143.180.113:1985 -> xxx.yyy.1.5:1433 SYN ******S*
Mar 14 09:13:10 212.143.180.113:1979 -> xxx.yyy.1.2:1433 SYN ******S*
Mar 14 09:13:10 212.143.180.113:1989 -> xxx.yyy.1.7:1433 SYN ******S*
Mar 14 09:13:10 212.143.180.113:1987 -> xxx.yyy.1.6:1433 SYN ******S*
[...]
Mar 14 13:02:54 212.143.180.113:1084 -> xxx.yyy.255.234:1433 SYN ******S*
Mar 14 13:02:54 212.143.180.113:1078 -> xxx.yyy.255.233:1433 SYN ******S*
Mar 14 13:02:55 212.143.180.113:1218 -> xxx.yyy.255.237:1433 SYN ******S*
Mar 14 13:02:55 212.143.180.113:1367 -> xxx.yyy.255.240:1433 SYN ******S*
Mar 14 13:02:55 212.143.180.113:1329 -> xxx.yyy.255.239:1433 SYN ******S*
Mar 14 13:02:55 212.143.180.113:1320 -> xxx.yyy.255.238:1433 SYN ******S*
Mar 14 13:02:55 212.143.180.113:1427 -> xxx.yyy.255.242:1433 SYN ******S*
Mar 14 13:02:55 212.143.180.113:1760 -> xxx.yyy.255.245:1433 SYN ******S*
Mar 14 13:02:56 212.143.180.113:2461 -> xxx.yyy.255.251:1433 SYN ******S*
78937
Mar 14 07:59:16 66.33.236.162:3099 -> xxx.yyy.1.1:6101 SYN ******S*
Mar 14 07:59:16 66.33.236.162:3100 -> xxx.yyy.1.2:6101 SYN ******S*
Mar 14 07:59:13 66.33.236.162:3101 -> xxx.yyy.1.3:6101 SYN ******S*
Mar 14 07:59:16 66.33.236.162:3102 -> xxx.yyy.1.4:6101 SYN ******S*
Mar 14 07:59:16 66.33.236.162:3103 -> xxx.yyy.1.5:6101 SYN ******S*
Mar 14 07:59:16 66.33.236.162:3104 -> xxx.yyy.1.6:6101 SYN ******S*
Mar 14 07:59:16 66.33.236.162:3105 -> xxx.yyy.1.7:6101 SYN ******S*
Mar 14 07:59:16 66.33.236.162:3106 -> xxx.yyy.1.8:6101 SYN ******S*
[...]
Mar 14 08:10:09 66.33.236.162:2041 -> xxx.yyy.255.234:6101 SYN ******S*
Mar 14 08:10:09 66.33.236.162:2042 -> xxx.yyy.255.235:6101 SYN ******S*
Mar 14 08:10:09 66.33.236.162:2043 -> xxx.yyy.255.236:6101 SYN ******S*
Mar 14 08:10:09 66.33.236.162:2044 -> xxx.yyy.255.237:6101 SYN ******S*
Mar 14 08:10:09 66.33.236.162:2045 -> xxx.yyy.255.238:6101 SYN ******S*
Mar 14 08:10:09 66.33.236.162:2046 -> xxx.yyy.255.239:6101 SYN ******S*
Mar 14 08:10:09 66.33.236.162:2047 -> xxx.yyy.255.240:6101 SYN ******S*
Mar 14 08:10:09 66.33.236.162:2048 -> xxx.yyy.255.241:6101 SYN ******S*
Mar 14 08:10:09 66.33.236.162:2049 -> xxx.yyy.255.242:6101 SYN ******S*
73307
Mar 14 08:33:20 66.34.244.12:2827 -> xxx.yyy.1.1:18905 SYN ******S*
Mar 14 08:33:20 66.34.244.12:2830 -> xxx.yyy.1.2:18905 SYN ******S*
Mar 14 08:33:20 66.34.244.12:2833 -> xxx.yyy.1.3:18905 SYN ******S*
Mar 14 08:33:22 66.34.244.12:2836 -> xxx.yyy.1.4:18905 SYN ******S*
Mar 14 08:33:22 66.34.244.12:2839 -> xxx.yyy.1.5:18905 SYN ******S*
Mar 14 08:33:22 66.34.244.12:2842 -> xxx.yyy.1.6:18905 SYN ******S*
Mar 14 08:33:22 66.34.244.12:2845 -> xxx.yyy.1.7:18905 SYN ******S*
Mar 14 08:33:20 66.34.244.12:2848 -> xxx.yyy.1.8:18905 SYN ******S*
[...]
Mar 14 08:47:25 66.34.244.12:2180 -> xxx.yyy.255.245:18905 SYN ******S*
Mar 14 08:47:25 66.34.244.12:2174 -> xxx.yyy.255.243:18905 SYN ******S*
Mar 14 08:47:25 66.34.244.12:2195 -> xxx.yyy.255.250:18905 SYN ******S*
Mar 14 08:47:25 66.34.244.12:2189 -> xxx.yyy.255.248:18905 SYN ******S*
Mar 14 08:47:25 66.34.244.12:2183 -> xxx.yyy.255.246:18905 SYN ******S*
Mar 14 08:47:25 66.34.244.12:2204 -> xxx.yyy.255.253:18905 SYN ******S*
Mar 14 08:47:25 66.34.244.12:2198 -> xxx.yyy.255.251:18905 SYN ******S*
Mar 14 08:47:25 66.34.244.12:2201 -> xxx.yyy.255.252:18905 SYN ******S*
Mar 14 08:47:25 66.34.244.12:2207 -> xxx.yyy.255.254:18905 SYN ******S*
72476
Mar 14 14:00:21 158.130.66.109:3274 -> xxx.yyy.1.1:10203 SYN ******S*
Mar 14 14:00:21 158.130.66.109:3276 -> xxx.yyy.1.2:10203 SYN ******S*
Mar 14 14:00:23 158.130.66.109:3280 -> xxx.yyy.1.4:10203 SYN ******S*
Mar 14 14:00:23 158.130.66.109:3282 -> xxx.yyy.1.5:10203 SYN ******S*
Mar 14 14:00:23 158.130.66.109:3284 -> xxx.yyy.1.6:10203 SYN ******S*
Mar 14 14:00:21 158.130.66.109:3290 -> xxx.yyy.1.9:10203 SYN ******S*
Mar 14 14:00:23 158.130.66.109:3292 -> xxx.yyy.1.10:10203 SYN ******S*
Mar 14 14:00:23 158.130.66.109:3294 -> xxx.yyy.1.11:10203 SYN ******S*
[...]
Mar 14 14:12:09 158.130.66.109:2472 -> xxx.yyy.255.250:10203 SYN ******S*
Mar 14 14:12:09 158.130.66.109:2464 -> xxx.yyy.255.246:10203 SYN ******S*
Mar 14 14:12:09 158.130.66.109:2458 -> xxx.yyy.255.243:10203 SYN ******S*
Mar 14 14:12:09 158.130.66.109:2466 -> xxx.yyy.255.247:10203 SYN ******S*
Mar 14 14:12:09 158.130.66.109:2460 -> xxx.yyy.255.244:10203 SYN ******S*
Mar 14 14:12:09 158.130.66.109:2468 -> xxx.yyy.255.248:10203 SYN ******S*
Mar 14 14:12:09 158.130.66.109:2478 -> xxx.yyy.255.253:10203 SYN ******S*
Mar 14 14:12:09 158.130.66.109:2480 -> xxx.yyy.255.254:10203 SYN ******S*
Mar 14 14:12:09 158.130.66.109:2476 -> xxx.yyy.255.252:10203 SYN ******S*
68677
Mar 14 10:52:56 80.144.97.86:4216 -> xxx.yyy.1.1:3306 SYN ******S*
Mar 14 10:52:59 80.144.97.86:4217 -> xxx.yyy.1.2:3306 SYN ******S*
Mar 14 10:52:59 80.144.97.86:4218 -> xxx.yyy.1.3:3306 SYN ******S*
Mar 14 10:52:59 80.144.97.86:4219 -> xxx.yyy.1.4:3306 SYN ******S*
Mar 14 10:52:59 80.144.97.86:4220 -> xxx.yyy.1.5:3306 SYN ******S*
Mar 14 10:52:59 80.144.97.86:4221 -> xxx.yyy.1.6:3306 SYN ******S*
Mar 14 10:52:59 80.144.97.86:4222 -> xxx.yyy.1.7:3306 SYN ******S*
Mar 14 10:52:56 80.144.97.86:4223 -> xxx.yyy.1.8:3306 SYN ******S*
[...]
Mar 14 11:04:49 80.144.97.86:3883 -> xxx.yyy.255.210:3306 SYN ******S*
Mar 14 11:04:49 80.144.97.86:3884 -> xxx.yyy.255.211:3306 SYN ******S*
Mar 14 11:04:49 80.144.97.86:3885 -> xxx.yyy.255.212:3306 SYN ******S*
Mar 14 11:04:49 80.144.97.86:3886 -> xxx.yyy.255.213:3306 SYN ******S*
Mar 14 11:04:50 80.144.97.86:3908 -> xxx.yyy.255.235:3306 SYN ******S*
Mar 14 11:04:50 80.144.97.86:3913 -> xxx.yyy.255.240:3306 SYN ******S*
Mar 14 11:04:50 80.144.97.86:3917 -> xxx.yyy.255.244:3306 SYN ******S*
Mar 14 11:04:50 80.144.97.86:3927 -> xxx.yyy.255.254:3306 SYN ******S*
67024
Mar 14 20:36:21 202.164.177.10:3418 -> xxx.yyy.1.7:3306 SYN ******S*
Mar 14 20:36:21 202.164.177.10:3413 -> xxx.yyy.1.2:3306 SYN ******S*
Mar 14 20:36:21 202.164.177.10:3414 -> xxx.yyy.1.3:3306 SYN ******S*
Mar 14 20:36:21 202.164.177.10:3415 -> xxx.yyy.1.4:3306 SYN ******S*
Mar 14 20:36:21 202.164.177.10:3419 -> xxx.yyy.1.8:3306 SYN ******S*
Mar 14 20:36:21 202.164.177.10:3416 -> xxx.yyy.1.5:3306 SYN ******S*
Mar 14 20:36:18 202.164.177.10:3417 -> xxx.yyy.1.6:3306 SYN ******S*
Mar 14 20:36:18 202.164.177.10:3422 -> xxx.yyy.1.11:3306 SYN ******S*
[...]
Mar 14 20:39:58 202.164.177.10:2436 -> xxx.yyy.255.186:3306 SYN ******S*
Mar 14 20:39:58 202.164.177.10:2449 -> xxx.yyy.255.199:3306 SYN ******S*
Mar 14 20:39:58 202.164.177.10:2433 -> xxx.yyy.255.183:3306 SYN ******S*
Mar 14 20:39:58 202.164.177.10:2478 -> xxx.yyy.255.228:3306 SYN ******S*
Mar 14 20:39:58 202.164.177.10:2446 -> xxx.yyy.255.196:3306 SYN ******S*
Mar 14 20:39:58 202.164.177.10:2442 -> xxx.yyy.255.192:3306 SYN ******S*
Mar 14 20:39:58 202.164.177.10:2430 -> xxx.yyy.255.180:3306 SYN ******S*
Mar 14 20:39:58 202.164.177.10:2474 -> xxx.yyy.255.224:3306 SYN ******S*
64080
Mar 14 04:30:40 82.225.171.139:1156 -> xxx.yyy.254.40:139 SYN ******S*
Mar 14 04:30:40 82.225.171.139:1157 -> xxx.yyy.244.167:139 SYN ******S*
Mar 14 04:30:40 82.225.171.139:1158 -> xxx.yyy.235.38:139 SYN ******S*
Mar 14 04:30:40 82.225.171.139:1159 -> xxx.yyy.225.165:139 SYN ******S*
Mar 14 04:30:40 82.225.171.139:1160 -> xxx.yyy.216.36:139 SYN ******S*
Mar 14 04:30:40 82.225.171.139:1161 -> xxx.yyy.206.163:139 SYN ******S*
Mar 14 04:30:40 82.225.171.139:1162 -> xxx.yyy.197.34:139 SYN ******S*
Mar 14 04:30:40 82.225.171.139:1163 -> xxx.yyy.187.161:139 SYN ******S*
[...]
Mar 14 10:11:30 82.225.171.139:1643 -> xxx.yyy.10.31:139 SYN ******S*
Mar 14 10:11:31 82.225.171.139:1655 -> xxx.yyy.133.172:139 SYN ******S*
Mar 14 10:11:33 82.225.171.139:1677 -> xxx.yyy.152.174:139 SYN ******S*
Mar 14 10:11:33 82.225.171.139:1682 -> xxx.yyy.79.183:139 SYN ******S*
Mar 14 10:11:34 82.225.171.139:1689 -> xxx.yyy.219.53:139 SYN ******S*
Mar 14 10:11:37 82.225.171.139:1712 -> xxx.yyy.181.49:139 SYN ******S*
Mar 14 10:11:37 82.225.171.139:1713 -> xxx.yyy.105.41:139 SYN ******S*
Mar 14 10:11:41 82.225.171.139:1733 -> xxx.yyy.143.45:139 SYN ******S*
Mar 14 10:11:47 82.225.171.139:1739 -> xxx.yyy.67.37:139 SYN ******S*
44013
Mar 14 22:51:08 211.202.1.127:2494 -> xxx.yyy.1.1:4899 SYN ******S*
Mar 14 22:51:08 211.202.1.127:2501 -> xxx.yyy.1.3:4899 SYN ******S*
Mar 14 22:51:07 211.202.1.127:2510 -> xxx.yyy.1.4:4899 SYN ******S*
Mar 14 22:51:07 211.202.1.127:2514 -> xxx.yyy.1.5:4899 SYN ******S*
Mar 14 22:51:08 211.202.1.127:2499 -> xxx.yyy.1.2:4899 SYN ******S*
Mar 14 22:51:07 211.202.1.127:2523 -> xxx.yyy.1.7:4899 SYN ******S*
Mar 14 22:51:08 211.202.1.127:2529 -> xxx.yyy.1.8:4899 SYN ******S*
Mar 14 22:51:08 211.202.1.127:2534 -> xxx.yyy.1.9:4899 SYN ******S*
[...]
Mar 14 22:56:15 211.202.1.127:1549 -> xxx.yyy.255.192:4899 SYN ******S*
Mar 14 22:56:15 211.202.1.127:1570 -> xxx.yyy.255.203:4899 SYN ******S*
Mar 14 22:56:15 211.202.1.127:1393 -> xxx.yyy.255.148:4899 SYN ******S*
Mar 14 22:56:15 211.202.1.127:1604 -> xxx.yyy.255.218:4899 SYN ******S*
Mar 14 22:56:15 211.202.1.127:1606 -> xxx.yyy.255.219:4899 SYN ******S*
Mar 14 22:56:15 211.202.1.127:1576 -> xxx.yyy.255.206:4899 SYN ******S*
Mar 14 22:56:15 211.202.1.127:1578 -> xxx.yyy.255.207:4899 SYN ******S*
Mar 14 22:56:15 211.202.1.127:1598 -> xxx.yyy.255.214:4899 SYN ******S*
Mar 14 22:56:15 211.202.1.127:1672 -> xxx.yyy.255.242:4899 SYN ******S*
41742
Mar 14 21:20:22 193.92.33.190:3657 -> xxx.yyy.1.2:1433 SYN ******S*
Mar 14 21:20:22 193.92.33.190:3656 -> xxx.yyy.1.0:1433 SYN ******S*
Mar 14 21:20:22 193.92.33.190:3659 -> xxx.yyy.1.4:1433 SYN ******S*
Mar 14 21:20:22 193.92.33.190:3660 -> xxx.yyy.1.5:1433 SYN ******S*
Mar 14 21:20:22 193.92.33.190:3662 -> xxx.yyy.1.7:1433 SYN ******S*
Mar 14 21:20:22 193.92.33.190:3665 -> xxx.yyy.1.10:1433 SYN ******S*
Mar 14 21:20:22 193.92.33.190:3666 -> xxx.yyy.1.11:1433 SYN ******S*
Mar 14 21:20:22 193.92.33.190:3667 -> xxx.yyy.1.12:1433 SYN ******S*
[...]
Mar 14 21:29:58 193.92.33.190:3179 -> xxx.yyy.zzz.230:1433 SYN ******S*
Mar 14 21:29:58 193.92.33.190:3181 -> xxx.yyy.zzz.232:1433 SYN ******S*
Mar 14 21:29:58 193.92.33.190:3191 -> xxx.yyy.zzz.242:1433 SYN ******S*
Mar 14 21:29:58 193.92.33.190:3193 -> xxx.yyy.zzz.244:1433 SYN ******S*
Mar 14 21:29:58 193.92.33.190:3195 -> xxx.yyy.zzz.246:1433 SYN ******S*
Mar 14 21:29:58 193.92.33.190:3197 -> xxx.yyy.zzz.248:1433 SYN ******S*
Mar 14 21:30:01 193.92.33.190:3199 -> xxx.yyy.zzz.250:1433 SYN ******S*
Mar 14 21:30:01 193.92.33.190:3197 -> xxx.yyy.zzz.248:1433 SYN ******S*
Mar 14 21:30:01 193.92.33.190:3202 -> xxx.yyy.zzz.253:1433 SYN ******S*
40077
Mar 14 13:19:58 209.164.23.116:3324 -> xxx.yyy.1.1:10202 SYN ******S*
Mar 14 13:19:58 209.164.23.116:3326 -> xxx.yyy.1.3:10202 SYN ******S*
Mar 14 13:19:58 209.164.23.116:3323 -> xxx.yyy.1.0:10202 SYN ******S*
Mar 14 13:19:58 209.164.23.116:3325 -> xxx.yyy.1.2:10202 SYN ******S*
Mar 14 13:19:58 209.164.23.116:3327 -> xxx.yyy.1.4:10202 SYN ******S*
Mar 14 13:19:58 209.164.23.116:3278 -> xxx.yyy.1.5:10202 SYN ******S*
Mar 14 13:19:58 209.164.23.116:3279 -> xxx.yyy.1.6:10202 SYN ******S*
Mar 14 13:19:58 209.164.23.116:3280 -> xxx.yyy.1.7:10202 SYN ******S*
[...]
Mar 14 13:21:40 209.164.23.116:3287 -> xxx.yyy.255.244:10202 SYN ******S*
Mar 14 13:21:40 209.164.23.116:3285 -> xxx.yyy.255.242:10202 SYN ******S*
Mar 14 13:21:40 209.164.23.116:3289 -> xxx.yyy.255.246:10202 SYN ******S*
Mar 14 13:21:40 209.164.23.116:3293 -> xxx.yyy.255.250:10202 SYN ******S*
Mar 14 13:21:40 209.164.23.116:3291 -> xxx.yyy.255.248:10202 SYN ******S*
Mar 14 13:21:40 209.164.23.116:3295 -> xxx.yyy.255.252:10202 SYN ******S*
Mar 14 13:21:40 209.164.23.116:3296 -> xxx.yyy.255.253:10202 SYN ******S*
Mar 14 13:21:40 209.164.23.116:3294 -> xxx.yyy.255.251:10202 SYN ******S*
Mar 14 13:21:40 209.164.23.116:3297 -> xxx.yyy.255.254:10202 SYN ******S*
39231
Mar 14 23:46:01 68.249.113.26:1976 -> xxx.yyy.1.1:4899 SYN ******S*
Mar 14 23:46:01 68.249.113.26:1977 -> xxx.yyy.1.2:4899 SYN ******S*
Mar 14 23:46:01 68.249.113.26:1978 -> xxx.yyy.1.3:4899 SYN ******S*
Mar 14 23:46:03 68.249.113.26:1979 -> xxx.yyy.1.4:4899 SYN ******S*
Mar 14 23:46:03 68.249.113.26:1980 -> xxx.yyy.1.5:4899 SYN ******S*
Mar 14 23:46:03 68.249.113.26:1981 -> xxx.yyy.1.6:4899 SYN ******S*
Mar 14 23:46:03 68.249.113.26:1982 -> xxx.yyy.1.7:4899 SYN ******S*
Mar 14 23:46:01 68.249.113.26:1983 -> xxx.yyy.1.8:4899 SYN ******S*
[...]
Mar 14 23:59:59 68.249.113.26:1719 -> xxx.yyy.144.150:4899 SYN ******S*
Mar 14 23:59:59 68.249.113.26:1716 -> xxx.yyy.144.147:4899 SYN ******S*
Mar 14 23:59:59 68.249.113.26:1700 -> xxx.yyy.144.131:4899 SYN ******S*
Mar 14 23:59:59 68.249.113.26:1713 -> xxx.yyy.144.144:4899 SYN ******S*
Mar 14 23:59:59 68.249.113.26:1710 -> xxx.yyy.144.141:4899 SYN ******S*
Mar 14 23:59:59 68.249.113.26:1707 -> xxx.yyy.144.138:4899 SYN ******S*
Mar 14 23:59:59 68.249.113.26:1720 -> xxx.yyy.144.151:4899 SYN ******S*
Mar 14 23:59:59 68.249.113.26:1704 -> xxx.yyy.144.135:4899 SYN ******S*
Mar 14 23:59:59 68.249.113.26:1717 -> xxx.yyy.144.148:4899 SYN ******S*
36943
Mar 14 18:50:12 62.211.183.62:1144 -> xxx.yyy.1.7:7100 SYN ******S*
Mar 14 18:50:12 62.211.183.62:1145 -> xxx.yyy.1.8:7100 SYN ******S*
Mar 14 18:50:12 62.211.183.62:1146 -> xxx.yyy.1.9:7100 SYN ******S*
Mar 14 18:50:12 62.211.183.62:1147 -> xxx.yyy.1.10:7100 SYN ******S*
Mar 14 18:50:12 62.211.183.62:1148 -> xxx.yyy.1.11:7100 SYN ******S*
Mar 14 18:50:12 62.211.183.62:1149 -> xxx.yyy.1.12:7100 SYN ******S*
Mar 14 18:50:12 62.211.183.62:1150 -> xxx.yyy.1.13:7100 SYN ******S*
Mar 14 18:50:12 62.211.183.62:1151 -> xxx.yyy.1.14:7100 SYN ******S*
[...]
Mar 14 18:55:20 62.211.183.62:1143 -> xxx.yyy.255.236:7100 SYN ******S*
Mar 14 18:55:20 62.211.183.62:1144 -> xxx.yyy.255.237:7100 SYN ******S*
Mar 14 18:55:20 62.211.183.62:1145 -> xxx.yyy.255.238:7100 SYN ******S*
Mar 14 18:55:20 62.211.183.62:1146 -> xxx.yyy.255.239:7100 SYN ******S*
Mar 14 18:55:20 62.211.183.62:1147 -> xxx.yyy.255.240:7100 SYN ******S*
Mar 14 18:55:20 62.211.183.62:1148 -> xxx.yyy.255.241:7100 SYN ******S*
Mar 14 18:55:20 62.211.183.62:1149 -> xxx.yyy.255.242:7100 SYN ******S*
Mar 14 18:55:20 62.211.183.62:1160 -> xxx.yyy.255.253:7100 SYN ******S*
Mar 14 18:55:20 62.211.183.62:1161 -> xxx.yyy.255.254:7100 SYN ******S*
36231
Mar 14 00:01:41 81.208.28.50:3001 -> xxx.yyy.1.230:6129 SYN ******S*
Mar 14 00:01:41 81.208.28.50:3001 -> xxx.yyy.1.99:6129 SYN ******S*
Mar 14 00:01:41 81.208.28.50:3001 -> xxx.yyy.11.28:6129 SYN ******S*
Mar 14 00:01:41 81.208.28.50:3001 -> xxx.yyy.10.153:6129 SYN ******S*
Mar 14 00:01:41 81.208.28.50:3001 -> xxx.yyy.12.34:6129 SYN ******S*
Mar 14 00:01:41 81.208.28.50:3001 -> xxx.yyy.13.40:6129 SYN ******S*
Mar 14 00:01:41 81.208.28.50:3001 -> xxx.yyy.13.171:6129 SYN ******S*
Mar 14 00:01:41 81.208.28.50:3001 -> xxx.yyy.15.52:6129 SYN ******S*
[...]
Mar 14 07:35:26 81.208.28.50:3001 -> xxx.yyy.253.127:1433 SYN ******S*
Mar 14 07:35:26 81.208.28.50:3001 -> xxx.yyy.247.91:1433 SYN ******S*
Mar 14 07:35:26 81.208.28.50:3001 -> xxx.yyy.248.97:1433 SYN ******S*
Mar 14 07:35:26 81.208.28.50:3001 -> xxx.yyy.255.139:1433 SYN ******S*
Mar 14 07:35:26 81.208.28.50:3001 -> xxx.yyy.249.234:1433 SYN ******S*
Mar 14 07:35:26 81.208.28.50:3001 -> xxx.yyy.251.115:1433 SYN ******S*
Mar 14 07:35:26 81.208.28.50:3001 -> xxx.yyy.252.252:1433 SYN ******S*
Mar 14 07:35:26 81.208.28.50:3001 -> xxx.yyy.254.2:1433 SYN ******S*
28578
Mar 14 12:12:18 81.242.85.160:4032 -> xxx.yyy.1.0:1433 SYN ******S*
Mar 14 12:12:21 81.242.85.160:4082 -> xxx.yyy.1.1:1433 SYN ******S*
Mar 14 12:12:21 81.242.85.160:4163 -> xxx.yyy.1.2:1433 SYN ******S*
Mar 14 12:12:19 81.242.85.160:4351 -> xxx.yyy.1.4:1433 SYN ******S*
Mar 14 12:12:22 81.242.85.160:4419 -> xxx.yyy.1.5:1433 SYN ******S*
Mar 14 12:12:22 81.242.85.160:4454 -> xxx.yyy.1.6:1433 SYN ******S*
Mar 14 12:12:22 81.242.85.160:4509 -> xxx.yyy.1.7:1433 SYN ******S*
Mar 14 12:12:20 81.242.85.160:4569 -> xxx.yyy.1.9:1433 SYN ******S*
[...]
Mar 14 13:53:43 81.242.85.160:3227 -> xxx.yyy.111.248:1433 SYN ******S*
Mar 14 13:53:43 81.242.85.160:2960 -> xxx.yyy.111.246:1433 SYN ******S*
Mar 14 13:53:43 81.242.85.160:3184 -> xxx.yyy.111.247:1433 SYN ******S*
Mar 14 13:53:44 81.242.85.160:3247 -> xxx.yyy.111.249:1433 SYN ******S*
Mar 14 13:53:44 81.242.85.160:3606 -> xxx.yyy.111.250:1433 SYN ******S*
Mar 14 13:53:44 81.242.85.160:4579 -> xxx.yyy.111.252:1433 SYN ******S*
Mar 14 13:53:45 81.242.85.160:4990 -> xxx.yyy.111.253:1433 SYN ******S*
Mar 14 13:53:45 81.242.85.160:1224 -> xxx.yyy.111.254:1433 SYN ******S*
Mar 14 13:53:45 81.242.85.160:1395 -> xxx.yyy.111.255:1433 SYN ******S*
25961
[...]
25504
Mar 14 09:29:10 195.205.112.130:3569 -> xxx.yyy.1.1:1433 SYN ******S*
Mar 14 09:29:10 195.205.112.130:3573 -> xxx.yyy.1.2:1433 SYN ******S*
Mar 14 09:29:10 195.205.112.130:3576 -> xxx.yyy.1.3:1433 SYN ******S*
Mar 14 09:29:10 195.205.112.130:3580 -> xxx.yyy.1.4:1433 SYN ******S*
Mar 14 09:29:10 195.205.112.130:3583 -> xxx.yyy.1.5:1433 SYN ******S*
Mar 14 09:29:10 195.205.112.130:3587 -> xxx.yyy.1.6:1433 SYN ******S*
Mar 14 09:29:10 195.205.112.130:3590 -> xxx.yyy.1.7:1433 SYN ******S*
Mar 14 09:29:10 195.205.112.130:3594 -> xxx.yyy.1.8:1433 SYN ******S*
[...]
Mar 14 11:08:36 195.205.112.130:3593 -> xxx.yyy.111.210:1433 SYN ******S*
Mar 14 11:08:36 195.205.112.130:3768 -> xxx.yyy.111.212:1433 SYN ******S*
Mar 14 11:08:36 195.205.112.130:3823 -> xxx.yyy.111.213:1433 SYN ******S*
Mar 14 11:08:36 195.205.112.130:3831 -> xxx.yyy.111.214:1433 SYN ******S*
Mar 14 11:08:36 195.205.112.130:1946 -> xxx.yyy.111.196:1433 SYN ******S*
Mar 14 11:08:37 195.205.112.130:3968 -> xxx.yyy.111.216:1433 SYN ******S*
Mar 14 11:08:37 195.205.112.130:4000 -> xxx.yyy.111.220:1433 SYN ******S*
Mar 14 11:08:37 195.205.112.130:4007 -> xxx.yyy.111.221:1433 SYN ******S*
Mar 14 11:08:37 195.205.112.130:4009 -> xxx.yyy.111.223:1433 SYN ******S*
19263
Mar 14 05:33:52 220.169.243.139:3673 -> xxx.yyy.1.16:1433 SYN ******S*
Mar 14 05:33:52 220.169.243.139:3732 -> xxx.yyy.1.17:1433 SYN ******S*
Mar 14 05:33:49 220.169.243.139:4402 -> xxx.yyy.1.18:1433 SYN ******S*
Mar 14 05:33:52 220.169.243.139:4260 -> xxx.yyy.1.21:1433 SYN ******S*
Mar 14 05:33:52 220.169.243.139:4360 -> xxx.yyy.1.31:1433 SYN ******S*
Mar 14 05:33:49 220.169.243.139:4814 -> xxx.yyy.1.34:1433 SYN ******S*
Mar 14 05:33:52 220.169.243.139:4304 -> xxx.yyy.1.35:1433 SYN ******S*
Mar 14 05:33:52 220.169.243.139:3737 -> xxx.yyy.1.36:1433 SYN ******S*
[...]
Mar 14 06:34:16 220.169.243.139:4223 -> xxx.yyy.111.221:1433 SYN ******S*
Mar 14 06:34:17 220.169.243.139:3665 -> xxx.yyy.111.223:1433 SYN ******S*
Mar 14 06:34:17 220.169.243.139:3912 -> xxx.yyy.111.238:1433 SYN ******S*
Mar 14 06:34:17 220.169.243.139:3577 -> xxx.yyy.111.239:1433 SYN ******S*
Mar 14 06:34:17 220.169.243.139:4268 -> xxx.yyy.111.240:1433 SYN ******S*
Mar 14 06:34:17 220.169.243.139:4959 -> xxx.yyy.111.243:1433 SYN ******S*
Mar 14 06:34:17 220.169.243.139:4392 -> xxx.yyy.111.246:1433 SYN ******S*
Mar 14 06:34:18 220.169.243.139:4647 -> xxx.yyy.111.253:1433 SYN ******S*
Mar 14 06:34:18 220.169.243.139:3686 -> xxx.yyy.111.252:1433 SYN ******S*
19232
[...]
15987
Mar 14 16:09:27 194.69.214.120:3001 -> xxx.yyy.1.105:6129 SYN ******S*
Mar 14 16:09:27 194.69.214.120:3001 -> xxx.yyy.1.236:6129 SYN ******S*
Mar 14 16:09:27 194.69.214.120:3001 -> xxx.yyy.10.159:6129 SYN ******S*
Mar 14 16:09:27 194.69.214.120:3001 -> xxx.yyy.14.52:6129 SYN ******S*
Mar 14 16:09:27 194.69.214.120:3001 -> xxx.yyy.11.34:6129 SYN ******S*
Mar 14 16:09:27 194.69.214.120:3001 -> xxx.yyy.32.29:6129 SYN ******S*
Mar 14 16:09:27 194.69.214.120:3001 -> xxx.yyy.32.160:6129 SYN ******S*
Mar 14 16:09:27 194.69.214.120:3001 -> xxx.yyy.33.35:6129 SYN ******S*
[...]
Mar 14 23:55:06 194.69.214.120:3001 -> xxx.yyy.252.37:6129 SYN ******S*
Mar 14 23:55:06 194.69.214.120:3001 -> xxx.yyy.252.168:6129 SYN ******S*
Mar 14 23:55:06 194.69.214.120:3001 -> xxx.yyy.253.43:6129 SYN ******S*
Mar 14 23:55:06 194.69.214.120:3001 -> xxx.yyy.253.174:6129 SYN ******S*
Mar 14 23:55:06 194.69.214.120:3001 -> xxx.yyy.254.49:6129 SYN ******S*
Mar 14 23:55:06 194.69.214.120:3001 -> xxx.yyy.254.180:6129 SYN ******S*
Mar 14 23:55:06 194.69.214.120:3001 -> xxx.yyy.255.55:6129 SYN ******S*
Mar 14 23:55:06 194.69.214.120:3001 -> xxx.yyy.255.186:6129 SYN ******S*
14711
Mar 14 22:56:04 220.90.161.187:3447 -> xxx.yyy.235.114:5554 SYN ******S*
Mar 14 22:56:05 220.90.161.187:4161 -> xxx.yyy.235.114:1023 SYN ******S*
Mar 14 22:56:07 220.90.161.187:1490 -> xxx.yyy.235.114:9898 SYN ******S*
Mar 14 22:56:04 220.90.161.187:3445 -> xxx.yyy.235.112:5554 SYN ******S*
Mar 14 22:56:05 220.90.161.187:4159 -> xxx.yyy.235.112:1023 SYN ******S*
Mar 14 22:56:07 220.90.161.187:1486 -> xxx.yyy.235.112:9898 SYN ******S*
Mar 14 22:56:04 220.90.161.187:3446 -> xxx.yyy.235.113:5554 SYN ******S*
Mar 14 22:56:05 220.90.161.187:4160 -> xxx.yyy.235.113:1023 SYN ******S*
[...]
Mar 14 22:56:51 220.90.161.187:2861 -> xxx.yyy.255.139:9898 SYN ******S*
Mar 14 22:56:51 220.90.161.187:2862 -> xxx.yyy.255.140:9898 SYN ******S*
Mar 14 22:56:51 220.90.161.187:2864 -> xxx.yyy.255.142:9898 SYN ******S*
Mar 14 22:56:51 220.90.161.187:2895 -> xxx.yyy.255.145:9898 SYN ******S*
Mar 14 22:56:51 220.90.161.187:2893 -> xxx.yyy.255.144:9898 SYN ******S*
Mar 14 22:56:51 220.90.161.187:2896 -> xxx.yyy.255.146:9898 SYN ******S*
Mar 14 22:56:51 220.90.161.187:2917 -> xxx.yyy.255.147:9898 SYN ******S*
Mar 14 22:56:51 220.90.161.187:2935 -> xxx.yyy.255.150:9898 SYN ******S*
12891
Mar 14 22:56:46 221.146.197.38:3952 -> xxx.yyy.154.100:5554 SYN ******S*
Mar 14 22:56:47 221.146.197.38:4797 -> xxx.yyy.154.100:1023 SYN ******S*
Mar 14 22:56:49 221.146.197.38:2176 -> xxx.yyy.154.100:9898 SYN ******S*
Mar 14 22:56:46 221.146.197.38:3954 -> xxx.yyy.154.101:5554 SYN ******S*
Mar 14 22:56:49 221.146.197.38:2178 -> xxx.yyy.154.101:9898 SYN ******S*
Mar 14 22:56:46 221.146.197.38:3957 -> xxx.yyy.154.102:5554 SYN ******S*
Mar 14 22:56:49 221.146.197.38:2190 -> xxx.yyy.154.102:9898 SYN ******S*
Mar 14 22:56:46 221.146.197.38:3962 -> xxx.yyy.154.104:5554 SYN ******S*
[...]
Mar 14 22:57:34 221.146.197.38:2092 -> xxx.yyy.174.213:9898 SYN ******S*
Mar 14 22:57:34 221.146.197.38:2118 -> xxx.yyy.174.215:9898 SYN ******S*
Mar 14 22:57:34 221.146.197.38:2117 -> xxx.yyy.174.216:9898 SYN ******S*
Mar 14 22:57:34 221.146.197.38:2120 -> xxx.yyy.174.217:9898 SYN ******S*
Mar 14 22:57:34 221.146.197.38:2134 -> xxx.yyy.174.219:9898 SYN ******S*
Mar 14 22:57:34 221.146.197.38:2141 -> xxx.yyy.174.220:9898 SYN ******S*
Mar 14 22:57:34 221.146.197.38:2144 -> xxx.yyy.174.221:9898 SYN ******S*
Mar 14 22:57:34 221.146.197.38:2165 -> xxx.yyy.174.222:9898 SYN ******S*
11235
Mar 14 22:56:42 220.72.27.159:1045 -> xxx.yyy.195.97:5554 SYN ******S*
Mar 14 22:56:43 220.72.27.159:1828 -> xxx.yyy.195.97:1023 SYN ******S*
Mar 14 22:56:45 220.72.27.159:3378 -> xxx.yyy.195.97:9898 SYN ******S*
Mar 14 22:56:42 220.72.27.159:1056 -> xxx.yyy.195.94:5554 SYN ******S*
Mar 14 22:56:43 220.72.27.159:1830 -> xxx.yyy.195.94:1023 SYN ******S*
Mar 14 22:56:45 220.72.27.159:3447 -> xxx.yyy.195.94:9898 SYN ******S*
Mar 14 22:56:42 220.72.27.159:1059 -> xxx.yyy.195.93:5554 SYN ******S*
Mar 14 22:56:43 220.72.27.159:1900 -> xxx.yyy.195.93:1023 SYN ******S*
[...]
Mar 14 22:57:29 220.72.27.159:2441 -> xxx.yyy.215.123:9898 SYN ******S*
Mar 14 22:57:29 220.72.27.159:2474 -> xxx.yyy.215.148:9898 SYN ******S*
Mar 14 22:57:29 220.72.27.159:2470 -> xxx.yyy.215.145:9898 SYN ******S*
Mar 14 22:57:29 220.72.27.159:2471 -> xxx.yyy.215.146:9898 SYN ******S*
Mar 14 22:57:29 220.72.27.159:2484 -> xxx.yyy.215.160:9898 SYN ******S*
Mar 14 22:57:29 220.72.27.159:2485 -> xxx.yyy.215.161:9898 SYN ******S*
Mar 14 22:57:29 220.72.27.159:2486 -> xxx.yyy.215.162:9898 SYN ******S*
Mar 14 22:57:29 220.72.27.159:2808 -> xxx.yyy.215.189:9898 SYN ******S*
Mar 14 22:57:30 220.72.27.159:3142 -> xxx.yyy.195.96:9898 SYN ******S*
10910
[...]
10642
Mar 14 22:56:41 61.207.142.64:2703 -> xxx.yyy.174.228:5554 SYN ******S*
Mar 14 22:56:42 61.207.142.64:3169 -> xxx.yyy.174.228:1023 SYN ******S*
Mar 14 22:56:44 61.207.142.64:4473 -> xxx.yyy.174.228:9898 SYN ******S*
Mar 14 22:56:41 61.207.142.64:2690 -> xxx.yyy.174.222:5554 SYN ******S*
Mar 14 22:56:42 61.207.142.64:3154 -> xxx.yyy.174.222:1023 SYN ******S*
Mar 14 22:56:44 61.207.142.64:4452 -> xxx.yyy.174.222:9898 SYN ******S*
Mar 14 22:56:41 61.207.142.64:2712 -> xxx.yyy.174.229:5554 SYN ******S*
Mar 14 22:56:42 61.207.142.64:3172 -> xxx.yyy.174.229:1023 SYN ******S*
[...]
Mar 14 22:57:24 61.207.142.64:3935 -> xxx.yyy.194.255:9898 SYN ******S*
Mar 14 22:57:24 61.207.142.64:4106 -> xxx.yyy.195.41:9898 SYN ******S*
Mar 14 22:57:24 61.207.142.64:4104 -> xxx.yyy.195.40:9898 SYN ******S*
Mar 14 22:57:24 61.207.142.64:4114 -> xxx.yyy.195.42:9898 SYN ******S*
Mar 14 22:57:24 61.207.142.64:4135 -> xxx.yyy.195.47:9898 SYN ******S*
Mar 14 22:57:24 61.207.142.64:4254 -> xxx.yyy.195.71:9898 SYN ******S*
Mar 14 22:57:24 61.207.142.64:4260 -> xxx.yyy.195.75:9898 SYN ******S*
Mar 14 22:57:24 61.207.142.64:4255 -> xxx.yyy.195.72:9898 SYN ******S*
Mar 14 22:57:24 61.207.142.64:4256 -> xxx.yyy.195.73:9898 SYN ******S*
10632
Mar 14 23:57:36 222.82.220.182:64711 -> xxx.yyy.154.103:5554 SYN ******S*
Mar 14 23:57:37 222.82.220.182:65283 -> xxx.yyy.154.103:1023 SYN ******S*
Mar 14 23:57:36 222.82.220.182:64709 -> xxx.yyy.154.101:5554 SYN ******S*
Mar 14 23:57:37 222.82.220.182:65281 -> xxx.yyy.154.101:1023 SYN ******S*
Mar 14 23:57:39 222.82.220.182:1053 -> xxx.yyy.154.101:9898 SYN ******S*
Mar 14 23:57:36 222.82.220.182:64710 -> xxx.yyy.154.102:5554 SYN ******S*
Mar 14 23:57:37 222.82.220.182:65282 -> xxx.yyy.154.102:1023 SYN ******S*
Mar 14 23:57:39 222.82.220.182:1054 -> xxx.yyy.154.102:9898 SYN ******S*
[...]
Mar 14 23:59:05 222.82.220.182:64740 -> xxx.yyy.174.218:1023 SYN ******S*
Mar 14 23:59:05 222.82.220.182:64741 -> xxx.yyy.174.219:1023 SYN ******S*
Mar 14 23:59:07 222.82.220.182:65016 -> xxx.yyy.174.219:9898 SYN ******S*
Mar 14 23:59:05 222.82.220.182:64743 -> xxx.yyy.174.221:1023 SYN ******S*
Mar 14 23:59:07 222.82.220.182:1181 -> xxx.yyy.174.221:9898 SYN ******S*
Mar 14 23:59:05 222.82.220.182:64742 -> xxx.yyy.174.220:1023 SYN ******S*
Mar 14 23:59:07 222.82.220.182:1180 -> xxx.yyy.174.220:9898 SYN ******S*
Mar 14 23:59:05 222.82.220.182:64744 -> xxx.yyy.174.222:1023 SYN ******S*
Mar 14 23:59:07 222.82.220.182:65017 -> xxx.yyy.174.222:9898 SYN ******S*
10299
--
- Ken
===========================================================================
Ken Connelly (KC152) Systems and Operations Manager, ITS - Network Services
University of Northern Iowa Cedar Falls, IA 50614-0121
email: Ken.Connelly at uni.edu phone: (319) 273-5850 fax: (319) 273-7373
_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions
More information about the Intrusions
mailing list