[Dshield] Drop in attacks

Brian P. Donohue zbd at u.washington.edu
Wed Aug 8 20:22:34 GMT 2001


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I saw HTTP port probes from almost 9,000 uniques hosts between
midnight and noon - that's up from yesterday.

- -----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of John Groseclose
Sent: Wednesday, August 08, 2001 7:47 AM
To: dshield at dshield.org
Subject: Re: [Dshield] Drop in attacks


At 9:16 AM -0400 8/8/01, Paul Marsh wrote:
>I've been digging through my logs and I know I must be jumping the
>gun but it looks like it's stopped?  How is everyone else today?

# tail -500 /var/log/httpd/access_log | grep default.ida | awk 
'{print $1}' | sort -r | uniq
www-iut.unice.fr
p3e9d2ae3.dip.t-dialin.net
p13-dn04kurume.fukuoka.ocn.ne.jp
marsnext.com
lsanca1-ar2-129-033.lsanca1.dsl.gtei.net
hse-toronto-ppp260344.sympatico.ca
hse-toronto-ppp174611.sympatico.ca
hse-toronto-ppp137557.sympatico.ca
hse-toronto-ppp136382.sympatico.ca
hse-ottawa-ppp237458.sympatico.ca
hse-mtl-ppp61627.qc.sympatico.ca
hse-montreal-ppp138813.sympatico.ca
host.nasdsl.com
h-64-105-64-218.phndaz91.covad.net
h-64-105-60-162.hstqtx02.covad.net
dsl081-253-019.sfo1.dsl.speakeasy.net
dsl081-245-132.sfo1.dsl.speakeasy.net
dsl081-244-149.sfo1.dsl.speakeasy.net
dsl081-236-147.lax1.dsl.speakeasy.net
dsl081-235-016.lax1.dsl.speakeasy.net
dsl081-213-011.nyc2.dsl.speakeasy.net
dsl081-206-116.nyc2.dsl.speakeasy.net
dsl081-187-022.sea1.dsl.speakeasy.net
dsl081-161-201.sea1.dsl.speakeasy.net
dsl081-156-226.chi1.dsl.speakeasy.net
dsl081-153-091.chi1.dsl.speakeasy.net
dsl081-153-088.chi1.dsl.speakeasy.net
dsl081-143-240.chi1.dsl.speakeasy.net
dsl081-143-181.chi1.dsl.speakeasy.net
dsl081-134-054.nyc1.dsl.speakeasy.net
dsl081-130-003.nyc1.dsl.speakeasy.net
dsl081-121-157.dfw1.dsl.speakeasy.net
dsl081-087-033.lax1.dsl.speakeasy.net
dsl081-087-008.lax1.dsl.speakeasy.net
dsl081-076-069.sfo1.dsl.speakeasy.net
dsl081-069-250.sfo1.dsl.speakeasy.net
dsl081-066-134.sfo1.dsl.speakeasy.net
dsl081-060-243.sfo1.dsl.speakeasy.net
dsl081-057-098.sfo1.dsl.speakeasy.net
dsl081-054-181.dsl-isp.net
dsl081-052-196.sfo1.dsl.speakeasy.net
dsl081-051-239.sfo1.dsl.speakeasy.net
dsl081-027-173.sea1.dsl.speakeasy.net
dsl081-023-121.sea1.dsl.speakeasy.net
dsl081-021-013.sea1.dsl.speakeasy.net
dsl-64149173107.internetconnect.net
dsl-64-34-204-181.telocity.com
dsl-64-194-244-45.telocity.com
athm-64-232-xxx-98.home.net
amhe896y49ve.bc.hsia.telus.net
am0b7nub47uk.bc.hsia.telus.net
adsl-pool35-88.chicago.il.ameritech.net
adsl-pool33-246.chicago.il.ameritech.net
adsl-pool27-128.chicago.il.ameritech.net
adsl-64-219-118-107.dsl.bumttx.swbell.net
adsl-64-218-245-107.dsl.mdldtx.swbell.net
adsl-64-175-25-34.dsl.snfc21.pacbell.net
adsl-64-173-238-210.dsl.lsan03.pacbell.net
adsl-64-171-77-150.dsl.lsan03.pacbell.net
adsl-64-170-168-122.dsl.lsan03.pacbell.net
adsl-64-167-104-228.dsl.snfc21.pacbell.net
adsl-64-166-194-180.dsl.lsan03.pacbell.net
adsl-64-166-134-132.dsl.snfc21.pacbell.net
adsl-64-165-109-162.dsl.snfc21.pacbell.net
adsl-64-160-176-115.dsl.snfc21.pacbell.net
adsl-64-123-167-161.dsl.rcsntx.swbell.net
adsl-64-109-193-6.cleveland.oh.ameritech.net
adsl-64-108-165-64.chicago.il.ameritech.net
66.121.149.210
64.3.2.98
64.213.155.231
64.120.108.5
40322e7c.ptr.dia.nextlink.net
212.15.166.78
211.51.27.25
211.196.91.221
211.172.179.254
211.114.150.124
211.106.13.157
203.68.188.5
148.209.63.40
114-181.cisco.dsl.cantv.net

And that's just since midnight.
- -- 
John Groseclose
iain at caradoc.org

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO3GfhEZz540guc7SEQIk3QCeOsoTU0Ad4PUpYEobibYf9f58dD0An0Ka
UzeYJN4X7D3OFPOs5Ou51/Yn
=+XDS
-----END PGP SIGNATURE-----




More information about the list mailing list