[Dshield] 1214 (Kazaa) multiple hits & 80 as well

Mercy Mercymail at mindspring.com
Thu Jun 20 22:40:47 GMT 2002


I know that port 1214 is a Kazaa port.  But, this same IP address has been hiting me on that port for 2 days now!  This is just from today, from the last time I sent my log in.

Funny thing is, I don't run Kazaa or any other File Sharing utilities.  Just wonder what he's up to?

2002-06-20 04:52:25 -04:00 | 79048637 | 1 | 12.229.206.56 | 1131 | 165.xxx.xxx.xxx | 1214 | TCP | S
2002-06-20 05:01:57 -04:00 | 79048637 | 1 | 12.229.206.56 | 1155 | 165.xxx.xxx.xxx| 1214 | TCP | S

2002-06-20 05:10:58 -04:00 | 79048637 | 1 | 12.229.206.56 | 1178 | 165.xxx.xxx.xxx| 1214 | TCP | S

2002-06-20 05:19:39 -04:00 | 79048637 | 1 | 12.229.206.56 | 1200 | 165.xxx.xxx.xxx| 1214 | TCP | S

2002-06-20 05:29:42 -04:00 | 79048637 | 1 | 12.229.206.56 | 1225 | 165.xxx.xxx.xxx| 1214 | TCP | S

2002-06-20 05:40:07 -04:00 | 79048637 | 1 | 12.229.206.56 | 1247 | 165.xxx.xxx.xxx| 1214 | TCP | S

Then..... This guy keeps scanning port 80.  The IP is very close to mine.  Notice that the attacker's ip changes from 165.247.115.148 to 165.247.88.159 and other 165.247.xx.xxx variations.  DO you think it is the same person?

2002-06-20 07:36:31 -04:00 | 79048637 | 1 | 165.247.115.148 | 2076 | 165.xxx.xxx.xxx| 80 | TCP | S

2002-06-20 07:38:19 -04:00 | 79048637 | 1 | 165.247.115.148 | 4696 | 165.xxx.xxx.xxx| 80 | TCP | S

2002-06-20 07:43:59 -04:00 | 79048637 | 1 | 165.247.115.148 | 1343 | 165.xxx.xxx.xxx| 80 | TCP | S

2002-06-20 09:49:28 -04:00 | 79048637 | 1 | 165.247.88.159 | 1545 | 165.xxx.xxx.xxx| 80 | TCP | S

2002-06-20 10:53:01 -04:00 | 79048637 | 1 | 165.247.91.116 | 4940 | 165.xxx.xxx.xxx | 80 | TCP | S

2002-06-20 11:29:00 -04:00 | 79048637 | 1 | 165.247.91.116 | 4900 | 165.xxx.xxx.xxx| 80 | TCP | S

2002-06-20 12:27:20 -04:00 | 79048637 | 1 | 165.247.64.234 | 4453 | 165.xxx.xxx.xxx| 80 | TCP | S

2002-06-20 12:32:16 -04:00 | 79048637 | 1 | 165.247.211.118 | 3101 | 165.xxx.xxx.xxx| 80 | TCP | S

2002-06-20 13:16:05 -04:00 | 79048637 | 1 | 165.247.91.116 | 1663 | 165.xxx.xxx.xxx| 80 | TCP | S

2002-06-20 13:21:49 -04:00 | 79048637 | 1 | 165.247.91.116 | 2267 | 165.xxx.xxx.xxx| 80 | TCP | S

2002-06-20 15:05:41 -04:00 | 79048637 | 1 | 165.247.108.69 | 3185 | 165.xxx.xxx.xxx| 80 | TCP | S

What do you guys think?

Mercy




Mercy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20020620/bdd9a099/attachment.htm


More information about the list mailing list