[Dshield] Noise or a methodical approach?

Ken Robertson dshield at kenrobertson.com
Sat Jan 17 13:38:14 GMT 2004


On Saturday, January 17, 2004 2:37 AM,
Glenn Jarvis <gaj at sympatico.ca> wrote:

> Forgive the length.... I noticed this in my logs this morning while I
> was going through them. Two sources , mostly from 207.44.200.14
> This just noise?
>
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60716
> Rule: Default deny
> Jan/15/2004 17:25:46
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60838
> Rule: Default deny
> Jan/15/2004 17:25:42
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60819
> Rule: Default deny
> Jan/15/2004 17:25:41
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60777
> Rule: Default deny
> Jan/15/2004 17:25:40
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60838
> Rule: Default deny
> Jan/15/2004 17:25:38
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60768
> Rule: Default deny
> Jan/15/2004 17:25:37
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60797
> Rule: Default deny
> Jan/15/2004 17:25:37
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60819
> Rule: Default deny
> Jan/15/2004 17:25:34
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60750
> Rule: Default deny
> Jan/15/2004 17:25:31
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60797
> Rule: Default deny
> Jan/15/2004 17:25:29
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60777
> Rule: Default deny
> Jan/15/2004 17:25:28
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60645
> Rule: Default deny
> Jan/15/2004 17:25:27
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60473
> Rule: Default deny
> Jan/15/2004 17:25:26
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60768
> Rule: Default deny
> Jan/15/2004 17:25:24
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60468
> Rule: Default deny
> Jan/15/2004 17:25:23
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60777
> Rule: Default deny
> Jan/15/2004 17:25:23
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60716
> Rule: Default deny
> Jan/15/2004 17:25:22
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60750
> Rule: Default deny
> Jan/15/2004 17:25:21
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60466
> Rule: Default deny
> Jan/15/2004 17:25:20
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60768
> Rule: Default deny
> Jan/15/2004 17:25:17
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60459
> Rule: Default deny
> Jan/15/2004 17:25:17
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60750
> Rule: Default deny
> Jan/15/2004 17:25:11
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60716
> Rule: Default deny
> Jan/15/2004 17:25:11
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60439
> Rule: Default deny
> Jan/15/2004 17:25:09
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60435
> Rule: Default deny
> Jan/15/2004 17:25:04
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60558
> Rule: Default deny
> Jan/15/2004 17:25:04
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60645
> Rule: Default deny
> Jan/15/2004 17:25:04
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60430
> Rule: Default deny
> Jan/15/2004 17:24:58
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60415
> Rule: Default deny
> Jan/15/2004 17:24:52
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60645
> Rule: Default deny
> Jan/15/2004 17:24:49
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60391
> Rule: Default deny
> Jan/15/2004 17:24:46
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60645
> Rule: Default deny
> Jan/15/2004 17:24:40
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60558
> Rule: Default deny
> Jan/15/2004 17:24:39
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60473
> Rule: Default deny
> Jan/15/2004 17:24:37
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60468
> Rule: Default deny
> Jan/15/2004 17:24:34
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60466
> Rule: Default deny
> Jan/15/2004 17:24:30
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60459
> Rule: Default deny
> Jan/15/2004 17:24:28
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60558
> Rule: Default deny
> Jan/15/2004 17:24:23
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60439
> Rule: Default deny
> Jan/15/2004 17:24:22
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60558
> Rule: Default deny
> Jan/15/2004 17:24:21
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60435
> Rule: Default deny
> Jan/15/2004 17:24:16
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60430
> Rule: Default deny
> Jan/15/2004 17:24:15
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60473
> Rule: Default deny
> Jan/15/2004 17:24:13
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60468
> Rule: Default deny
> Jan/15/2004 17:24:10
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60466
> Rule: Default deny
> Jan/15/2004 17:24:10
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60415
> Rule: Default deny
> Jan/15/2004 17:24:06
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60459
> Rule: Default deny
> Jan/15/2004 17:24:05
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60272
> Rule: Default deny
> Jan/15/2004 17:24:03
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60473
> Rule: Default deny
> Jan/15/2004 17:24:02
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60270
> Rule: Default deny
> Jan/15/2004 17:24:01
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60391
> Rule: Default deny
> Jan/15/2004 17:24:01
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60468
> Rule: Default deny
> Jan/15/2004 17:23:59
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60439
> Rule: Default deny
> Jan/15/2004 17:23:59
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60265
> Rule: Default deny
> Jan/15/2004 17:23:58
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60466
> Rule: Default deny
> Jan/15/2004 17:23:57
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60473
> Rule: Default deny
> Jan/15/2004 17:23:57
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60435
> Rule: Default deny
> Jan/15/2004 17:23:55
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60468
> Rule: Default deny
> Jan/15/2004 17:23:52
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60466
> Rule: Default deny
> Jan/15/2004 17:23:52
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60430
> Rule: Default deny
> Jan/15/2004 17:23:50
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60224
> Rule: Default deny
> Jan/15/2004 17:23:48
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60459
> Rule: Default deny
> Jan/15/2004 17:23:47
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60439
> Rule: Default deny
> Jan/15/2004 17:23:46
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60415
> Rule: Default deny
> Jan/15/2004 17:23:45
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60435
> Rule: Default deny
> Jan/15/2004 17:23:41
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60439
> Rule: Default deny
> Jan/15/2004 17:23:40
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60430
> Rule: Default deny
> Jan/15/2004 17:23:40
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60183
> Rule: Default deny
> Jan/15/2004 17:23:39
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60435
> Rule: Default deny
> Jan/15/2004 17:23:38
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60391
> Rule: Default deny
> Jan/15/2004 17:23:34
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60430
> Rule: Default deny
> Jan/15/2004 17:23:34
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60415
> Rule: Default deny
> Jan/15/2004 17:23:31
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60142
> Rule: Default deny
> Jan/15/2004 17:23:28
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60415
> Rule: Default deny
> Jan/15/2004 17:23:28
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60140
> Rule: Default deny
> Jan/15/2004 17:23:26
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60391
> Rule: Default deny
> Jan/15/2004 17:23:25
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60134
> Rule: Default deny
> Jan/15/2004 17:23:20
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60391
> Rule: Default deny
> Jan/15/2004 17:23:17
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60272
> Rule: Default deny
> Jan/15/2004 17:23:14
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60270
> Rule: Default deny
> Jan/15/2004 17:23:13
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60086
> Rule: Default deny
> Jan/15/2004 17:23:11
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60265
> Rule: Default deny
> Jan/15/2004 17:23:05
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60066
> Rule: Default deny
> Jan/15/2004 17:23:02
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60224
> Rule: Default deny
> Jan/15/2004 17:23:02
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60063
> Rule: Default deny
> Jan/15/2004 17:22:53
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60272
> Rule: Default deny
> Jan/15/2004 17:22:52
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60183
> Rule: Default deny
> Jan/15/2004 17:22:51
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60270
> Rule: Default deny
> Jan/15/2004 17:22:48
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60265
> Rule: Default deny
> Jan/15/2004 17:22:47
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60022
> Rule: Default deny
> Jan/15/2004 17:22:43
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60142
> Rule: Default deny
> Jan/15/2004 17:22:41
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60272
> Rule: Default deny
> Jan/15/2004 17:22:40
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60140
> Rule: Default deny
> Jan/15/2004 17:22:38
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60270
> Rule: Default deny
> Jan/15/2004 17:22:38
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60224
> Rule: Default deny
> Jan/15/2004 17:22:37
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60134
> Rule: Default deny
> Jan/15/2004 17:22:36
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60265
> Rule: Default deny
> Jan/15/2004 17:22:35
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60272
> Rule: Default deny
> Jan/15/2004 17:22:33
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60270
> Rule: Default deny
> Jan/15/2004 17:22:30
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60265
> Rule: Default deny
> Jan/15/2004 17:22:28
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60183
> Rule: Default deny
> Jan/15/2004 17:22:26
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60224
> Rule: Default deny
> Jan/15/2004 17:22:25
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60086
> Rule: Default deny
> Jan/15/2004 17:22:20
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60224
> Rule: Default deny
> Jan/15/2004 17:22:19
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60142
> Rule: Default deny
> Jan/15/2004 17:22:17
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60066
> Rule: Default deny
> Jan/15/2004 17:22:16
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60183
> Rule: Default deny
> Jan/15/2004 17:22:16
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60140
> Rule: Default deny
> Jan/15/2004 17:22:14
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60063
> Rule: Default deny
> Jan/15/2004 17:22:13
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60134
> Rule: Default deny
> Jan/15/2004 17:22:11
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60183
> Rule: Default deny
> Jan/15/2004 17:22:07
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60142
> Rule: Default deny
> Jan/15/2004 17:22:04
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60140
> Rule: Default deny
> Jan/15/2004 17:22:01
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60134
> Rule: Default deny
> Jan/15/2004 17:22:01
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60142
> Rule: Default deny
> Jan/15/2004 17:22:01
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60086
> Rule: Default deny
> Jan/15/2004 17:22:00
>   Drop TCP packet from WAN src:216.130.185.122:80
> dst:67.70.202.103:1988
> Rule: Default deny
> Jan/15/2004 17:22:00
>   Drop TCP packet from WAN src:207.46.203.26:80 dst:67.70.202.103:1991
> Rule: Default deny
> Jan/15/2004 17:21:59
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60022
> Rule: Default deny
> Jan/15/2004 17:21:58
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60140
> Rule: Default deny
> Jan/15/2004 17:21:55
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60134
> Rule: Default deny
> Jan/15/2004 17:21:54
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60066
> Rule: Default deny
> Jan/15/2004 17:21:51
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60063
> Rule: Default deny
> Jan/15/2004 17:21:49
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60086
> Rule: Default deny
> Jan/15/2004 17:21:43
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60086
> Rule: Default deny
> Jan/15/2004 17:21:41
>   Drop TCP packet from WAN src:207.46.203.26:80 dst:67.70.202.103:1990
> Rule: Default deny
> Jan/15/2004 17:21:39
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60063
> Rule: Default deny
> Jan/15/2004 17:21:36
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60066
> Rule: Default deny
> Jan/15/2004 17:21:33
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60063
> Rule: Default deny
> Jan/15/2004 17:21:29
>   Drop TCP packet from WAN src:216.130.185.122:80
> dst:67.70.202.103:1988
> Rule: Default deny
> Jan/15/2004 17:21:23
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60022
> Rule: Default deny
> Jan/15/2004 17:21:17
>   Drop TCP packet from WAN src:207.44.200.14:80
> dst:67.70.202.103:60022
> Rule: Default deny
> Jan/15/2004 17:21:14
>   Drop TCP packet from WAN src:216.130.185.122:80
> dst:67.70.202.103:1988
> Rule: Default deny

G'day,
Looks like a web hosting site.  The packets are from 80 (web server) to
various (browser).  Who was administering a remote web server?
-- 
Regards
Ken

When things just can't get any worse, they will !




More information about the list mailing list