[Dshield] Need Suggestions

Jonathan C. Webster jwebster03 at snet.net
Fri Jun 24 01:55:29 GMT 2005



Mike Wydra wrote:

> I'm trying to do my part by reporting hits 

  This range is 222.189.38.2 - 222.189.38.34. The scans are being directed against my ports 1026 and 1027

Several source IP's send UDP probes to these ports.

The appended  is from my DSHIELD format logs from yesterday , summarized with

echo 'Sources and target port'
cut -f4,7,8 $1|sort -n | uniq -c | gawk '$1 > 1'

The first "$1" is the dshield log bunch from yesterday.

I gather this stuff is "icq instant message" spam directed at Microsoft machines.

Best to all,
Jonathan Webster
______________________snip___________________________

Sources and target port
       6 61.152.158.111  1026    UDP
       2 61.152.158.111  1027    UDP
       4 61.152.158.123  1026    UDP
       3 61.152.158.123  1027    UDP
       3 61.152.158.124  1026    UDP
      11 61.152.158.152  1026    UDP
       8 61.152.158.152  1027    UDP
       7 61.172.246.74   1026    UDP
      17 61.235.154.103  1026    UDP
      13 61.235.154.103  1027    UDP
       6 61.235.154.90   1026    UDP
       5 61.235.154.90   1027    UDP
      33 61.235.154.92   1026    UDP
      32 61.235.154.92   1027    UDP
       7 61.53.154.89    1026    UDP
       5 61.53.154.89    1027    UDP
       2 61.53.154.93    1026    UDP
       2 61.53.154.93    1027    UDP
       2 63.84.19.21     15118   TCP
       2 69.0.10.203     1433    TCP
       2 69.0.73.153     1433    TCP
       2 70.85.177.210   1026    UDP
       4 70.85.177.74    1026    UDP
       2 70.85.177.74    1027    UDP
       9 70.85.178.66    1026    UDP
       4 202.103.86.66   1026    UDP
       4 202.103.86.66   1027    UDP
       6 218.12.197.181  1026    UDP
       4 218.12.197.181  1027    UDP
      10 218.66.104.139  1026    UDP
       5 218.66.104.140  1026    UDP
       5 218.66.104.140  1027    UDP
       3 218.83.153.58   1026    UDP
       2 218.83.153.58   1027    UDP
      31 219.150.118.46  1026    UDP
       4 220.168.156.71  1026    UDP
       5 220.175.8.56    1026    UDP
       3 221.10.201.162  1026    UDP
       3 221.10.201.162  1027    UDP
       3 221.211.255.12  1026    UDP
       5 222.136.251.117 1026    UDP
       4 222.136.251.117 1027    UDP
      22 222.136.251.120 1026    UDP
      18 222.136.251.120 1027    UDP
      11 222.136.251.121 1026    UDP
       7 222.136.251.121 1027    UDP
       7 222.141.69.131  1026    UDP
       3 222.174.34.158  1026    UDP
       3 222.208.168.145 1026    UDP
       8 222.208.168.145 1027    UDP
       7 222.223.135.2   1026    UDP
       6 222.223.135.2   1027    UDP



More information about the list mailing list