[Dshield] Joys of Dynamic IP addresses

Robert Nelson nelsrob at mts.net
Mon Jun 27 22:15:21 GMT 2005


I normally have my machine running all the time, but with the thunderstorm
rolling in, I powered everything down before I trotted off to work.

It appears that when I reconnected via PPPoE, I was lucky enough to get the
IP address of someone who was just previously online with an infested
machine. Note the log from just after I booted up... (Time is in reverse
order, newer at the top) Plenty of responses to probing, there is... Also
note that the one IP address with port 80 as the source is not a website, it
is a dsl subscriber with a dynamic IP.

It got a lot quieter a few minutes after being online, of course. And I
fired off an abuse email to my ISP. Hopefully they will clean up their act!
:)

Robert

Date      	Time       	Dir	Prot	RemIPAddr		RPort	Lcl IP Addr    	L Port
27/06/2005	16:15:15	I  	tcp 	142.161.248.137	80	###.###.###.###	4498
27/06/2005	16:15:15	I  	tcp 	142.161.248.137	80	###.###.###.###	4495
27/06/2005	16:15:15	I  	tcp 	142.161.248.137	80	###.###.###.###	1422
27/06/2005	16:15:15	I  	tcp 	142.161.248.137	80	###.###.###.###	1416
27/06/2005	16:14:27	I  	tcp 	142.161.248.137	80	###.###.###.###	4498
27/06/2005	16:14:27	I  	tcp 	142.161.248.137	80	###.###.###.###	4495
27/06/2005	16:14:27	I  	tcp 	142.161.248.137	80	###.###.###.###	1422
27/06/2005	16:14:27	I  	tcp 	142.161.248.137	80	###.###.###.###	1416
27/06/2005	16:14:03	I  	tcp 	142.161.248.137	80	###.###.###.###	4498
27/06/2005	16:14:03	I  	tcp 	142.161.248.137	80	###.###.###.###	4495
27/06/2005	16:14:03	I  	tcp 	142.161.248.137	80	###.###.###.###	1422
27/06/2005	16:14:03	I  	tcp 	142.161.248.137	80	###.###.###.###	1416
27/06/2005	16:13:51	I  	tcp 	142.161.248.137	80	###.###.###.###	4498
27/06/2005	16:13:51	I  	tcp 	142.161.248.137	80	###.###.###.###	4495
27/06/2005	16:13:51	I  	tcp 	142.161.248.137	80	###.###.###.###	1422
27/06/2005	16:13:51	I  	tcp 	142.161.248.137	80	###.###.###.###	1416
27/06/2005	16:13:45	I  	tcp 	142.161.248.137	80	###.###.###.###	4498
27/06/2005	16:13:45	I  	tcp 	142.161.248.137	80	###.###.###.###	4495
27/06/2005	16:13:45	I  	tcp 	142.161.248.137	80	###.###.###.###	1422
27/06/2005	16:13:45	I  	tcp 	142.161.248.137	80	###.###.###.###	1416
27/06/2005	16:13:42	I  	tcp 	142.161.248.137	80	###.###.###.###	4498
27/06/2005	16:13:42	I  	tcp 	142.161.248.137	80	###.###.###.###	4495
27/06/2005	16:13:42	I  	tcp 	142.161.248.137	80	###.###.###.###	1422
27/06/2005	16:13:42	I  	tcp 	142.161.248.137	80	###.###.###.###	1416
27/06/2005	16:11:15	I  	udp 	221.211.255.12	36666	###.###.###.###	1027
27/06/2005	16:10:12	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	16:09:32	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	16:09:08	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	16:08:28	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	16:08:04	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	16:07:38	I  	tcp 	142.161.121.67	80	###.###.###.###	1758
27/06/2005	16:07:24	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	16:07:00	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	16:06:20	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	16:06:06	I  	tcp 	142.161.175.136	80	###.###.###.###	1928
27/06/2005	16:05:56	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	16:05:16	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	16:05:11	I  	udp 	221.211.255.12	34729	###.###.###.###	1027
27/06/2005	16:05:09	I  	tcp 	142.161.37.211	80	###.###.###.###	1899
27/06/2005	16:04:52	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	16:04:31	I  	udp 	151.199.10.62	50831	###.###.###.###	6346
27/06/2005	16:04:28	I  	tcp 	205.209.167.43	10001	###.###.###.###	1080
27/06/2005	16:04:12	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	16:04:11	I  	udp 	61.152.158.123	37258	###.###.###.###	1026
27/06/2005	16:03:48	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	16:03:18	I  	tcp 	205.209.167.43	10001	###.###.###.###	1080
27/06/2005	16:03:17	I  	tcp 	24.99.88.72		9009	###.###.###.###	1076
27/06/2005	16:03:08	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	16:02:55	I  	tcp 	24.99.88.72		9009	###.###.###.###	1076
27/06/2005	16:02:44	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	16:02:22	I  	tcp 	205.209.167.43	10001	###.###.###.###	1080
27/06/2005	16:02:04	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	16:01:54	I  	tcp 	205.209.167.43	10001	###.###.###.###	1080
27/06/2005	16:01:40	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	16:01:26	I  	tcp 	205.209.167.43	10001	###.###.###.###	1080
27/06/2005	16:01:26	I  	tcp 	142.161.234.175	3101	###.###.###.###	445
27/06/2005	16:01:26	I  	tcp 	205.209.167.43	10001	###.###.###.###	1080
27/06/2005	16:01:23	I  	tcp 	142.161.234.175	3101	###.###.###.###	445
27/06/2005	16:01:00	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	16:00:38	I  	tcp 	221.4.213.4		9000	###.###.###.###	1079
27/06/2005	16:00:36	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	16:00:22	I  	tcp 	221.4.213.4		9000	###.###.###.###	1079
27/06/2005	16:00:21	I  	tcp 	142.161.144.179	80	###.###.###.###	4705
27/06/2005	16:00:07	I  	tcp 	221.4.213.4		9000	###.###.###.###	1079
27/06/2005	15:59:56	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	15:59:40	I  	tcp 	142.161.231.119	445	###.###.###.###	1346
27/06/2005	15:59:35	I  	tcp 	142.161.234.19	445	###.###.###.###	4811
27/06/2005	15:59:35	I  	tcp 	142.161.144.179	80	###.###.###.###	4705
27/06/2005	15:59:35	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	15:59:30	I  	tcp 	142.161.234.19	445	###.###.###.###	4811
27/06/2005	15:59:13	I  	udp 	219.153.20.176	58481	###.###.###.###	1026
27/06/2005	15:59:10	I  	tcp 	142.161.144.179	80	###.###.###.###	4705
27/06/2005	15:59:10	I  	tcp 	142.161.238.129	139	###.###.###.###	1573
27/06/2005	15:59:07	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	15:59:03	I  	tcp 	142.161.230.45	139	###.###.###.###	1569
27/06/2005	15:59:01	I  	tcp 	142.161.231.119	445	###.###.###.###	1346
27/06/2005	15:58:57	I  	tcp 	142.161.144.179	80	###.###.###.###	4705
27/06/2005	15:58:54	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	15:58:51	I  	tcp 	142.161.144.179	80	###.###.###.###	4705
27/06/2005	15:58:48	I  	tcp 	142.161.238.129	139	###.###.###.###	1573
27/06/2005	15:58:48	I  	tcp 	142.161.144.179	80	###.###.###.###	4719
27/06/2005	15:58:48	I  	tcp 	142.161.144.179	80	###.###.###.###	4705
27/06/2005	15:58:45	I  	tcp 	142.161.230.45	139	###.###.###.###	1569
27/06/2005	15:58:42	I  	tcp 	142.161.231.119	445	###.###.###.###	1346
27/06/2005	15:58:42	I  	tcp 	67.19.240.237	8998	###.###.###.###	1082
27/06/2005	15:58:38	I  	tcp 	142.161.238.129	139	###.###.###.###	1573
27/06/2005	15:58:37	I  	tcp 	142.161.230.45	139	###.###.###.###	1569
27/06/2005	15:58:35	I  	tcp 	209.8.255.54	6667	###.###.###.###	2293
27/06/2005	15:58:33	I  	tcp 	142.161.238.129	139	###.###.###.###	1573
27/06/2005	15:58:33	I  	tcp 	142.161.231.119	445	###.###.###.###	1346
27/06/2005	15:58:33	I  	tcp 	142.161.230.45	139	###.###.###.###	1569


More information about the list mailing list