[Dshield] Joys of Dynamic IP addresses

Al Reust areust at comcast.net
Tue Jun 28 01:04:09 GMT 2005


Robert

I would share this with abuse at yourisp as several of the machines are within 
your network. Explain its only bandwidth that they are paying for...

R/

Al

At 05:15 PM 6/27/2005 -0500, you wrote:
>I normally have my machine running all the time, but with the thunderstorm
>rolling in, I powered everything down before I trotted off to work.
>
>It appears that when I reconnected via PPPoE, I was lucky enough to get the
>IP address of someone who was just previously online with an infested
>machine. Note the log from just after I booted up... (Time is in reverse
>order, newer at the top) Plenty of responses to probing, there is... Also
>note that the one IP address with port 80 as the source is not a website, it
>is a dsl subscriber with a dynamic IP.
>
>It got a lot quieter a few minutes after being online, of course. And I
>fired off an abuse email to my ISP. Hopefully they will clean up their act!
>:)
>
>Robert
>
>Date            Time            Dir     Prot    RemIPAddr 
>RPort   Lcl IP Addr     L Port
>27/06/2005      16:15:15        I       tcp     142.161.248.137 
>80      ###.###.###.### 4498
>27/06/2005      16:15:15        I       tcp     142.161.248.137 
>80      ###.###.###.### 4495
>27/06/2005      16:15:15        I       tcp     142.161.248.137 
>80      ###.###.###.### 1422
>27/06/2005      16:15:15        I       tcp     142.161.248.137 
>80      ###.###.###.### 1416
>27/06/2005      16:14:27        I       tcp     142.161.248.137 
>80      ###.###.###.### 4498
>27/06/2005      16:14:27        I       tcp     142.161.248.137 
>80      ###.###.###.### 4495
>27/06/2005      16:14:27        I       tcp     142.161.248.137 
>80      ###.###.###.### 1422
>27/06/2005      16:14:27        I       tcp     142.161.248.137 
>80      ###.###.###.### 1416
>27/06/2005      16:14:03        I       tcp     142.161.248.137 
>80      ###.###.###.### 4498
>27/06/2005      16:14:03        I       tcp     142.161.248.137 
>80      ###.###.###.### 4495
>27/06/2005      16:14:03        I       tcp     142.161.248.137 
>80      ###.###.###.### 1422
>27/06/2005      16:14:03        I       tcp     142.161.248.137 
>80      ###.###.###.### 1416
>27/06/2005      16:13:51        I       tcp     142.161.248.137 
>80      ###.###.###.### 4498
>27/06/2005      16:13:51        I       tcp     142.161.248.137 
>80      ###.###.###.### 4495
>27/06/2005      16:13:51        I       tcp     142.161.248.137 
>80      ###.###.###.### 1422
>27/06/2005      16:13:51        I       tcp     142.161.248.137 
>80      ###.###.###.### 1416
>27/06/2005      16:13:45        I       tcp     142.161.248.137 
>80      ###.###.###.### 4498
>27/06/2005      16:13:45        I       tcp     142.161.248.137 
>80      ###.###.###.### 4495
>27/06/2005      16:13:45        I       tcp     142.161.248.137 
>80      ###.###.###.### 1422
>27/06/2005      16:13:45        I       tcp     142.161.248.137 
>80      ###.###.###.### 1416
>27/06/2005      16:13:42        I       tcp     142.161.248.137 
>80      ###.###.###.### 4498
>27/06/2005      16:13:42        I       tcp     142.161.248.137 
>80      ###.###.###.### 4495
>27/06/2005      16:13:42        I       tcp     142.161.248.137 
>80      ###.###.###.### 1422
>27/06/2005      16:13:42        I       tcp     142.161.248.137 
>80      ###.###.###.### 1416
>27/06/2005      16:11:15        I       udp     221.211.255.12  36666 
>###.###.###.### 1027
>27/06/2005      16:10:12        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      16:09:32        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      16:09:08        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      16:08:28        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      16:08:04        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      16:07:38        I       tcp     142.161.121.67  80 
>###.###.###.### 1758
>27/06/2005      16:07:24        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      16:07:00        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      16:06:20        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      16:06:06        I       tcp     142.161.175.136 
>80      ###.###.###.### 1928
>27/06/2005      16:05:56        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      16:05:16        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      16:05:11        I       udp     221.211.255.12  34729 
>###.###.###.### 1027
>27/06/2005      16:05:09        I       tcp     142.161.37.211  80 
>###.###.###.### 1899
>27/06/2005      16:04:52        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      16:04:31        I       udp     151.199.10.62   50831 
>###.###.###.### 6346
>27/06/2005      16:04:28        I       tcp     205.209.167.43  10001 
>###.###.###.### 1080
>27/06/2005      16:04:12        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      16:04:11        I       udp     61.152.158.123  37258 
>###.###.###.### 1026
>27/06/2005      16:03:48        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      16:03:18        I       tcp     205.209.167.43  10001 
>###.###.###.### 1080
>27/06/2005      16:03:17        I       tcp     24.99.88.72 
>9009    ###.###.###.### 1076
>27/06/2005      16:03:08        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      16:02:55        I       tcp     24.99.88.72 
>9009    ###.###.###.### 1076
>27/06/2005      16:02:44        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      16:02:22        I       tcp     205.209.167.43  10001 
>###.###.###.### 1080
>27/06/2005      16:02:04        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      16:01:54        I       tcp     205.209.167.43  10001 
>###.###.###.### 1080
>27/06/2005      16:01:40        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      16:01:26        I       tcp     205.209.167.43  10001 
>###.###.###.### 1080
>27/06/2005      16:01:26        I       tcp     142.161.234.175 
>3101    ###.###.###.### 445
>27/06/2005      16:01:26        I       tcp     205.209.167.43  10001 
>###.###.###.### 1080
>27/06/2005      16:01:23        I       tcp     142.161.234.175 
>3101    ###.###.###.### 445
>27/06/2005      16:01:00        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      16:00:38        I       tcp     221.4.213.4 
>9000    ###.###.###.### 1079
>27/06/2005      16:00:36        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      16:00:22        I       tcp     221.4.213.4 
>9000    ###.###.###.### 1079
>27/06/2005      16:00:21        I       tcp     142.161.144.179 
>80      ###.###.###.### 4705
>27/06/2005      16:00:07        I       tcp     221.4.213.4 
>9000    ###.###.###.### 1079
>27/06/2005      15:59:56        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      15:59:40        I       tcp     142.161.231.119 
>445     ###.###.###.### 1346
>27/06/2005      15:59:35        I       tcp     142.161.234.19  445 
>###.###.###.### 4811
>27/06/2005      15:59:35        I       tcp     142.161.144.179 
>80      ###.###.###.### 4705
>27/06/2005      15:59:35        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      15:59:30        I       tcp     142.161.234.19  445 
>###.###.###.### 4811
>27/06/2005      15:59:13        I       udp     219.153.20.176  58481 
>###.###.###.### 1026
>27/06/2005      15:59:10        I       tcp     142.161.144.179 
>80      ###.###.###.### 4705
>27/06/2005      15:59:10        I       tcp     142.161.238.129 
>139     ###.###.###.### 1573
>27/06/2005      15:59:07        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      15:59:03        I       tcp     142.161.230.45  139 
>###.###.###.### 1569
>27/06/2005      15:59:01        I       tcp     142.161.231.119 
>445     ###.###.###.### 1346
>27/06/2005      15:58:57        I       tcp     142.161.144.179 
>80      ###.###.###.### 4705
>27/06/2005      15:58:54        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      15:58:51        I       tcp     142.161.144.179 
>80      ###.###.###.### 4705
>27/06/2005      15:58:48        I       tcp     142.161.238.129 
>139     ###.###.###.### 1573
>27/06/2005      15:58:48        I       tcp     142.161.144.179 
>80      ###.###.###.### 4719
>27/06/2005      15:58:48        I       tcp     142.161.144.179 
>80      ###.###.###.### 4705
>27/06/2005      15:58:45        I       tcp     142.161.230.45  139 
>###.###.###.### 1569
>27/06/2005      15:58:42        I       tcp     142.161.231.119 
>445     ###.###.###.### 1346
>27/06/2005      15:58:42        I       tcp     67.19.240.237   8998 
>###.###.###.### 1082
>27/06/2005      15:58:38        I       tcp     142.161.238.129 
>139     ###.###.###.### 1573
>27/06/2005      15:58:37        I       tcp     142.161.230.45  139 
>###.###.###.### 1569
>27/06/2005      15:58:35        I       tcp     209.8.255.54    6667 
>###.###.###.### 2293
>27/06/2005      15:58:33        I       tcp     142.161.238.129 
>139     ###.###.###.### 1573
>27/06/2005      15:58:33        I       tcp     142.161.231.119 
>445     ###.###.###.### 1346
>27/06/2005      15:58:33        I       tcp     142.161.230.45  139 
>###.###.###.### 1569
>
>_______________________________________________
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list