scans on 2002/03/12

Tom Perrine tep at SDSC.EDU
Thu Mar 14 06:24:43 GMT 2002


Here's the summary from our class-B net ("next door" to Pat's, BTW).

We did see some FTP, but there was a lot of other stuff going on, too.

The "sendmail" activity is people probing for open relays, BTW.  That
seems to have picked up quite a bit lately.  There was other stuff
going on that was abnormally high for us for that day.  For example,
almost 12,000 RPC probes in a 24 hour period.  Some 'sploits just
never die :-)  As for TELNET (and FTP) we haven't supported those
protocols from "outside" since 1997.

I've sanitized this a little bit so some of the totals may be slightly
inconsistent.

Source IP addresses have NOT been changed.

--tep

                    Activity Report For 2001/12/21
  Class       Name       Service      Remote Host    Targets Total
- --------- ------------ ------------ ---------------- ------- -----
attempt   login        ftpd         66.125.11.250          1     1
attempt   login        ftpd         192.168.244.174        2     2
attempt   login        ftpd         193.252.188.159       15    27
attempt   login        ftpd         213.93.107.112         6    10
attempt   login        ftpd         217.230.7.26          16    29
attempt   login        sshd                                4    10
probe     axfr         named        24.27.217.148          1     1
probe     axfr         named        128.54.16.2            1    11
probe     axfr         named        132.249.20.87          1     1
probe     axfr         named        132.249.80.100         1     3
probe     axfr         named        132.249.80.200         1     2
probe     axfr         named        141.211.125.15         1     8
probe     axfr         named        198.202.70.84          1     2
probe     axfr         named        198.202.75.26          1    10
probe     connection   ftpd         61.186.207.134         1     2
probe     connection   ftpd         132.239.50.9           1     1
probe     connection   ftpd         144.92.243.120         1     2
probe     connection   ftpd         161.111.160.216        1     2
probe     connection   ftpd         192.31.21.37           2     2
probe     connection   ftpd         198.60.246.76          1     3
probe     connection   ftpd         209.245.32.115         1     3
probe     connection   ftpd         212.129.144.168        1     1
probe     connection   ftpd         213.93.107.112         3    75
probe     connection   imapd        24.19.186.120          1     1
probe     connection   imapd        66.74.208.219          1    21
probe     connection   netlive.test 24.232.152.3           1     1
probe     connection   rpc.rstatd                          2 11982
probe     connection   telnetd      24.232.152.3           1     2
probe     connection   telnetd      24.232.161.2           1     1
probe     connection   telnetd      61.219.60.129         19   128
probe     connection   telnetd      128.6.237.45           1     1
probe     connection   telnetd      128.32.147.189         1     1
probe     connection   telnetd      209.99.226.162         1     2
probe     relay        sendmail     61.16.62.229           1     1
probe     relay        sendmail     61.155.13.247          1     1
probe     relay        sendmail     147.71.17.20           1     1
probe     relay        sendmail     158.43.128.38          1     5
probe     relay        sendmail     165.21.101.224         1     5
probe     relay        sendmail     195.6.155.120          1     2
probe     relay        sendmail     195.53.2.30            1    11
probe     relay        sendmail     195.101.179.130        1     1
probe     relay        sendmail     200.23.18.151          1     1
probe     relay        sendmail     200.26.83.234          1     1
probe     relay        sendmail     200.33.210.78          1     1
probe     relay        sendmail     202.54.91.98           1     1
probe     relay        sendmail     202.102.218.64         1     1
probe     relay        sendmail     203.75.0.65            1     1
                    Activity Report For 2001/12/21
  Class       Name       Service      Remote Host    Targets Total
- --------- ------------ ------------ ---------------- ------- -----
probe     relay        sendmail     203.95.7.209           1     1
probe     relay        sendmail     203.231.121.193        1     1
probe     relay        sendmail     203.244.4.3            1     1
probe     relay        sendmail     206.154.179.200        1     1
probe     relay        sendmail     207.108.76.140         1     1
probe     relay        sendmail     210.28.149.35          1     1
probe     relay        sendmail     210.56.11.163          1     1
probe     relay        sendmail     210.58.125.71          1     1
probe     relay        sendmail     210.59.193.100         1     8
probe     relay        sendmail     210.82.124.78          1     2
probe     relay        sendmail     211.22.153.101         1     1
probe     relay        sendmail     211.38.215.225         1     1
probe     relay        sendmail     211.56.193.163         1     1
probe     relay        sendmail     211.56.206.10          1     1
probe     relay        sendmail     211.91.41.170          1     2
probe     relay        sendmail     211.154.170.114        1     1
probe     relay        sendmail     212.15.21.180          1     1
probe     relay        sendmail     212.59.199.88          1    23
probe     relay        sendmail     212.143.115.77         1     1
probe     relay        sendmail     212.156.4.19           1     1
probe     relay        sendmail     213.82.139.82          1     1
Total Events: 12594



More information about the unisog mailing list