[unisog] Cleaning up those networks

Peter Van Epp vanepp at sfu.ca
Thu Feb 22 03:47:11 GMT 2007

	Since I happen to have this data from a few days ago here is a reason
to report such things (and possibly a comment on how few do get reported ...):

    aaa.bb.cc.dd          1,852,537            117,705

compromised machine scanning for 22 and 5901 (I think a typo aiming for 
vnc on 5900 and off by 1 ...). The first number is unique host/port pairs 
(mostly full class C scans) the second is hosts that responded. Out of close
to 2 million attempts over 100,000 of which found something not one complaint
(except of course me, who was mortally offended and whacked them :-)). This
isn't uncommon, I'll often whack one of our machines from the argus logs for
being unmannerly without getting an external complaint about them. Of course 
I do ignore the equal number of external hosts I see probing us other than to 
look for compromised local machines so I'm as bad as every one else :-).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the unisog mailing list