Short summary of attacks against us for March 2000


year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes

2000/03/01-12:31:11.94 208.184.3.83 (Abovenet, Calif)  continuing scan of ace for port 33434
2000/03/01-15:51:06.13 206.251.19.88 (ISI net, Calif) continuing scan of ace for port 33434
2000/03/01-15:53:31.32 216.33.87.8 (Exodus Communications, CA) continuing scan of ace, prime and boss or port 33434
2000/03/01-15:53:31.32 216.33.87.9 (Exodus Communications, CA) continuing scan of ace, prime and boss or port 33434
2000/03/01-18:56:13.70 209.67.29.8 (Exodus Communications, CA)  continuing scan of ace and boss or port 33434
2000/03/01-19:36:49.09 167.8.29.91 (Gannett Co, MD) scan ace, boss for port 33434
2000/03/01-19:39:27.45 216.33.87.10 (Exodus Communications, CA) continuing scan of ace and boss or port 33434
2000/03/01-22:17:46.78 132.235.153.22 (s1022.south-green.ohiou.edu) scan net for port 1243 by ip
2000/03/02-02:22:40.11 198.216.115.36 (voyager.lee.edu) probe port 111, cal. mgr, statmon ports on ace.
2000/03/02-03:55:44.96 24.66.233.245 (24.66.233.245.ab.wave.home.com) scan ports 143,79,23,80,110,111 on ace
2000/03/02-06:23:43.77 203.228.63.140:2666 (Korea) scan several machins for port 111
2000/03/02-06:54:56.12 210.182.87.243:2666 (infohost co. Korea) scan severl machines for port 109
2000/03/02-06:23:43.18 203.228.63.140:2666 (Korea Telecom, Seoul Korea) scan serveral machines for port 111
2000/03/02-09:14:56.22 202.167.121.193:53 (Vietnam data com, Hanoi) scan boss for port 32776
2000/03/02-10:22:05.43 209.67.29.8 (USA Today information network) scan ace for port 33434
2000/03/02-10:22:56.13 216.33.87.8 (Ameritech.com) scan acend boss  for port 33434
2000/03/02-11:56:27.03 167.8.29.52 (Gannett co, Md) scan ace for port 33434
2000/03/02-14:05:00.57 132.235.153.22 (s1022.south-green.ohiou.edu) scan net by ip for port 1243
2000/03/02-14:29:04.68 206.251.19.80 (Global Crossing, CA) scan ace for port 33434
2000/03/02-15:07:32.18 147.79.0.121 (ecast-oss-pdx.ops.enron.net)scan ace for port 33483 33484 33485 22 23
2000/03/02-21:33:59.18 167.8.29.91 (Gannett co, Md) scan ace for port 33434
2000/03/02-23:09:49.08 24.95.184.210 (ill1-1d2.twcny.rr.com) scan net by ip for port 27374
2000/03/03-03:30:29.24 216.33.87.10 (Ameritech.com)  scan acend boss  for port 33434
2000/03/03-07:09:27.70 167.8.29.91 (Gannett co, Md) scan ace for port 33434

2000/03/03-08:26:36.24 216.33.87.9 epeatedly probe port 33434 on ace then on boss.
2000/03/03-08:27:42.45 216.33.87.10 repeatedly probe port 33434 on ace
2000/03/03-10:08:34.40 132.235.198.88:3331 probe port 177 on ace and prime
2000/03/03-10:29:15.91 167.8.29.91 probe boss  for port 33434
2000/03/03-10:30:48.03 209.67.29.9 repeatedly probe port 33434 on ace then on boss.
2000/03/03-10:50:45.64 167.8.29.52 probe 132.235.1.210 for port 33434
2000/03/03-10:58:43.41 167.8.29.91 probe 132.235.1.210 for port 33434
2000/03/03-11:19:23.11 216.33.87.9 scan topdog for port 33434
2000/03/03-11:19:24.86 167.8.29.91 (Gannett Co) scan topdog for port 33434
2000/03/03-11:20:23.96 209.67.29.9 (USA Today information network) probe prot 33434 on topdog
2000/03/03-11:49:17.42 209.67.78.202 repeatedly probe port 33434 on ace then on boss.
2000/03/03-11:55:37.97 206.251.19.80 probe 132.235.1.2 for port 33434
2000/03/03-11:55:37.97 207.217.229.102 scan net by ip for port 53
2000/03/03-12:37:28.63 167.8.29.52 probe 132.235.1.2 for port 33434
2000/03/03-14:48:38.33 132.235.153.123  1500 connection to random ports on prime thru 2000/03/03-14:48:41.23
2000/03/03-14:48:41.52 132.235.153.123 series of ports probes on  7, 38672, 
2000/03/03-16:06:44.86 131.94.50.94 (telops1.fiu.edu) scan net by ip for port 53
2000/03/03-17:22:24.70 206.251.19.88 scan homer for port 33434
2000/03/03-17:23:23.21 216.33.87.8 scan homer for port 33434
2000/03/03-17:31:47.72 167.8.29.52 scan homer for port 33434
2000/03/03-21:47:36.54 208.140.224.27:60000 (pem02-11.swva.net) scan net by ip for port 2140
2000/03/04-02:03:55.19 207.214.252.130 probe port 111 on ace
2000/03/04-04:33:02.77 24.66.233.245 scan port 111 on ace
2000/03/04-11:10:06.85 212.25.68.99 probe multiple ports on ace
2000/03/04-14:34:59.82 167.8.29.52 probe 132.235.1.2 for port 33434
2000/03/04-15:17:27.56 134.76.242.31 probe ace for ports 23  25 143  110 80 143 111 53 139 21 22 1114 1 724
2000/03/04-16:35:15.38 132.235.153.123 back probing ports 23, 21, 34244-34395 in odd increments
2000/03/04-19:50:00.80 206.251.19.88 (Global crossing, Ca) scan topdog for port 33434
2000/03/04-19:53:05.68 206.251.19.89 (Global crossing, Ca) scan topdog for port 33434
2000/03/04-19:57:00.71 167.8.29.91 probe boss  for port 33434
2000/03/04-20:12:52.37 206.251.19.80 probe boss  for port 33434
2000/03/04-21:15:12.90 200.212.101.193 probe port 111, then hit 720 and 10752 on ace
2000/03/04-21:30:41.31 216.33.87.9 scan topdog for port 33434
2000/03/04-21:31:00.02 216.33.87.8 scan topdog for port 33434
2000/03/04-21:32:14.48 216.33.87.10 scan topdog for port 33434
2000/03/04-22:54:57.94 207.44.231.3 (S E R Consulting, San. Fra., CA) 1 packet to 5 different machine/port combos.
2000/03/05-00:14:26.53 206.251.19.80 probe 132.235.1.7  for port 33434
2000/03/05-00:45:54.10 167.8.29.52 probe 132.235.1.2 for port 33434
2000/03/05-01:00:00.05 216.33.87.8 scan topdog for port 33434
2000/03/05-04:40:44.98 206.251.19.80 probe 132.235.1.2 for port 33434
2000/03/05-05:55:17.31 216.59.35.15 scan net by ip for port 111
2000/03/05-05:55:17.43 216.59.35.15 (216-59-35-15.usa.flashcom.net) scan several machines for port 111

2000/03/05-15:01:34.52 132.235.23.101 scan ports on prime
2000/03/05-18:44:27.84 216.132.137.66 scan port 111 on ace and boss
2000/03/05-19:03:34.98 216.33.87.10 scan topdog for port 33434
2000/03/05-19:08:24.34 208.140.170.11 repeatedly hit ace on port 111 then 1083,then repeat
2000/03/05-19:41:18.38 206.251.19.89 (Global crossing, Ca) scan topdog for port 33434
2000/03/05-19:46:09.76 134.76.242.31 attack ace via port 724
2000/03/05-21:29:45.33 132.235.23.101 scan ports on prime
2000/03/06-03:53:31.17 101.193 probe port 111, then hit 720 and 10752 on ace
2000/03/06-03:53:31.17 209.67.29.8 repeatedly probe port 33434 on ace then on boss.
2000/03/06-03:53:31.19 207.217.229.102  (lunar.earthlink.net) scan net by ip for port 53
2000/03/06-04:26:20.51 216.33.87.8 repeatedly probe port 33434 on ace then on boss.
2000/03/06-08:29:02.17 209.67.29.8  (USA Today information network) probe port 33434 on  ace
2000/03/06-09:03:16.69 208.232.224.155 (una-phgw.emc.com.ph) probe port 4757 on ace, 32776 on boss
2000/03/06-10:27:39.58 147.46.35.239 (?.snu.sc.kr) buffer overflow attacks via portmapper 
2000/03/06-11:12:46.41 147.46.35.151 (cybernet.snu.ac.kr) buffer overflow attacks via portmapper on multiple machines
2000/03/06-11:12:59.80 209.67.78.202 (NetChannel, Inc, CA)  probe port 33434 on boss
2000/03/06-11:43:05.95 147.46.35.151 (cybernet.snu.ac.kr) more buffer overflow attacks via portmapper 
2000/03/06-12:03:23.24 147.46.35.151 (cybernet.snu.ac.kr) more buffer overflow attacks via portmapper 
2000/03/06-14:04:56.28 209.73.197.220 (Avesta Technologies, Ny, NY) Probe 1 port/machine per hour, + 255.255.255.255
2000/03/06-14:38:14.66 216.33.87.8 (Ameritech) probe port 33434 on boss
2000/03/06-14:38:24.14 209.67.29.8  (USA Today information network) probe port 33434 on boss, ace
2000/03/06-14:41:22.17 167.8.29.92 (Gannett Co, silver Springs, Md) probe port 33434 on ace and boss
2000/03/06-14:45:23.52 206.251.19.89 (isi.net) probe port 33434 on ace, boss
2000/03/06-14:45:40.98 167.8.29.52  (Gannett Co, silver Springs, Md) probe port 33434 on boss
2000/03/06-16:02:18.02 192.55.91.31 (netprobe.lerc.nasa.gov) probe homer for ports 33465 33466 33467
2000/03/06-16:16:15.91 167.8.29.52  (Gannett Co, silver Springs, Md) probe port 33434 on ace
2000/03/06-16:17:17.03 209.67.29.8  (USA Today information network) probe port 33434 on  ace
2000/03/06-16:37:59.93 151.196.204.112 (Cove Software Systems, Anapolis, MD) scan port 111 on ace
2000/03/06-18:44:30.88 208.184.3.84 (208.184.3.84.iown.com)  probe port 33434 on  boss
2000/03/06-19:03:53.43 203.116.235.226 (TME Systems,Singapore) scan net by ip for port 111
2000/03/06-19:57:07.70 149.61.144.65 (Manhattan College, Riverdale NY) scan net by ip for port 27374
2000/03/06-19:59:57.61 149.61.144.65 (Manhattan College,NY) scan net by ip for port 27374
2000/03/06-21:27:39.03209.67.29.8  (USA Today information network) probe port 33434 on  ace
2000/03/07-02:07:27.85 209.67.29.8  (USA Today information network) probe port 33434 on  ace
2000/03/07-02:39:09.60 206.251.19.89 (isi.net) probe port 33434 on ace
2000/03/07-03:03:15.69 209.67.29.10 probe topdog for port 33434 thru 2000/03/07-03:03:20.35
2000/03/07-04:08:36.93 194.182.124.11 (Router network, ministry of education, denmark) probe port 80, 161 on homer
2000/03/07-08:16:31.01 194.182.124.11 (router network for Ministery of Education in Denmark) probe 161 on ace
2000/03/07-11:15:54.52 206.251.19.88 con port 33434 on ace
2000/03/07-13:51:39.60 200.222.145.61  (brazil, again) probe port 11 on ace, attack 724 on ace
2000/03/08-03:27:15.02 208.133.73.83(cypher.core.com) 11 packet to 255.255.255.255:47757
2000/03/08-03:36:28.97 129.206.85.38 (it8.ub.uni-heidelberg.de) 10 packets to 255.255.255.255 port 161
2000/03/08-14:22:37.68 130.243.70.63 (lab4-4.idt.mdh.se) probe port 111 on ace
2000/03/09-00:06:27.68 12.26.137.56 (ns.cooma.net- Australia) scan net by ip for port 53
2000/03/09-00:48:34.53 200.15.46.68(Rice University) scan net by ip for port 81
2000/03/09-01:35:19.91 24.94.28.200 (dt0110nc8.san.rr.com) scan net by ip for port 111
2000/03/09-02:31:51.19 195.223.1.130 (GENESYS SRL, IT) probe port 111 on ace
2000/03/09-08:11:18.36 210.178.227.2 (Pyoungchon Elementary Schoo, Korea) scan net by ip for port 111
2000/03/09-14:23:39.58 12.78.180.9 (9.arlington-60-65rs.va.dial-access.att.net) scan net 36 by iop for port 12345
2000/03/09-20:50:04.57 208.140.224.34:60000 ( pem03-02.swva.net) scan net by ip for port 2140
2000/03/10-04:52:27.52 143.88.37.31 (linux.its.uwf.edu) scan port 111 on ace
2000/03/11-01:36:41.76 137.82.89.145 (read.regi.ubc.ca) scan port 111 on ace
2000/03/11-21:12:41.38 198.209.101.161 (Missouri Research and Education Network) scan net for port 53
2000/03/12-17:40:18.51 157.193.55.112 (twimars.rug.ac.be) scan port 111 on ace
2000/03/12-19:52:48.10 195.170.148.210 (www.ftcommunications.com) scan subnet 4 by ip for port 21
2000/03/12-19:53:08.40 195.170.148.210 (www.ftcommunications.com) scan several machine for port 111
2000/03/12-19:56:21.86 195.170.148.210 (www.ftcommunications.com) scan subnet 36 for port 21
2000/03/12-21:58:39.98 216.90.156.30 (ns1.ultimaterealities.com) scan net for port 53
2000/03/12-22:49:45.18 210.207.127.60 (DACOM corp, Kora) scan net for port 111
2000/03/13-00:58:08.37 63.10.235.53 (1Cust53.tnt13.alameda.ca.da.uu.net) scan port 111 on ace
2000/03/13-00:59:31.67 63.10.235.53 (1Cust53.tnt13.alameda.ca.da.uu.net) try old backdoor root passwd of check_mate
2000/03/13-18:58:11.61 208.140.224.93:60000 (pem05-29.swva.net) scan net for port 2140
2000/03/14-13:39:10.39 150.131.106.20 (isis.chem.umt.edu) scan net for port 1
2000/03/15-18:41:19.93 210.222.56.101 (KOREA - .kornet.net?) scan portmapper on ace
2000/03/15-19:41:55.77 209.192.53.195:53 (user-209-192-53-195.knology.net) scan net for port 111
2000/03/15-19:58:21.62 208.140.224.8:60000 (pem01-08.swva.net) scan net for port 2140
2000/03/15-21:49:10.26 2000/03/15-21:49:10.26 2000/03/15-21:49:10.26 221.96.54.212 (dialup-221.totalnet.ro) scan net for port 23
2000/03/15-21:52:51.84 202.30.26.87 (ceai.ajou.ac.kr) attack ttdbserverd on time.cs
2000/03/15-21:54:00.19 202.30.26.87 (ceai.ajou.ac.kr) scan port 111, attack portmapper w/ buff ovflw on homer
2000/03/15-23:49:21.89 202.82.127.88 (P Plus Communications Ltd., HONG KONG) scan net for port 111
2000/03/15-23:49:21.89 202.82.127.88 (P Plus Communications Ltd. HK) scan port 111 on seorf, ace, boss.
2000/03/15-23:51:15.87 206.173.237.190 (ts019d34.sjc-ca.concentric.net) sadmind buffer overflow attack against boss
2000/03/16-08:13:36.22 63.70.25.74 (Meher Sons Estate off Talpur Rd, Karach PK) attempt to login on seorf as root pwd BKjLfOqPfZ
2000/03/16-08:21:27.17 63.70.25.74 (Meher Sons Estate off Talpur Rd, Karach PK) connect to port 23423 on seorf
2000/03/16-13:47:08.01 216.156.136.26 (ottawachat.com) scan net for port 53
2000/03/16-20:42:06.09 208.140.224.29:60000 (pem02-13.swva.net) scan net for port 2140
2000/03/18-07:27:12.00 161.58.239.94 (hellnine2000.org) scan machines for port 1514, 1659
2000/03/18-09:02:25.28 212.216.128.3 (pointer a-an4-4.tin.it) scan ace ports 143, 110, 111, 724
2000/03/18-13:24:32.85 203.232.240.100 (arang.miryang.ac.kr) scan boss port 111
2000/03/18-15:17:31.88 202.10.2.19 (orion.att.net.au) probe ace, boss port 111
2000/03/18-22:04:14.39 209.203.237.176:22 (ect.de) scan machines for port 1659, 1514
2000/03/19-00:02:21.61 131.155.69.100 (svstud.win.tue.nl) start of series of accks via port 512, 5556 thru 2000/03/19-09:33:24.13
2000/03/19-09:06:12.84 203.232.240.100 (arang.miryang.ac.kr) scan boss port 111
2000/03/19-15:04:23.67 130.88.118.27 (swift.ee.umist.ac.uk) scan net for port 109
2000/03/19-16:40:29.93 212.43.198.69 (du-69.paris.dialup.claranet.fr) scan boss for ports 137, 139
2000/03/20-01:51:45.20 203.232.240.100 (arang.miryang.ac.kr) scan ace port 111, 724
2000/03/20-11:58:40.54 193.229.13.3 (kf3u1hel.dial.kolumbus.fi) scan net for port 21
2000/03/21-20:29:32.04 210.96.33.189 (Chunganggidok Elementary School, korea) scan net for port 111
2000/03/21-20:53:23.63 204.247.53.250 (cis.merritt.edu) multiple attempt to port 23456 on p1
2000/03/22-08:30:40.60 203.239.174.82 (JC HYUN SYSTEM, INC Seoul, Korea) probe port 111 on ace
2000/03/22-16:09:38.89 194.67.165.84 (webhosting.rmt.ru) multiple probes port 80,8080,3128 on 132.235.4.79
2000/03/24-12:24:40.02 209.8.164.67 (knight-hub.com - Arlington, Va.) Scan net for port 53
2000/03/24-14:43:20.84 209.8.164.67 (knight-hub.com - Arlington, Va.) Scan net for port 111
2000/03/25-14:03:04.15 209.207.141.152:2666  (mrmark.com - Norfolk, Va) scan several machines fport port 111
2000/03/25-16:36:47.24 192.70.252.125 (linnaeus.franklin.edu) buff overlflow attackds ttdbserverd.
2000/03/26-11:20:56.52 210.222.56.101 (Korea telcom) scan port 111 on ace
2000/03/26-16:34:10.00 209.235.11.254 (www7.clever.net) 1.  scan net for port 512
2000/03/26-16:34:10.00 209.235.11.254 (www7.clever.net) 2. exec cmd as guest:
2000/03/26-16:34:10.00 209.235.11.254 (www7.clever.net) 3. echo '{_guest-begin_}';uname -a;id;w;echo '{_guest-end_}'
2000/03/26-18:22:37.60 148.245.165.5 (na-165-5.na.avantel.net.mx) probe port 111 724(mountd) on ace
2000/03/26-19:22:01.39 210.56.4.9:2666 (ppp009-khi.comsats.net.pk) scan 2 hosts for port 111
2000/03/27-16:25:36.57 210.56.4.9:2666 (ppp009-khi.comsats.net.pk) scan net for port 111
2000/03/27-17:31:17.32 210.56.4.9:2666 (ppp009-khi.comsats.net.pk) scan net for port 111
2000/03/27-20:15:47.12 152.117.205.225 (ResNet-205-225.PLU.edu) scan net for port 31337
2000/03/27-21:45:42.59 210.56.4.9:2666 (ppp009-khi.comsats.net.pk) scan net for port 111
2000/03/28-18:39:27.20 210.56.4.9:2666 (ppp009-khi.comsats.net.pk) scan net for port 111
2000/03/29-06:25:45.15 210.56.4.9:2666 (ppp009-khi.comsats.net.pk) scan net for port 111
2000/03/29-06:25:45.13 210.56.4.9:2666 (ppp009-khi.comsats.net.pk) scan for port 111
2000/03/29-10:43:47.02 24.113.67.191 (cr823638-a.crdva1.bc.wave.home.com) scan net for port 53
2000/03/29-10:52:37.65 150.183.91.134 (Korea Institute of Science and Technology) scan port 111 on ace
2000/03/29-16:39:09.20 212.43.198.99 (du-99.paris.dialup.claranet.fr) scan net for port 137
2000/03/29-16:43:57.56 212.43.198.99 (du-99.paris.dialup.claranet.fr) scan net for port 139
2000/03/29-18:40:40.27 24.113.67.191 (cr823638-a.crdva1.bc.wave.home.com) scan net for port 53
2000/03/30-00:09:07.95 212.43.198.160 (du-160.paris.dialup.claranet.fr) scan severalmachines for port 139
2000/03/30-03:44:01.19 198.144.3.2 (rna.isd.net - Minneapolis, Mn) scan net for port 53 
2000/03/30-05:07:45.66 162.42.147.93 (pin-r2-p93.cybertrails.com) scan net for port 21
2000/03/30-05:12:03.93 162.42.147.93 (pin-r2-p93.cybertrails.com) scan net for port 21
2000/03/30-12:05:19.47 210.124.182.137 (DACOM corp - dacom.net - Korea) scan net for port 53
2000/03/30-13:45:43.47 212.43.198.66 (du-66.paris.dialup.claranet.fr) brocast 255.255.255.255 port 137
2000/03/30-14:51:02.07 212.43.198.23 (du-23.paris.dialup.claranet.fr) scan net for port 139
2000/03/30-16:14:11.69 212.43.198.254 (du-245.paris.dialup.claranet.fr) scan several machines for port 139
2000/03/30-18:52:18.61 24.237.45.19 (cable-19-45-237-24.anchorageak.net) scan noet for port 53
2000/03/31-16:23:18.51 212.43.198.214 (du-214.paris.dialup.claranet.fr) scan selected ports on boss