Short summary of attacks against us for May 2000 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2000/05/01-07:09:00.40 195.127.94.7 (Advanced Computer Consulting GmbH, GERMANY) scan net for port 111 2000/05/01-07:08:56.59 195.127.94.7 (Advanced Computer Consulting GmbH, GERMANY) scan net for port 110 2000/05/01-18:59:39.05 216.3.1.76 () connect to 132.235.18.177 port 33333, 2772, 1028... and so on.??? 2000/05/01-19:03:31.50 210.182.66.3 (Jangin Furniture Co., Ltd,INCHON,KR) scan net for port 53 2000/05/01-19:16:36.76 216.3.0.47 (dyn046-ts4a.athens.frognet.net) scan 132.235.18.177 for port 33333, 2000/05/02-00:00:00.00 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/02-00:45:35.41 216.3.0.47 (dyn046-ts4a.athens.frognet.net) scan 132.235.18.177 for ports 1-679, then 33332-33940 2000/05/02-15:28:39.18 130.39.30.121 (pointer nsel.rsip.lsu.edu) scan net for port 53 2000/05/03-11:21:05.92 63.91.54.24 (Icon-o-Voice, Ridgeland, MS, US) scan port 161, 25, 80, 21, etc... all day 2000/05/05-01:34:18.16 207.173.241.36 (Electric Lightwave Inc Vancouver, WA,US) scan net for port 21 2000/05/05-08:00:00.00 . nuts. ILOVEYOU virus. 2000/05/05-10:28:23.96 216.35.204.98 (fer Shocket, Waltham, MA) bang on port 8000 on prime. 2000/05/05-13:11:55.23 206.99.115.90 (proxy.monitor.dal.net) probe ports 1080 and 23 on ace 2000/05/05-16:02:24.39 132.235.132.96 (dhcp-132-096.cns.ohiou.edu) scan net for port 9200 2000/05/05-18:42:19.22 216.23.151.41 (Starcom International Optics Corp Vancouver, British Columbia) scan net for port 53 2000/05/06-18:13:03.19 129.120.40.31 (XiangDa.math.unt.edu) probe net for port 53 2000/05/06-19:23:48.73 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/07-16:07:28.31 140.239.31.100 (linux.northeastinternet.com) buffer overflow attact via sadmind daemon 2000/05/08-07:04:59.27 216.190.204.3 (mail.actechs.com) scan net for port 111 2000/05/08-07:34:14.32 216.190.204.3:2666 (mail.actechs.com) probe port 111 on 3 machines 2000/05/08-15:24:09.76 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/08-16:30:51.77 149.225.149.149 (pec-149-149.tnt6.h2.uunet.de) bang on ports 7,119 on boss 2000/05/08-17:28:06.47 195.159.0.151 (barbt@login1.powertech.no) login probes on ace 2000/05/08-19:27:32.58 64.41.164.54 (EXODUS.NET - whatever) slow probe of net on ports 33454-33466 thru 2000/05/09-07:59:30.39 2000/05/09-07:41:17.72 64.41.164.54 (EXODUS.NET - whatever) slow probe of net on ports 33454-33466 thru 2000/05/10-04:10:13.69 2000/05/09-09:00:54.47 64.14.117.10 (EXODUS.NET - whatever) slow probe of net on port 33454, variying 3rd quad of ip addr before 4th quad. 2000/05/09-17:26:50.91 213.224.52.151 (dhcp-213-224-52-151.kabel.pandora.be) probe net for port 21 2000/05/11-04:18:30.37 137.48.1.14 (sybase.unomaha.edu) scan 14 in 132.235.1.xxx for port 53 2000/05/11-04:25:11.55 195.89.151.100 (Charis Bandwidth Ltd., GB) scan 6 machines in 132.235.1.xxx for port 53 2000/05/11-16:49:43.61 4.22.173.179 (cornfield.rbfnet.com) scan 20 machines in 132.235.1.xxx for port 53 2000/05/11-22:02:06.40 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/11-22:24:13.57 12.72.23.24 (24.san-diego-03-04rs.ca.dial-access.att.net) portscan ace 2000/05/12-03:35:54.49 64.27.91.190 (dorcino.com) scan 20 machines in 132.235.1.xxx for port 53 2000/05/12-08:09:54.25 63.91.54.24 (Icon-o-Voice, Ridgeland, MS,US) probe net for port 161 2000/05/12-17:50:56.66 4.22.173.179 (cornfield.rbfnet.com) scan machines for port 53 in 132.235.18.x net 2000/05/12-18:39:27.60 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/12-21:52:36.96 202.101.0.17 (max-p12-17.sta.net.cn) scan 132.235.17.17 for ports 79,23,21, tried to hack user webit 2000/05/14-11:01:42.73 200.203.168.206 (ppp206-fozit200.telepar.net.br) probe net for port 53 2000/05/14-11:41:17.33 200.203.168.206 (ppp206-fozit200.telepar.net.br) probe machines for port 43 2000/05/15-02:22:24.86 205.244.80.5 (CIBERLYNX, INC.,Deerfield Beach, FL,US) probe net for port 111 2000/05/15-08:32:41.77 63.70.24.149 (Meher Sons Estate off Talpur Rd, Karachi, PK) scan net for port 111 2000/05/15-08:38:47.17 63.91.54.24 (Icon-o-Voice, Ridgeland, MS,US) probe net for port 161 2000/05/15-09:19:12.20 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/16-09:43:00.35 132.235.171.66:1115 (w3066.west-green.ohiou.edu) scan net for port 9200 2000/05/16-15:31:46.10 63.91.54.24 ( (Icon-o-Voice, Ridgeland, MS,US) probe net for port 161 2000/05/16-20:22:14.28 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/16-22:14:40.32 216.67.118.160 (nas-118-160.cleveland.navipath.net) scan net for port 80 2000/05/17-02:54:42.71 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/17-16:32:06.92 206.58.78.48:2666 (bargirangin.com) scan several machiens for port 111 2000/05/18-14:22:50.91 205.243.135.25:2666 (crow.digitalprairie.com) scan several machines for port 53 2000/05/18-18:41:44.87 203.231.10.220 (Inet INC., Seoul, KR) probe port 11 on ace 2000/05/18-21:40:01.43 132.235.162.83 (OU) probe port 161 on net 2000/05/18-22:51:12.48 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/19-11:53:14.25 212.72.63.240 (Cybercity, AMSTERDAM, nl) probe port 1524 on ace 2000/05/19-12:10:31.61 212.72.63.240 (Cybercity, AMSTERDAM, nl) probe port 111 on ace 2000/05/19-15:48:36.34 212.72.63.240:111 (Cybercity, AMSTERDAM, nl) probe port 111 on 132.235.18.1 2000/05/19-15:49:08.94 212.72.63.240 (Cybercity, AMSTERDAM, nl) probe port 111 on boss 2000/05/19-22:35:01.23 212.72.63.240 (Cybercity, AMSTERDAM, nl) probe port 1524 on ace 2000/05/19-23:25:57.70 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] all weekend 2000/05/19-23:30:17.66 62.7.61.245 (host62-7-61-245.btinternet.com) scan net for port 31337 2000/05/20-02:13:37.76 212.72.63.240 (Cybercity, AMSTERDAM, nl) probe port 1524 on boss 2000/05/20-05:36:27.49 128.195.213.27 (mecn213-027.reshsg.uci.edu) scan net for port 12345 2000/05/20-09:09:32.03 202.152.12.170 (www.amikom.ac.id) bang on port 111 on ace. 2000/05/20-09:58:56.03 62.125.24.124:60000 (userck94.aol.uk.uudial.com) scan net for port 2140 2000/05/21-12:35:30.09 132.234.114.79 (gclc1-cr2-16.student.gu.edu.au) scan net for port 8080 2000/05/21-17:48:52.58 207.114.4.46 (ProxyScan.MD.US.Undernet.Org) scan 132.235.16.156 for port 1080, 23 2000/05/21-17:49:07.69 24.240.86.105 (24-240-86-105.hsacorp.net) scatn 132.235.16.156 for port 12345 2000/05/21-17:49:08.27 209.86.158.119 (user-38ld7jn.dialup.mindspring.com) scan 132.235.16.156 for ports 12346,12346,1080,12345,6670 2000/05/22-09:13:32.87 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/22-13:50:54.27 134.231.11.155 (pcha35.gallaudet.edu) probe port 111 on ace 2000/05/24-09:25:13.64 132.235.196.105 (dhcp-196-105.cns.ohiou.edu) probe net with pkts to 255.255.255.255:9 2000/05/24-09:25:16.56 132.235.196.105 (dhcp-196-105.cns.ohiou.edu) probe net with pkts to 255.255.255.255:161 2000/05/24-14:06:51.51 167.20.156.104 () probe port 161 on ace 2000/05/24-14:08:40.80 210.208.117.16 () probe port 111 on ace 2000/05/24-17:12:15.00 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/25-12:48:02.86 194.204.128.94 (do-r1.wro-r1.tpnet.pl) slow scan of net - random machines/ports til 2000/05/26-05:49:39.36 2000/05/25-19:03:50.82 128.230.89.51 (source.syr.edu) bang on ports 600, 1524 on ace 2000/05/25-21:51:16.01 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/26-01:04:59.24 207.96.37.201 (montcogov201.erols.com) scan net with packet to 255.255.255.255 : 161 2000/05/27-07:47:16.97 195.38.106.25 (szabolcs.bakats.tvnet.hu) 1. probe net for port 21, attempt to make subdirs 2000/05/27-07:47:16.97 195.38.106.25 (szabolcs.bakats.tvnet.hu) 2. in various dirs named jpg345 (windows specific dirs) 2000/05/27-10:06:25.38 207.96.37.201 (montcogov201.erols.com) slow scan of net for port 161 2000/05/27-12:06:01.45 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/27-12:13:25.32 212.216.148.246 (a-re11-55.tin.it) scan 132.235.17.17 for port 111 2000/05/27-15:27:25.22 207.96.37.201, (montcogov201.erols.com) probe port 161 on 132.235.x.x 2000/05/28-05:13:39.47 207.96.37.201 (montcogov201.erols.com) slow scan of net for port 161 2000/05/28-14:22:40.11 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/28-19:40:18.97 195.205.99.238:65536 (www.galkom.com.pl) scan net for port 53 2000/05/28-23:39:39.14 203.231.10.220 (Inet INC.,Seoul, KR) probe port 111 on ace 2000/05/29-09:15:00.70 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/29-13:48:09.89 207.93.141.119 (whv-ca3a-119.rasserver.net) 1. probe net for port 21, attempt to make subdirs 2000/05/29-13:48:09.89 207.93.141.119 (whv-ca3a-119.rasserver.net) 2. in various dirs. 2000/05/29-19:18:23.78 212.244.200.130 (tai-test.man.polbox.pl) probe several machines for port 111 2000/05/30-01:04:05.54 207.96.37.201 (montcogov201.erols.com) send packet to 132.235.3.0:161 as scan? 2000/05/30-01:04:52.66 207.96.37.201 (montcogov201.erols.com) packet to 255.255.255.255 port 161 2000/05/30-08:37:33.17 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78] 2000/05/31-01:04:53.28 207.96.37.201 (montcogov201.erols.com) packet to 255.255.255.255 port 161 2000/05/31-15:59:51.82 212.216.149.124 (a-re9-61.tin.it) 1. start of attack on 132.235.17.17, buff overflow attack on sadmind 2000/05/31-15:59:51.82 212.216.149.124 (a-re9-61.tin.it) 2. attack every 3 seconds or so till 2000/05/31-19:36:05.04 2000/05/31-22:05:58.16 212.216.149.124 (a-re9-61.tin.it) resumption of attack on 132.235.17.17, til 2000/05/31-22:06:19.15 2000/05/31-23:16:12.41 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78]