Short summary of attacks against us for June 2000

year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes


2000/06/01-09:53:37.74 200.33.22.xx (Mexico) continual banging on 255.255.255.255 port 13[78]
2000/06/01-12:34:36.24 132.235.198.114:2722 (dhcp-198-114.cns.ohiou.edu) scan machiens for port 177
2000/06/01-12:56:49.43 210.93.97.149 (Korea National University of Education,CHUNGBUK, KR) probe ace port 111
2000/06/01-13:18:53.52 63.16.224.152 (1Cust152.tnt1.athens.oh.da.uu.net) attempt to log on 132.235.17.1 as root pass rootadmin
2000/06/01-13:18:53.52 63.16.224.152 (1Cust152.tnt1.athens.oh.da.uu.net) attempt to loginto 132.235.17.1 as root, passwd rootadmin
2000/06/01-17:17:48.49 207.253.214.197:2666 (Technologia,Montreal, Quebec, Canada) scan machines for port 111
2000/06/01-22:15:50.46 216.169.165.51 (paris003.statecollege.planetdial.net) scan net for port 53
2000/06/02-00:22:21.61 216.3.0.101 (dyn036-ts5a.athens.frognet.net) scan 132.235.16.161 for port 9000,9001
2000/06/02-03:19:08.13 202.235.50.12:65535 (Uonumanet, Ltd.,  JP ) scan net for port 8080
2000/06/02-06:11:59.58 193.251.41.129 (APh-Aug-101-1-1-129.abo.wanadoo.fr) scan net for port 21
2000/06/02-18:06:23.64 210.93.97.149 (Korea National University of Education, Korea) probe port 111 on ace
2000/06/02-19:09:49.03 203.229.230.17 (Intercom Software. Seoul, Korea) scan net for port 53
2000/06/02-19:29:52.59 209.53.51.200 (00-e0-98-04-44-48.bconnected.net) scan net for port 111
2000/06/02-23:44:11.31 213.1.67.64 (host213-1-67-64.btinternet.com) scan net for port 80
2000/06/02-23:44:33.99 213.1.67.64 (host213-1-67-64.btinternet.com) scan net for port 32772, attack w/ buffer overflow
2000/06/03-07:26:03.91 64.38.8.226 (ppp-226.tnt-1.nyc.smartworld.net) scan net for port 27374
2000/06/03-10:35:23.43 195.221.122.44 (Universite Blaise Pascal, FRANCE) scan net for port 111, buff overflow attack
2000/06/03-10:35:32.17 193.63.177.5 (actalis.ab.sac.ac.uk) probe ports 23, 111 32777, 32773, 22 on several machines
2000/06/03-23:26:20.00 207.174.228.81 (is.the.administrator.of.aekpani.net -  ha ha) probe port 111 on net
2000/06/03-23:39:31.17 165.194.100.211 (psyche.cau.ac.kr) scan net for port 111
2000/06/04-02:19:32.05 208.139.149.202:2666 (ns1.mtairyschools.org) scan net for port 111
2000/06/04-04:54:56.97 204.210.39.97 (dt0f0n61.san.rr.com) scan net for port 27374
2000/06/04-07:15:07.88 203.197.234.162 (Leased line - Hindustan Times, New Delhi, INDIA) scan net for port 98
2000/06/04-15:26:44.30 129.74.75.194 (atomic3.phys.nd.edu) attack several machines via sadmind buff overflow attack.
2000/06/04-18:10:53.37 208.248.200.40:2666 (auth2.hcis.net) scan net for port 1
2000/06/07-22:18:16.69 208.176.169.190(ts009d34.phx-az.concentric.net) scan net for port 161
2000/06/07-22:30:45.74 208.176.169.190(ts009d34.phx-az.concentric.net) probe port 445 on 132.235.15.36
2000/06/08-10:10:43.19 61.11.233.25(Shin Satellite Public Company Limited, TH) scan net for port 53
2000/06/09-02:27:44.72 209.21.68.52(mail.chinesenews.com) hacker used stolen passwd to attack 132.35.17.1
2000/06/10-00:53:19.24 216.133.94.97 (Choice One Communications / Reseller, NY, USA) scan net for port 53
2000/06/10-17:27:02.71 208.168.12.60 (ViperLink International, LOUISVILLE, KY, USA) scan net for port 137
2000/06/10-19:03:52.38 216.133.94.97 (Choice One Communications / Reseller, NY, USA) scan net for port 53
2000/06/11-08:30:11.70 142.176.129.229 (shell.pcmedicdirect.com) packts to 255.255.255.255 port 80
2000/06/12-00:17:16.98 24.27.187.245 (cvg-27-187-245.cinci.rr.com) scan net for port 53
2000/06/12-11:00:45.97 203.232.108.2 (Sunghwa College,CHONNAM, KR) hit ace on ports 600, 1524.
2000/06/12-11:34:37.21 203.248.27.2 (xtal-2.comtec.co.kr) hit ace on ports 111, 1027, 111, 825
2000/06/12-17:02:00.96 213.1.139.235 (host213-1-139-235.btinternet.com) scan net for port 31337
2000/06/12-18:38:24.67 216.34.212.70 (SportsPage.com, CA, USA) probel ace on port 111, 826
2000/06/13-00:28:15.51 202.189.12.35 (pc035.abu.org.my) probe ace on port 111 
2000/06/13-05:45:28.83 207.41.170.25:2666(I-2000 net, NY, USA) scan net for port 110
2000/06/15-05:52:30.59 207.189.129.1:2666(Data Research Group, Inc., EUGENE, OR, US) scan net for port 110
2000/06/15-11:23:39.73 210.122.158.202:2666(I-Net Technologies Inc, KR)
2000/06/15-14:13:43.52 4.3.244.100 (crtntx1-ar1-244-100.biz.dsl.gtei.net) scan net for port 21
2000/06/18-06:02:41.94 203.197.144.142 (Leased Line -- Lapiz, Chennai, INDIA) scan net for port 111
2000/06/19-06:20:57.47 216.65.109.125 (your.boyfriend.is.a.pygmy.org - UK) slow scan of net thru 2000/06/20-01:16:22.41
2000/06/20-21:39:26.94 200.223.1.120 (irc.telemar-ba.net.br) slow scan of machines thru 2000/06/21-01:59:45.75
2000/06/21-05:53:04.78 200.223.1.120 (irc.telemar-ba.net.br) slow scan of machines thru 2000/06/22-05:13:15.98
2000/06/21-10:50:28.24 210.145.109.162 (ns.sfinx.co.jp) scan net for port 111
2000/06/22-01:43:13.05 24.115.85.160 (cr3426-a.surrey1.bc.wave.home.com) ftp passwd file from ace
2000/06/22-01:44:30    24.115.85.160 (cr3426-a.surrey1.bc.wave.home.com) attempt to log onto boss using logins/passwd from ace
2000/06/22-11:36:44.54 200.223.1.120 (irc.telemar-ba.net.br) slow scan of machines thru 2000/06/23-05:16:16.96
2000/06/22-16:44:37.12 212.43.198.189(du-189.paris.dialup.claranet.fr) 1. probe to 255.255.255.255:111 starts
2000/06/22-16:44:37.12 212.43.198.189(du-189.paris.dialup.claranet.fr) 2. get info from portmapper ports+others 
2000/06/22-16:44:37.12 212.43.198.189(du-189.paris.dialup.claranet.fr) 3. across multiple machines.
2000/06/22-16:44:37.12 212.43.198.189(du-189.paris.dialup.claranet.fr) 4. probes end 2000/06/22-19:23:35.11a
2000/06/22-17:48:56.65 212.43.198.155(du-155.paris.dialup.claranet.fr) send probe packet to 255.255.255.255:111
2000/06/22-18:20:25.84 212.43.198.147(du-147.paris.dialup.claranet.fr) send probe packet to 255.255.255.255:111
2000/06/22-18:51:53.63 212.43.198.40 (du-40.paris.dialup.claranet.fr) send probe packet to 255.255.255.255:111
2000/06/22-19:54:51.04 212.43.198.169(du-169.paris.dialup.claranet.fr) 1. send probe packet every 30 mins. to 255.255.255.255:111
2000/06/22-19:54:51.04 212.43.198.169(du-169.paris.dialup.claranet.fr) 2. packets continued until 2000/06/23-01:41:42.00
2000/06/23-00:34:52.02 216.101.252.191 (adsl-216-101-252-191.dsl.snfc21.pacbell.net) probe port 111,143,80   on ace
2000/06/23-01:04:52.13 202.52.56.87:500 (Sigma Online, IN) connect to/from port 500 to seorf.
2000/06/29-18:15:11.53 63.20.28.108 (1Cust108.tnt2.det1.da.uu.net) scan net for port 21
2000/06/29-18:39:27.84 155.230.15.79 (avalab.kyungpook.ac.kr) scan net for port 53
2000/06/29-20:06:31.06 202.51.0.35:2666 (Computerland Communications Services, Nepal) scan net for port 110
2000/06/30-05:42:12.78 63.92.222.2 (www.aticom.net) slow scan of net to random ports thru 2000/07/01-02:42:17.34
2000/06/30-18:15:25.95 200.188.80.21 (volpi.sti.com.br) slow scan of net to random ports thru 2000/07/01-05:57:40.40
2000/07/01-04:53:37.45 212.187.35.105 (c18735105.telekabel.chello.nl) scan net for port 21