Short summary of attacks against us for July 2000

year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes


2000/07/01-06:14:45.63 200.188.80.21 (volpiold.sti.com.br) scan net using random ip/port combos. thru 2000/07/02-05:09:51.04
2000/07/01-11:41:57.66 212.185.225.192 (pointer pD4B9E1C0.dip.t-dialin.net) scan port 7,119 on several machines
2000/07/01-17:39:40.71 213.167.197.27 (Galactica S.P.A, IT) scan net for port 109
2000/07/01-17:54:03.88 213.167.197.27 ((Galactica S.P.A, IT) scan net for port 21
2000/07/01-18:31:15.11 213.47.7.92 (chello Austria, VIENNA AT) scan net 132.235.x.1 for port 119
2000/07/01-18:31:17.19 213.47.7.92 (chello Austria, VIENNA AT) scan net 132.235.x.1 for port 119
2000/07/01-19:52:32.12 141.213.11.91 (tbone.eecs.umich.edu) 1. bang on printer are 132.235.18.226 port 80
2000/07/01-19:52:32.12 141.213.11.91 (tbone.eecs.umich.edu) 2. followed by numerous connections (tracert?) from everywhere.
2000/07/01-19:52:32.12 141.213.11.91 (tbone.eecs.umich.edu) 3. until 2000/07/01-20:05:26.31
2000/07/02-05:47:20.48 200.188.80.21 (volpiold.sti.com.br) scan net using random ip/port combos. thru 2000/07/03-05:22:51.16
2000/07/02-05:54:29.26 216.156.2.34 (mail0.9netave.com) scannet for port 113
2000/07/02-06:36:43.91 213.47.7.92 (chello Austria, VIENNA AT) scan net 132.235.x.1 for port 119
2000/07/03-03:00:27.21 149.156.105.13 (aquarium.ia.agh.edu.pl) scan net for port 23
2000/07/03-05:30:12.87200.188.80.21 (volpiold.sti.com.br) scan net using random ip/port combos. thru 2000/07/03-12:44:47.23
2000/07/03-06:06:48.84 213.47.7.92 (chello Austria, VIENNA AT) scan net  for port 119
2000/07/03-07:21:33.62 155.230.15.79 (avalab.kyungpook.ac.kr) probe port 111 on boss
2000/07/03-19:04:42.36 212.177.241.213 (UUNET internation, IT) 1. scannet for port 79
2000/07/03-19:04:42.36 212.177.241.213 (UUNET internation, IT) 2. try various login/passwd pairs via telnet on multiple machines
2000/07/03-19:16:06.07 212.177.241.213 (UUNET internation, IT) 1. break into pirates, user/pass oracle/oracle
2000/07/03-19:16:06.07 212.177.241.213 (UUNET internation, IT) 2. telnet 216.22.10.10 port 6667 irc.webbernet.net,
2000/07/03-19:16:06.07 212.177.241.213 (UUNET internation, IT) 3. user BuLLsHiT 0 0 :r0x, nick Saintt
2000/07/03-19:16:06.07 212.177.241.213 (UUNET internation, IT) 4. ftp bnc from 212.177.241.29, (leejj/rembix55)
2000/07/03-19:16:06.07 212.177.241.213 (UUNET internation, IT) 5. and happy running bnc till machine is downed.
2000/07/04-11:19:32.98 200.223.1.120 (irc.telemar-ba.net.br) scan net using random ip/port combos. thru 2000/07/05-05:20:12.31
2000/07/06-05:09:29.02 213.47.7.92 (chello Austria, VIENNA AT) scan net  for port 119 thru 2000/07/07-00:55:10.89
2000/07/05-18:43:11.78 38.144.33.210 (PSI net) scan net for port 111
2000/07/05-06:23:40.72 200.223.1.120 (irc.telemar-ba.net.br) slow scan of net with random ip/port pairs
2000/07/07-13:35:43.72 212.211.6.55 (mfs-pci-bqh-vty55.as.wcom.net) scan net for port 109
2000/07/07-21:53:17.43 148.235.83.64 (Mexico, Administrador Ip) scan net for port 1234
2000/07/08-09:03:23.04 213.47.7.92 (chello Austria, VIENNA AT) slow scan for port 119
2000/07/08-12:53:44.71 212.93.21.95 (dialin95-21-c5800do1.sonnet.de) scan net for port 21
2000/07/08-16:46:43.86 208.25.56.28 (user28.launchnet.com) followup connection from 132.195.94.51 to telnet, portmap, netstat ports.
2000/07/08-16:47:40.88 132.195.94.51 (www.iai.uni-wuppertal.de) 1. attack packers vi rcp to sadmind with buff overflow attack. 
2000/07/08-16:47:40.88 132.195.94.51 (www.iai.uni-wuppertal.de) 2. attack was to set up tcp telnet server on netstat port.
2000/07/09-14:51:12.11 216.99.218.161 (216-99-218-161.dsl.aracnet.com) probe ports 563, 119 on boss
2000/07/09-16:10:04.12 193.173.174.119 (193-173-174-119.dialup.noknok.nl) scan net for port 53
2000/07/09-20:54:26.75 195.89.3.250 (proxyr3.cyberia.net.lb) scan net for anon ftp, issue multiple CWD and MKD . 2512219p cmds
2000/07/10-05:08:37.90 200.223.1.120  (irc.telemar-ba.net.br) slow scan of net with random ip/port pairs
2000/07/10-05:49:14.95 137.213.188.179 (undefined-188-179.undefined - ie - BULL Information Systems,GB) scan 255.255.255.255:161
2000/07/10-06:12:18.87 213.47.7.92 (chello Austria, VIENNA AT) slow scan for port 119 thru 2000/07/11-04:20:59.84
2000/07/10-13:45:30.15 210.97.12.129 (Naejeong Primary school, KR) scan net for port 109
2000/07/11-05:50:50.62 200.223.1.120 (irc.telemar-ba.net.br) buch of ack+reset packets/
2000/07/11-05:56:13.64 137.213.188.179 (undefined-188-179.undefined ie BULL Information Systems,GB) scan 255.255.255.255:161
2000/07/11-08:55:33.96 213.47.7.92 (chello213047007092.11.vie.surfer.at) scan net for port 119
2000/07/11-10:29:08.21 130.67.94.221 (ti11a62-0349.dialup.online.no) scan net for port 21
2000/07/12-03:00:05.20 172.144.81.255 (AC9051FF.ipt.aol.com) scan 9 machines on random ports?
2000/07/12-19:16:32.08 194.134.216.148 (i2187.vwr.wanadoo.nl) scan net for port 53
2000/07/12-09:26:47.94 213.47.7.92 (chello Austria, VIENNA AT) slow scan for port 119 thru 2000/07/13-02:16:53.00
2000/07/13-08:11:52.47 211.112.142.2 (Dongyang Venture Center, SEOUL, KOREA) scan net for port 98
2000/07/13-21:06:37.61 64.39.31.36 (www.underhost.com) scan net for port 21
2000/07/14-06:57:09.32 213.47.7.92 ((chello Austria, VIENNA AT) slow scan for port 119 thru 2000/07/15-02:53:48.03
2000/07/14-09:14:38.72 209.167.93.16 (Gateway Telephone, NORTH BAY, ON, CA) scan net for ports 80,21,25,161
2000/07/14-19:34:15.06 192.70.33.18 (alba.iut-lannion.fr) scan net for port 21
2000/07/15-07:31:02.90 213.47.7.92 (chello Austria, VIENNA AT) slow scan for port 119 thru 2000/07/16-03:23:09.48
2000/07/16-00:24:25.71 194.66.95.40 (cua.ulsop.ac.uk) scan net for port 21
2000/07/17-08:36:06.90 213.47.7.92 (chello Austria, VIENNA AT) slow scan for port 119 thru 22000/07/18-04:10:45.59
2000/07/17-10:06:09.32 213.8.203.144 (Euronet Digital Communication, ISRAEL) scan net for port 23
2000/07/18-01:02:49.59 24.9.17.206 (ci341870-a.grnvle1.sc.home.com) scan net for port 23
2000/07/19-17:07:29.54 200.7.30.100 (Empresa Nacional de Telecomunicaciones S.A, CHILE) probe port 111 on boss
2000/07/20-15:45:55.65 209.239.138.16 (rb15.seagency.com) scan net for port 31337


2000/07/22-21:17:38.10 63.206.124.78 (Office General, SAN JOSE, CA, US) scan net for port 21
2000/07/23-02:54:20.65 211.51.193.245 (Jazz Club PC Game Room, SEOUL, KR) scan net for port 53
2000/07/24-14:52:22.82 209.239.138.16 (rb15.seagency.com) scan net for port  31337
2000/07/25-10:50:19.61 203.85.30.129 (pc129.epublisher.com.hk) scan net for port 111
2000/07/26-00:11:38.76 132.235.204.99 (dhcp-204-099.cns.ohiou.edu) scan net for port 31337
2000/07/26-06:56:45.30 193.159.156.210 (pC19F9CD2.dip0.t-ipconnect.de) 1. portscan machines on ports 7 9 13 17 19 21
2000/07/26-06:56:45.30 193.159.156.210 (pC19F9CD2.dip0.t-ipconnect.de) 2. 123 25 37 53 70 79 80 106 109 110 111 
2000/07/26-06:56:45.30 193.159.156.210 (pC19F9CD2.dip0.t-ipconnect.de) 3. 119 136 199 512 513 514 515 540 
2000/07/26-07:24:02.86 193.159.156.210 (pC19F9CD2.dip0.t-ipconnect.de) scan net loggin on via ftp as root, no passwd.
2000/07/26-21:53:41.64 207.205.161.129 (pool-207-205-161-129.nwrk.grid.net) scan net for port 27374
2000/07/27-01:12:07.08 203.252.74.119 (Kangwon National University, KANGWON, KR) scan net for port 111
2000/07/27-10:51:15.45 216.154.118.169 (Look Communications Inc,Toronto,,CA) scan several machines for port 31789
2000/07/27-18:20:01.32 213.1.149.58 (host213-1-149-58.btinternet.com) scan net for port 31337
2000/07/27-18:20:04.69 213.1.149.58 (host213-1-149-58.btinternet.com) scan net for port 31337
2000/07/28-05:40:18.11 61.134.25.101 (CHINANET Shanxi(SN) province network, CN) ping us with 255.255.255.255:161
2000/07/28-05:42:26.16 61.134.25.101 (CHINANET Shanxi(SN) province network, CN)  portscan several machines
2000/07/28-05:49:48.97 61.134.25.101 (CHINANET Shanxi(SN) province network, CN) ping us with 255.255.255.255:161
2000/07/28-11:53:32.55 63.145.178.100 (VISTANET,INC., CHICO, CA, US) probe port 500 on ace
2000/07/29-13:42:01.24 212.160.132.58 (linux.futura.com.pl) probe us with 255.255.255.255:23
2000/07/31-02:47:32.93 209.73.245.110 (PFM Communications, Inc. NY, NY) scan net for port 111
2000/07/31-18:02:14.65 62.7.58.85 (host62-7-58-85.btinternet.com) scan net for port 31337