Short summary of some of the attacks against us for August 2000 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2000/08/01-06:17:23.56 61.132.13.106 (CHINANET Jiangsu province network, CHINA) scan net for port 139 2000/08/01-16:41:43.18 212.67.130.14 (da130d14.dialup.callnetuk.com) 1. scan net for port 21, log in as aonymous, 2000/08/01-16:41:43.18 212.67.130.14 (da130d14.dialup.callnetuk.com) 2. then try to create upload directory. 2000/08/02-21:06:57.75 132.235.204.89 (dhcp-204-089.cns.ohiou.edu) scan net for ports 80, 110, 21, 23 2000/08/03-19:18:22.35 154.5.156.244 (ip244.calgary10.dialup.canada.psi.net) scan severl machines for port 21, 1080 2000/08/03-22:48:12.79 210.96.151.100 (Osan American School,Osan U.S-Military Camp Pyungtaek-Si,KYONGGI, KR) scan net for port 53 2000/08/04-05:16:57.64 195.206.32.73 (JSC Oblmashinform,Irkutsk, East Siberia, Russia) stupid try to login into ace as root, pass root. 2000/08/04-08:31:02.86 192.84.160.185 (lmbchky.peri.com) stupid try to login into p1 as root, pass root. 2000/08/05-04:36:31.45 210.196.203.146 (kss.kstudio.co.jp) scan net for port 111 2000/08/05-19:05:28.24 210.113.40.1 (Korea Telecom - ISP in Korea) scan net for port 27374 2000/08/05-22:45:27.56 63.36.192.58 (1Cust58.tnt29.bos2.da.uu.net) scan net for port 21, try to create a download dir. w/ anon ftp 2000/08/07-00:49:28.02 63.22.79.5 (1Cust5.tnt3.bos2.da.uu.net) scan net for port 21, try to create a download dir. w/ anon ftp 2000/08/07-15:40:13.26 208.247.211.20 (Johnston, Lemon & Company, Washington, DC, US) scan of boss, or someone attacked them w/our ip 2000/08/09-02:04:11.79 212.41.51.41 (user51-41.jakinternet.co.uk) scan net for port 31337 2000/08/10-10:01:27.56 211.41.137.222 (Future`s Cable Television, Inc., SEOUL, KR) scan net for port 109 2000/08/10-14:11:42.97 212.129.24.127 (none networks, PARIS, FR) scan net for port 21 2000/08/10-21:29:29.80 208.171.98.178 (cm-208-171-98-178.coralsprings.ispchannel.com) scan net for port 53 2000/08/11-07:03:48.34 132.230.131.225 (gw.sw-stusie.uni-freiburg.de) probe port 111 on boss 2000/08/11-18:12:12.14 208.50.178.204:80 (Spotwire Pty. Ltd.,Milton, Queensland, . 4064, US ???) scan us with 255.255.255.255 : 2437 2000/08/12-22:15:07.41 208.50.178.204:80 (Spotwire Pty. Ltd.,Milton, Queensland, . 4064, US ???) scan us with 255.255.255.255 : 1802 2000/08/13-18:50:40.00 195.84.234.20 (kabo.ec.se) logon to bobcat with stollen passwd 2000/08/13-21:55:04.41 140.123.76.228 (scorpio.chem.ccu.edu.tw) scannet for port 111 2000/08/14-07:16:22.10 202.102.60.9 (CHINANET Jiangsu province network, CH) scan net for port 139 2000/08/14-07:53:33.60 195.84.234.20 (kabo.ec.se) logon to bobcat with stollen passwd 2000/08/14-09:03:42.94 195.84.234.20 (kabo.ec.se) logon to bobcat with stollen passwd 2000/08/14-09:06:59.87 195.84.234.20 (kabo.ec.se) logon to bobcat with stollen passwd 2000/08/14-09:29:22.71 195.84.234.20 (kabo.ec.se) logon to bobcat with stollen passwd 2000/08/14-09:29:58.45 195.84.234.20 (kabo.ec.se) logon to bobcat with stollen passwd 2000/08/14-10:43:02.98 194.137.53.130 (ns.espoo.fi) scan net for port 21 2000/08/14-11:57:16.51 195.84.234.20 (kabo.ec.se) logon to bobcat with stollen passwd, bring up irc relay 8000/08/14-15:58:20.00 195.84.234.20 (kabo.ec.se) logon to bobcat with stollen passwd 2000/08/14-16:00:43.23 140.110.221.42:47200 (Ministry of Education Computer Center, TW) 2 packets to 255.255.255.255:(33465-33524) 2000/08/14-16:28:11.52 195.84.234.20 (kabo.ec.se) logon to bobcat with stollen passwd 2000/08/14-16:30:02.05 138.89.33.170 (adsl-138-89-33-170.nnj.adsl.bellatlantic.net) scan net for port 21 2000/08/14-19:00:53.23 62.82.224.35 (BE-35-SEVI-X1.red.retevision.es) scan ace for port 111, then hti port 722 2000/08/15-04:26:17.78 24.112.186.204 (cr173556-a.rchrd1.on.wave.home.com) scan net for port 53 2000/08/15-10:03:24.49 24.15.196.73 (c255376-a.mntp1.il.home.com) scan net for port 21 2000/08/15-19:29:27.91 198.144.76.73 (pt-006-00058.greenapple.com) scan net for ports 21,23,79 2000/08/15-22:17:38.54 198.144.78.77(pt-009-00062.greenapple.com) portscan boss ports 1-100 2000/08/15-22:22:24.73 212.185.219.249 (pD4B9DBF9.dip.t-dialin.net) portscan net for port 21 2000/08/15-23:51:54.34 212.185.219.249 (pD4B9DBF9.dip.t-dialin.net) scan net for port 21 2000/08/16-16:08:23.33 198.144.78.168 (pt-009-00153.greenapple.com) portscan 132.235.1.186 ports 18-28 2000/08/16-16:22:01.12 198.144.78.168 (pt-009-00153.greenapple.com) portscan 132.235.2.33 ports 1-100 2000/08/16-16:35:57.82 198.144.78.168 (pt-009-00153.greenapple.com) portscan 132.235.2.77 ports 18-24 2000/08/16-16:58:58.02 198.144.78.168 (pt-009-00153.greenapple.com) portscan net ports 19,21,23,79 2000/08/17-00:18:22.56 198.144.76.192 (pt-006-00177.greenapple.com) scan net for port 21 2000/08/17-01:21:47.83 198.144.76.192 (pt-006-00177.greenapple.com) scan net for port 21 2000/08/17-03:39:30.54 192.43.162.195 (TELEVERKET Prh, FARSTA, SWEDEN) probe port 111 on ace, then port 23 2000/08/18-13:14:36.42 198.144.77.173 (pt-008-00158.greenapple.com) scan net for port 21, probe anon ftp servers. 2000/08/18-16:19:23.50 198.144.77.173:137 (pt-008-00158.greenapple.com) scan net for port 137 2000/08/18-16:34:07.18 198.144.77.173 (pt-008-00158.greenapple.com) scan net for port 21, probe anon ftp servers. 2000/08/18-20:19:23.50 198.144.77.173:137 (pt-008-00158.greenapple.com) scan net for port 137 2000/08/19-19:16:59.89 193.158.161.198 (pC19EA1C6.dip0.t-ipconnect.de) scan net for port 21 2000/08/20-13:34:59.25 64.19.200.34:12493 (200-34.sandman.com.mx) 1. slow scan of net (1-2 ips/hr) on port 1024 or 3072 2000/08/20-13:34:59.25 64.19.200.34:12493 (200-34.sandman.com.mx) 2. till 2000/08/21-05:45:23.38 2000/08/21-01:36:21.89 62.158.183.144 (p3E9EB790.dip.t-dialin.net) scan net for port 21 2000/08/21-01:46:09.82 216.232.11.127:111 (s216-232-11-127.bc.hsia.telus.net) scan net for port 111 2000/08/21-04:23:12.73 216.232.11.127:111 (s216-232-11-127.bc.hsia.telus.net) scannet for port 111 2000/08/21-05:46:54.38 16.232.11.127:111 (s216-232-11-127.bc.hsia.telus.net) scannet for port 111 2000/08/21-07:53:29.42 216.232.11.127:111 (s216-232-11-127.bc.hsia.telus.net) scannet for port 111 2000/08/21-08:55:02.21 216.232.11.127:111 (s216-232-11-127.bc.hsia.telus.net) scannet for port 111 2000/08/21-10:09:13.96 216.232.11.127:111 (s216-232-11-127.bc.hsia.telus.net) scannet for port 111 2000/08/21-10:10:07.94 216.232.11.127:111 (s216-232-11-127.bc.hsia.telus.net) scannet for port 111 2000/08/21-23:59:12.26 146.201.32.146 (dial146.acns.fsu.edu) scannet for port 1080 2000/08/22-04:14:15.95 202.54.10.2 (tarang.vsnl.com) scan net for port 21 2000/08/22-04:16:45.23 202.54.10.2 (Kozyak Tropin & Throckmorton, MIAMI,FL, US) scan net for port 23 2000/08/22-04:16:45.23 202.54.10.2 (tarang.vsnl.com) scan net with packet to 255.255.255.255:21 2000/08/22-04:37:38.90 207.212.227.51 (vnat-051-svl.vtel.com) scan net for port 23 2000/08/22-04:40:08.19 207.217.252.68 (Kozyak Tropin & Throckmorton, MIAMI,FL, US)scan net with packet to 255.255.255.255:23 2000/08/22-04:40:08.20 207.217.252.68 (Kozyak Tropin & Throckmorton, MIAMI,FL, US) scan net for port 23 2000/08/22-04:42:34.12 139.130.80.123 (altona.lnk.telstra.net) scannet for port 23 2000/08/22-13:17:37.00 24.11.206.252 (cx622573-a.orng1.occa.home.com) multiple ftp probes to 132.235.15.111 2000/08/22-13:20:37.45 24.11.206.252 (cx622573-a.orng1.occa.home.com) scan net for port 21 2000/08/24-22:12:12.20 203.252.129.29 (Konkuk University, SEOUL, KR) scan net for port 111 2000/08/26-07:03:24.25 62.158.205.52 (p3E9ECD34.dip.t-dialin.net) scan net 132.235.3.x for port 80 2000/08/26-07:13:32.96 62.158.205.52 (p3E9ECD34.dip.t-dialin.net) scan net 132.235.15.x for port 5232 2000/08/26-07:15:00.16 62.158.205.52 (p3E9ECD34.dip.t-dialin.net) scan net 132.235.16.x for port 80 2000/08/26-07:16:01.79 62.158.205.52 (p3E9ECD34.dip.t-dialin.net) scan net 132.235.16.x for port 5232 2000/08/26-07:18:16.24 62.158.205.52 (p3E9ECD34.dip.t-dialin.net) scan net 132.235.17.x for port 80 2000/08/26-07:19:22.30 62.158.205.52 (p3E9ECD34.dip.t-dialin.net) scan net 132.235.17.x for port 5232 2000/08/26-07:21:01.49 62.158.205.52 (p3E9ECD34.dip.t-dialin.net) scan net 132.235.18.x for port 80 2000/08/26-07:22:03.43 62.158.205.52 (p3E9ECD34.dip.t-dialin.net) scan net 132.235.18.x for port 5232 2000/08/26-12:00:03.04 209.111.46.44 (Customer Comm, COLUMUS OH? US) scan net for port 23 2000/08/26-12:07:52.92 209.111.46.44 (Customer Comm, COLUMUS OH? US) probe specific machines on port 23 2000/08/28-11:44:04.20 211.41.137.222 (Future`s Cable Television, Inc, SEOUL, KR) scan net for port 21 2000/08/28-22:39:08.12 38.32.22.20 (ip20.stamford14.ct.pub-ip.psi.net) scanof por t21 on 8 machines 2000/08/29-00:10:52.91 63.193.121.64 (adsl-63-193-121-64.dsl.snfc21.pacbell.net) scan net for port 1080 2000/08/29-06:07:17.35 207.241.81.254 (207-241-81-254.ip.wwa.com) scan net 132.235.17.x for ports 445, 139 2000/08/29-18:18:52.55 208.130.44.28 (spri002a-p1-028.cybertours.com) scan net for port 21