Short summary of some of the attacks against us for Mar. 2001

year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes



2001/03/01-05:36:02.51 206.239.85.84:113 (verio.net...) multiple connections to random port/machines.
2001/03/01-17:45:59.12 10.10.10.10:9999 (moron) scan 1.x.x.x:9999. Duh. ether addr  0:10:4b:b5:ef:25
2001/03/01-17:50:22.12 206.132.27.156:6667 (irc.east.gblx.net) connettions to random port/machines. they had a dos?
2001/03/02-06:01:34.89 210.110.249.87 (1 ueun-dong, yusong-gu, Taejon, Korea) scan net for port 111
2001/03/02-06:01:35.14 210.110.249.87 (1 ueun-dong, yusong-gu, Taejon, Korea) buffer overflow attacks on multiple machines
2001/03/02-15:00:08.17 210.115.233.71 (slug.hallym.ac.kr) dump dns from ace and boss?
2001/03/02-15:05:08.71 210.115.233.71 (slug.hallym.ac.kr) probe port 113 on boss multiple times
2001/03/02-15:05:14.20 210.115.233.71 (slug.hallym.ac.kr) 1. probe ports 12345 31337 29369 5555 5300 2400 1524 21 25 109
2001/03/02-15:05:14.20 210.115.233.71 (slug.hallym.ac.kr) 2. 110 111 on ace,boss,cosmo,prime, etc
2001/03/02-15:07:38.30 212.179.85.157 (PT712157.bezeqint.net) start of probes/buff oveflow attacks on mult. machines, mult. ports
2001/03/02-15:10:31.19 212.179.85.157 (PT712157.bezeqint.net) breach security on 132.235.15.76 w/stollen passwd...
2001/03/03-08:54:17.68 128.32.148.253:20 (ishmael-148.Berkeley.EDU) scan net for port 5665
2001/03/03-14:25:31.86 204.149.78.2:38892 (IRIS.competition96.com) scannet for port 80
2001/03/03-14:25:51.33 204.149.78.2:38892 (IRIS.competition96.com) scannet for port 5232
2001/03/04-18:29:39.52 12.0.0.110:53 (ATT.NET looser) scan net for port 53
2001/03/05-05:48:12.98 210.248.62.194 (ez computer limited,OKINAWA,JP) scan net for port 555
2001/03/05-09:12:04.24 216.20.237.97 (WESTERN WATS,PROVO,UT,US) scan partial net for port 515
2001/03/06-10:27:35.43 24.191.66.42 (ool-18bf422a.dyn.optonline.net) scan several machines for port 22
2001/03/06-13:52:18.05 198.234.253.57 (Some oarnet looser) attempt login to 132.235.1.252 as root passwd administrator
2001/03/06-16:48:41.89 209.10.210.67 (Globix Corporation, NY, NY, US) scan net for port 21
2001/03/06-22:30:13.41 203.239.104.40 (Inet INC.  Kangnam-gu, Seoul, KR) scan net for port 111
2001/03/07-00:28:32.17 207.110.27.34 (CONNECTNet Internet Network Services,San Diego, CA, US) scan net for port 53
2001/03/07-00:29:23.76 217.2.217.141 (pD902D98D.dip.t-dialin.net) 1) scannet for port 21,
2001/03/07-00:29:23.76 217.2.217.141 (pD902D98D.dip.t-dialin.net) w) try to create dirs on anon ftp sites.
2001/03/07-11:39:18.25 202.85.61.234:21 (ip61-234.asiaonline.net) scan net for port 21
2001/03/07-12:26:57.11 211.182.216.130 (Korea crap) scan net for port 111
2001/03/08-02:23:32.70 208.63.83.1 (shell-o-matic.net) scan net for port 23
2001/03/09-14:58:17.87 211.46.7.2 (Korea crap) scan net for port 111
2001/03/10-15:42:27.08 211.101.137.82 (HJele,the customer of Capital Network, CHINA) scannet for port 111
2001/03/10-15:54:44.48 194.16.56.47 (Stockholm, Sweden) scannet for port 111
2001/03/11-09:43:27.16 211.58.254.21 (HANARO Telecom,SEOUL, KR) scannet for port 53
2001/03/11-12:14:34.28 132.235.176.242 (dhcp-176-242.bromley.ohiou.edu) scan net for port 119
2001/03/12-14:47:30.04 213.107.39.129 (pc129-lut21.cable.ntl.com) scan net for port 21
2001/03/12-18:05:47.17 213.107.39.129 (pc129-lut21.cable.ntl.com) scan net for port 1080
2001/03/13-08:02:34.07 217.2.247.14 (pD902F70E.dip.t-dialin.net) scan net for port 21
2001/03/13-16:13:57.85 24.247.18.198 (018tvc198.chartermi.net) 1. retrieve dummy passwd file via anon ftp
2001/03/13-16:13:57.85 24.247.18.198 (018tvc198.chartermi.net) 2. try dummy acct with decoded passwd.
2001/03/14-10:33:14.41 217.58.213.111 (CHIURCO ERNESTO, IT) scan 123.235.201.x for port 111
2001/03/14-20:35:08.91 208.143.192.130 (INTERVAL INTERNATIONAL, MIAMI, FL,US) 1. scan net for port 21
2001/03/14-20:35:08.91 208.143.192.130 (INTERVAL INTERNATIONAL, MIAMI, FL,US) 2. try to create dirs on anon ftp servers
2001/03/14-20:36:26.78 208.143.192.130 (INTERVAL INTERNATIONAL, MIAMI, FL,US) scan net for port 137
2001/03/16-03:03:11.41 213.239.30.111 (carrier1.net, London, Eng) scannet for port 23
2001/03/16-07:13:20.83 211.113.211.66 (Korea krap) scan net for port 111
2001/03/16-22:23:36.87 194.29.174.95 (WARSAW UNIVERSITY OF TECHNOLOGY, PL) scan net for port 111, buff overflow attacks
2001/03/17-14:49:14.43 64.20.58.225 (nas-58-225.toronto.navipath.net) scannet for port 21
2001/03/17-22:05:01.64 24.2.131.65 (c265085-a.blfld1.ct.home.com) scannet for port 53
2001/03/18-02:36:37.15 24.30.182.61 (sc-24-30-182-61.socal.rr.com) scan net for port 53
2001/03/22-07:50:14.48 210.122.199.159 (lid.scjc.ac.kr.199.122.210.in-addr.arpa) scen net for port 111, buff overflow attacks
2001/03/23-10:45:34.51 216.144.173.185 (PenTeleData Inc, PA, US) scan net for port 27374
2001/03/23-13:58:15.63 211.130.40.178 (Comfield Limited Company,KANAGAWA 258-0026 JAPAN) scan net for port 21
2001/03/24-12:51:42.37 63.103.38.10 (Chelmsford Online Se, MA, US) scan net for port 53
2001/03/24-14:27:39.10 211.34.138.126 (Korea crap) scan net for port 111
2001/03/24-18:53:04.72 202.50.167.4 (ns2.thenet.co.nz) scan net for port 53
2001/03/25-02:55:50.43 210.123.5.131 ( Korea Telecom, KR) scan net for pport 53
2001/03/25-12:03:27.07 213.46.134.90 (d134090.upc-d.chello.nl) scannet for port 21
2001/03/25-20:02:42.32 193.252.36.186 (AToulouse-101-1-1-186.abo.wanadoo.fr) scan net for port 21
2001/03/27-00:08:03.66 202.186.86.108 (Calberson Helu-Zaid Sdn Bhd,SELANGOR,MY) scan net for port 111
2001/03/26-05:29:26.04 216.244.139.214 (www.binature.com,LIMA,PE) scannet for port 111
2001/03/26-05:53:18.69 216.244.139.214 (www.binature.com,LIMA,PE) mult buff overflow attacks against virtually every machine we have.
2001/03/27-10:26:40.78 216.244.139.214 (www.binature.com,LIMA,PE) scannet for port 111
2001/03/27-10:49:58.31 216.244.139.214 (www.binature.com,LIMA,PE) mult buff overflow attacks against virtually every machine we have.
2001/03/28-06:32:43.17 210.219.165.216 (s210-219-165-216.thrunet.ne.kr) scaan net for port 53
2001/03/28-18:26:01.16 24.31.215.252 (cae31-215-252.sc.rr.com) scan net for port 111, some buff overflow attacks
2001/03/29-00:00:30.32 63.27.37.142 (1Cust142.tnt1.medina.oh.da.uu.net) scan net for port 23
2001/03/29-02:24:26.02 129.244.252.79 (Rppp2-79.net.utulsa.edu) probe port 111 on boss
2001/03/29-13:59:31.95 64.229.139.79 (HSE-Ottawa-ppp159694.sympatico.ca) scan net for port 21
2001/03/29-14:28:09.90 202.101.43.143 (Shanghai Long Distance Telecom,CN) scan net for port 111 + buff overflow attacks
2001/03/29-18:55:19.44 210.232.100.2 (Macronix BVI Co.,Ltd., JP) scan net for port 53
2001/03/30-01:02:06.89 134.169.53.17 (moor.math.nat.tu-bs.de) scan net for port 515
2001/03/30-01:10:08.93 134.169.53.17 (moor.math.nat.tu-bs.de) scan net for port 23
2001/03/30-04:35:35.38 194.78.218.248 (194-78-218-248.pro.turboline.skynet.be) scannet for port 515
2001/03/30-04:44:47.59 194.78.218.248 (194-78-218-248.pro.turboline.skynet.be) scannet for port 23
2001/03/31-08:42:00.06 216.254.22.75 (rbrown46-2.dsl.speakeasy.net) scan net for port 21
2001/03/31-23:04:43.06 202.111.177.233 (JiLin University,CN) scan net for port 53