Short summary of some of the attacks against us for Apr. 2001 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2001/04/01-14:50:56.53 202.101.43.143 (Shanghai Long Distance Telecom Integration Deve. Co,CN) scan net for port 111 2001/04/01-23:28:13.71 195.116.250.68 (Etna System,Warszawa.PL) scan net for port 53 2001/04/01-23:46:52.22 159.226.251.242 (Institute of Computing Technology Chinese Academy of SciencesA) 1. scannet for port 515 2001/04/01-23:46:52.22 159.226.251.242 (Institute of Computing Technology Chinese Academy of SciencesA) 2. followd by buff ovflow attacks. 2001/04/02-03:31:52.80 63.26.3.246 (1Cust246.tnt6.nashville.tn.da.uu.net) portscan 132.235.1.252 2001/04/02-07:51:34.93 206.227.11.83 (206-227-11-83.kern.org) scan net for port 515+buff overflow attacks 2001/04/02-09:31:06.77 65.24.224.170 (dhcp065-024-224-170.insight.rr.com) scan net for port 21 2001/04/02-14:19:56.69 209.217.53.190:111 (aux-209-217-53-190.oklahoma.net) scan net for port 111 2001/04/02-22:39:21.29 168.212.77.123 (Washington Schools Information Processing Cooperative,WA,US) scannet for port 53 2001/04/03-02:39:24.22 168.212.77.123 (Washington Schools Information Processing Cooperative,WA,US) scannet for port 21 2001/04/03-03:43:18.49 137.48.142.161 (University of Nebraska at Omaha) scan net for port 515+buff overflow attacks 2001/04/03-04:31:24.51 216.223.42.244 (Madge Networks, Inc,NY,NY,US) scan net for port 515 2001/04/03-04:35:29.27 216.223.42.244 (Madge Networks, Inc,NY,NY,US) start buffer overflow attacks 2001/04/04-05:39:19.93 132.235.197.133 (news.cns.ohiou.edu) start of regular connections to 132.235.1.1 on port 524 ? 2001/04/04-06:59:20.82 210.183.83.249 (nefe21.or.kr) scan net for port 515 2001/04/04-07:03:30.95 210.183.83.249 (nefe21.or.kr) 1)start of buff overflow attacks - port 515 mult. mach 2001/04/04-07:03:30.95 210.183.83.249 (nefe21.or.kr) 2) followed by probes to port 3879 2001/04/04-14:37:44.47 207.159.119.131 (Orbit Wireless Cable Inc.,NY,US) scan net for port 515 2001/04/04-14:42:04.41 207.159.119.131 (Orbit Wireless Cable Inc.,NY,US) 1)start of buff overflow attacks - port 515 mult. mach 2001/04/04-14:42:04.41 207.159.119.131 (Orbit Wireless Cable Inc.,NY,US) 2) followed by probes to port 3879 2001/04/04-16:04:03.15 157.158.60.2 (slk.bud.polsl.gliwice.pl) scan net for port 5232 2001/04/04-16:26:39.83 63.87.244.30 (Natex Communications,NJ,US) scan net for port 111 and statmon port 2001/04/04-19:14:47.22 216.240.142.107 (dsl-3-atm-gte-tdc-142-107.webvision.net) scannet for port 53 2001/04/04-20:35:25.66 193.95.63.230 (Agence Tunisienne Internet - ATI,TN) scan net for port 515 2001/04/04-20:35:26.09 200.54.171.210 (Ad. De Mutuos Hipotecarios, SANTIAGO, CH) scan net for port 53 2001/04/04-20:42:26.37 141.28.33.143 (scrtchy.ai-lab.fh-furtwangen.de) scannet for port 515 2001/04/04-20:46:45.13 141.28.33.143 (scrtchy.ai-lab.fh-furtwangen.de) 1) start of buff overflow attacks against port 515 mult. mach. 2001/04/04-20:46:45.13 141.28.33.143 (scrtchy.ai-lab.fh-furtwangen.de) 2) followed by probes to port 3879 2001/04/04-21:24:59.72 193.206.52.96 (gas.mfn.unipmn.it) scan net for port 53 2001/04/05-03:14:58.34 63.87.244.30 (Natex Communications,NJ,US) scan net for port 111 and statmon port 2001/04/05-03:35:08.30 63.87.244.30 (Natex Communications,NJ,US) buff overflow attacks on statmon port on multiple machines 2001/04/05-05:06:31.38 157.158.60.2 (Silesian Technical University,Gliwice,PL) TELNET SGI telnetd format bug [**]attack 2001/04/05-05:40:52.22 202.98.123.68 (Sichuan Public Information Industry Co, CN) scan for port 3072, 1024 thruout the day 2001/04/05-06:31:05.61 63.87.244.30 (Natex Communications,NJ,US) scan net for port 111 +buff overflow attacks 2001/04/05-07:51:08.85 211.111.144.206 (Korea crap) scannet for port 111 2001/04/05-16:41:01.14 210.99.13.253 (Korea crap) scannet for port 111 2001/04/06-11:40:34.70 212.131.172.130 (COMAIS, Toronto IT) scannet for port 111 + buff overflow attacks 2001/04/07-02:42:04.57 210.96.22.61 (Korea krap) scannet for port 53 + buff overflow attacks 2001/04/08-00:19:03.83 195.210.129.22 (Rosbiznesbank.access.comstar.ru) L1ion scans and attacks. 2001/04/08-05:22:17.36 209.217.19.196 (aux-209-217-19-196.oklahoma.net) scan net for port 111 2001/04/08-15:13:08.68 24.232.100.216 (OL216-100.fibertel.com.ar) scan net for port 111 2001/04/08-15:48:28.03 217.4.43.245 (pD9042BF5.dip.t-dialin.net) scan net for port 21 2001/04/08-17:47:37.64 211.123.222.197 (Sun System Corporation, jp) scan net for port 21 2001/04/09-00:55:08.78 24.29.85.32 (cm-24-29-85-32.nycap.rr.com) sdcannet for port 515, 23, 2001/04/09-03:14:35.24 128.153.48.78:2666 (woodbox.erc.clarkson.edu) scan net for port 21 2001/04/09-03:16:18.16 128.153.48.78:2666 (woodbox.erc.clarkson.edu) scan net for port 53 2001/04/09-11:07:41.69 24.188.198.8 (ool-18bcc608.dyn.optonline.net) scan net for port 515 + buff overflow attacks 2001/04/09-12:33:37.32 211.112.27.157 (Korea crap) scan net for port 111+buff overflow attacks - rstatd 2001/04/09-14:55:30.20 209.15.153.169 (saihat.net) scanet for port 53 2001/04/09-16:08:33.78 63.198.192.66 (adsl-63-198-192-66.dsl.snfc21.pacbell.net) scannet for port 111 2001/04/09-16:11:48.99 195.36.245.27 (bas1-27.idf1-1.club-internet.fr) scan net for port 21 2001/04/10-10:51:01.52 203.185.50.185 (megadigit.net,HK) scan net for port 53 2001/04/10-14:23:09.88 63.151.40.202 (Qwest Communication, DENVER,CO,US) scan net for port 515,23 2001/04/10-20:22:33.31 65.24.232.162 (dhcp065-024-232-162.insight.rr.com) portscan 132.235.1.[1,2,7,11] 2001/04/10-20:51:23.72 129.8.133.58 (California State University at Fresno,CA,US) scan net for port 111+buff overflow atack 2001/04/10-21:55:24.46 128.104.188.154 (ieserv3.ie.wisc.edu) scan net for port 53 2001/04/10-23:28:39.61 128.104.188.154 (ieserv3.ie.wisc.edu) scan net for port 1080 2001/04/11-03:03:40.15 210.54.89.46 ( 210-54-89-46.ipnets.xtra.co.nz) try to login to 132.235.16.100 as root/condor 2001/04/11-03:23:34.85 216.76.145.216 *adsl-76-145-216.msy.bellsouth.net) scan net for port 515,23 2001/04/11-09:01:12.80 200.48.140.194 (inf2001.3i.com.pe) scen net for port 21 2001/04/11-09:01:19.33 210.163.123.68 (Officewise Company Limited, JP) scannet for port 21 2001/04/11-12:52:28.28 172.168.104.143 (ACA8688F.ipt.aol.com) scannet for port 21 2001/04/11-12:57:28.70 172.168.104.143 (ACA8688F.ipt.aol.com) scannet for port 21 2001/04/11-13:51:43.94 172.161.95.220 (ACA15FDC.ipt.aol.com) scannet for port 21 2001/04/11-16:01:07.85 63.50.203.237 (UUnet morton) tried to use 1322.35.1.7 as a news server. 2001/04/11-22:44:27.31 216.62.53.97 (Adtek Corporation,PALNO,TX,US) scan net for port 515,23 2001/04/12-04:37:34.48 172.168.44.210 (ACA82CD2.ipt.aol.com) scannet for port 21 2001/04/12-17:04:39.67 24.93.32.5 (cs9332-5.austin.rr.com) scan net for port 21 2001/04/12-17:19:30.42 129.237.103.214 (University of Kansas, KS, US) portscan 132.235.1.2 2001/04/13-00:29:36.07 63.50.204.199 (UUNET crap) probe 132.235.1.7 for port 119 2001/04/13-00:59:12.39 210.74.170.5:21 (Megicw3 Technical Services Co.,Ltd,CN) scannet for port 21 2001/04/13-15:59:03.55 211.169.90.118 (Korea crap) scan net for port 111 2001/04/13-15:59:07.12 211.169.90.118 (Korea crap) start of buff overflow attacks 2001/04/13-23:27:24.87 24.95.76.48 (dhcp9576048.columbus.rr.com) port scan 132.235.1.2 2001/04/13-23:29:28.42 24.95.76.48 (dhcp9576048.columbus.rr.com) port scan 132.235.1.1 2001/04/13-23:34:39.54 24.95.76.48 (dhcp9576048.columbus.rr.com) port scan 132.235.1.3 2001/04/13-23:39:26.15 24.95.76.48 (dhcp9576048.columbus.rr.com) port scan 132.235.1.188 2001/04/14-10:02:08.98 202.99.62.46 (Beijing Ling Qi Network, CN) scan net for port 111 + buff overflow attacks 2001/04/14-15:24:12.93 217.80.48.226 (pD95030E2.dip.t-dialin.net) scan net for port 21 2001/04/14-22:19:05.07 164.164.79.2 (ruby.acceleratednetworks.soft.net) scannet for port 111 + buff overflow attacks 2001/04/15-00:58:23.20 209.196.12.244 (Isle Inc,Gardena, CA,US) scan net for port 53 2001/04/15-01:58:34.40 210.205.66.1(Korea crap) scannet for port 111 2001/04/15-09:00:36.32 62.122.21.174 (Galactica.it Flatrate Users,IT) scan net for port 111 2001/04/15-09:14:48.95 62.122.21.174 (Galactica.it Flatrate Users,IT) scan net for port 21 2001/04/15-09:16:12.00 62.122.21.174 (Galactica.it Flatrate Users,IT) start of multiple buff overflow attacks 2001/04/15-09:22:16.14 62.122.21.174 (Galactica.it Flatrate Users,IT) scan net for port 21 2001/04/15-11:23:32.37 211.46.206.9 (Korea crap) scan net for port 111 + bugg overflow attacks 2001/04/15-11:35:48.70 213.56.236.114 ( ca-ol-sqy-13-114.abo.wanadoo.fr) scan net for port 21 2001/04/15-14:30:28.78 203.197.150.162 (Videsh Sanchar Nigam Ltd - India) scan net for port 111+buff overflow attacks 2001/04/15-17:22:07.71 130.183.51.62 (x003.aug.ipp-garching.mpg.de) scan net for port 515 2001/04/16-00:12:25.18 63.50.204.32 (UUNET crap) probe 132.235.1.7 for port 119 2001/04/16-07:09:30.96 63.251.5.44 (server2044.virtualave.net) probe ports 80.8080,3128 on 132.235.18.132 2001/04/16-10:51:42.81 64.94.89.2 (fw1.gator.com) scan a high port on multiple machines., 2001/04/16-11:21:56.30 206.11.238.158 (238dul158.chartermi.net) scan net for port 111+buff overflow attacks 2001/04/16-14:54:32.17 193.45.3.201 (europe.battle.net) scan several machines on random high ports 2001/04/16-15:50:09.81 65.24.232.162 (dhcp065-024-232-162.insight.rr.com) 1. 696, 80, 969, 99, 999, 9999, 2001/04/16-15:50:09.81 65.24.232.162 (dhcp065-024-232-162.insight.rr.com) 1. scan machines for port 1999,20000,21,22,65,66,666,6666 2001/04/16-18:04:23.06 207.239.97.164 (Business Internet, Inc,TAMP,FL,US) scan net for port 21 2001/04/16-22:05:48.88 63.104.49.23 (NC Interactive,IRVINE,CA,US) probe multiple machies on a random(?) high port 2001/04/16-22:38:53.11 209.219.140.84 (OKCNC1-UBR1-3-hfc-0251-d1db8c54.rdc1.ok.coxatwork.com) scan net for port 111 2001/04/16-22:59:39.46 132.235.162.183 (e2183.east-green.ohiou.edu) scan net for port 21 2001/04/16-23:00:45.01 132.235.175.34 (w7034.west-green.ohiou.edu) scannet for port 21 2001/04/17-01:24:53.77 202.96.122.29 (YAUKAM CO.LTD HANGZHOU OFFICE,Hangzhou,Zhejiang,CN) scan net for port 53 2001/04/17-09:42:15.25 211.23.10.94 (CHTD, Chunghwa Telecom Co.,Ltd.,Taipei Taiwan 100,TW)scan net for port 111 2001/04/17-09:44:58.97 211.22.116.173 (CHTD, Chunghwa Telecom Co.,Ltd.,Taipei Taiwan 100,TW)scan net for port 21 2001/04/17-10:04:33.16 211.23.10.94 (CHTD, Chunghwa Telecom Co.,Ltd.,Taipei Taiwan 100,TW)scan net for port 21 2001/04/17-12:14:27.76 203.38.106.66 (Aceway Nominees P/L,EAST PERTH,AU) scannet for port 53 2001/04/17-13:19:50.97 210.65.178.5 (CHTD, Chunghwa Telecom Co.,Ltd.,Taipei Taiwan 100,TW) scan net for port 111+buff overflow attacks 2001/04/17-18:18:23.57 211.251.177.199 (SUNGSUK ELEMENTARY SCHOOL,KOREA) scan seleted machines for port 111+buff overflow attacks 2001/04/17-20:31:59.59 193.252.43.137 (AReims-101-2-1-137.abo.wanadoo.fr) scannet for port 21, mkdirs on anon ftp servers. 2001/04/17-23:26:03.09 63.50.204.22 (UUnet crap) probe port 119 on 132.235.1.7 2001/04/18-05:01:11.89 211.240.36.8 (Korea crap) scan net for port 53 2001/04/18-15:02:52.04 213.46.86.68 (d86068.upc-d.chello.nl) portscan machines on 20,21,111,115,133,198,200 2001/04/18-15:05:27.36 213.46.86.68 (d86068.upc-d.chello.nl) portscan net for port 21 2001/04/18-19:50:05.78 24.14.148.139 (c507912-a.smateo1.sfba.home.com) scan net for port 53 2001/04/18-19:58:47.16 194.105.20.34 (zis-admin.happydent.lasting.ro) probe port 31337 on 132.235.1.11 2001/04/18-21:04:32.31 203.186.139.89 (186_139user89.ctinets.com-HK) scan net for port 515 2001/04/18-23:25:48.89 24.95.76.228 (dhcp9576228.columbus.rr.com) scan 132.235.1.2 for port 161,23,137,9 2001/04/18-23:37:10.63 194.105.20.34 (zis-admin.happydent.lasting.ro) probe port 31337 on 132.235.1.11 2001/04/19-04:59:03.18 203.69.254.125 (Taiwain crap) scannet for port 111 2001/04/19-09:22:10.64 204.214.6.215:25 (mgw.bigwhat.com) scan net for random high number port (1k-2k) 2001/04/19-15:52:40.96 ???.??.??.? (??) attack 132.235.1.11 with syn attack, spoofed from ip; start port 1 and go up. 2001/04/19-17:16:34.31 132.235.242.112 (dhcp-242-112.cns.ohiou.edu) scannet for port 3306 2001/04/19-20:42:21.34 216.78.193.71 (adsl-78-193-71.mia.bellsouth.net) scan net for port 515 2001/04/21-02:41:50.01 24.130.228.132 (nic-130-c228-132.new.rr.com) scan net for port 21 2001/04/20-16:37:20.65 24.188.29.200 (ool-18bc1dc8.dyn.optonline.net) scan 132.235.1.1 for port 111 2001/04/20-16:43:07.44 64.29.16.193:111 (jc.asean2000.com) scan net for port 111 2001/04/20-07:31:30.82 65.0.251.51 (c969981-a.marin1.sfba.home.com) scan net for port 21 2001/04/20-13:07:01.34 209.239.236.203 (pdeyo.cust.vcnet.com) scan net for port 515 2001/04/20-16:15:23.65 212.204.131.69 (CP17618-A.ROOSE1.NB.NL.HOME.COM) scannet for port 21 2001/04/20-17:43:16.77 210.178.9.1 (Korea crap) scan net for port 53 2001/04/20-23:14:45.09 148.235.240.114 (du-148-235-240-114.prodigy.net.mx) scannet for port 139, probe port 23 2001/04/21-13:17:38.23 212.32.130.10 (dns.artedi.nordmaling.se) scan port 21 on 132.235.1.7 2001/04/21-13:17:46.55 212.32.130.10 (dns.artedi.nordmaling.se) prope portmap services on 132.235.1.7 2001/04/21-13:17:48.19 212.32.130.10 (dns.artedi.nordmaling.se) 1. Launch buffere overflow attack on snmp service 2001/04/21-13:17:48.19 212.32.130.10 (dns.artedi.nordmaling.se) 2. download rootkit from adm@sirius.chemie.uni-bonn.de:/var/adm/djakn.tar 2001/04/21-13:17:48.19 212.32.130.10 (dns.artedi.nordmaling.se) 3. compromise additional systems on local net. 2001/04/21-18:20:25.47 211.114.55.241 (Korea crap) scan net for port 53 2001/04/21-21:36:39.50 149.156.63.3 (Academic Computer Centre, KRAKOW, PL) scan net for port 111 2001/04/21-22:03:00.26 64.39.14.95:53 (server2.idika.net) scannet for port 53 2001/04/21-22:03:00.32 64.39.14.95 (server2.idika.net) probe machiens with named running 2001/04/22-16:01:54.22 130.219.173.123 (University of Medicine and Dentistry of New Jersey, NJ,US) scan net for port 21 2001/04/22-20:41:28.20 211.21.79.140 (CHTD, Chunghwa Telecom Co.,Ltd.Taipei Taiwan) scan net for port 515 2001/04/22-23:04:32.47 216.201.181.59 (Logix Communications,OKlahoma city, OK,US) scannet for port 53 2001/04/22-23:23:39.49 63.50.204.167 (UUnet looser) banging on port 119 of 132.235.1.7 2001/04/23-04:28:40.35 212.93.155.112 (212.93.155.112.catv.rdsor.ro) 1.someone used 132.235.1.11 to setup up irc bouncer. 2001/04/23-04:28:40.35 212.93.155.112 (212.93.155.112.catv.rdsor.ro) 2. ftp software from ftp.home.ro as blueboy/blue2k 2001/04/23-04:28:40.35 212.93.155.112 (212.93.155.112.catv.rdsor.ro) 3. download psyBNC (fopr irc) from freshmeat.net 2001/04/23-04:28:40.35 212.93.155.112 (212.93.155.112.catv.rdsor.ro) 4. dowload http://www.psychoid.lam3rz.de/psyBNC2.2.2.tar.gz 2001/04/23-04:28:40.35 212.93.155.112 (212.93.155.112.catv.rdsor.ro) 5. Server Surrey.Uk.Eu.Undernet.Org, user Blue}{boy/undergr0und 2001/04/23-06:28:45.64 211.7.40.131 (enterprise hatakeyama office Co.,Ltd., JP) scan several machiens for port 53 2001/04/23-08:02:34.67 203.233.10.66 (Dacom,co, SEOUL,KR) scannet for port 111 + buff overflow attacks. 2001/04/23-16:45:01.13 203.186.139.89 (186_139user89.ctinets.com) scan net for port 515, 23 2001/04/23-19:19:57.27 203.238.69.61 (Korea crap) scannet for port 111 2001/04/23-22:33:32.76 140.122.146.20 (Ministry of Education Computer Center,TW) scan net for port 111+buff overflow attack 2001/04/24-00:13:20.03 66.24.58.251 (syr-66-24-58-251.twcny.rr.com) scannet for port 27374 2001/04/24-02:02:52.62 199.243.250.136 (jupiter.ngen.bellnexxia.net) buff overflow attack 132.235.16.100 2001/04/24-02:03:11.75 199.243.250.136 (jupiter.ngen.bellnexxia.net) scan port 111 on aditional machines 2001/04/24-07:38:00.71 210.244.76.157 (Digital United Inc.,Taipei, Taiwan) scan net for port 23 2001/04/24-10:33:26.37 210.96.3.129 (Korea crap) scan net for port 53+buff overflow attac 2001/04/24-12:29:25.86 210.226.167.98 (.jp) can net for port 53 +buff overflow attack 2001/04/24-15:43:24.25 163.29.17.77 (Ministry of Education Computer Cente,TW) scannet for port 53+buff overflow attack 2001/04/25-07:18:36.23 66.35.227.102 (Netgeo, Inc.,CA,US) scan net for ports 33450,33451 2001/04/25-07:42:19.14 199.172.136.19 (gemini2.ieee.org) probe port 113 on several machines all day long. 2001/04/25-08:15:49.55 199.172.136.140 (gemini3.ieee.org) probe port 113 on several machines all day long. 2001/04/25-08:42:38.28 64.216.70.132 (texascheesecake.com) scan net for port 21 2001/04/25-09:18:24.52 194.158.175.132 (cable132.175.eneco.bart.nl) scan net for port 21, try to create directories. 2001/04/25-12:09:43.31 194.158.175.132(cable132.175.eneco.bart.nl) scan net for port 21, try to create directories. 2001/04/25-14:35:08.30 194.158.175.132(cable132.175.eneco.bart.nl) 1. login as anon ftp to 2 machines, pass anonymous@on.the.net 2001/04/25-14:35:08.30 194.158.175.132(cable132.175.eneco.bart.nl) 2. create specific dirs in anon ftp 19.1,19.56, such as: 2001/04/25-14:35:08.30 194.158.175.132(cable132.175.eneco.bart.nl) 3. "/.tmp/. tagged/and scanned/for limey's board/filled by/skatin/OfficeXP (FINAL)" 2001/04/25-14:39:09.02 212.58.163.58 (qn-212-58-163-58.quicknet.nl) conn anon ftp to 132.235.19.1 2001/04/25-15:39:08.46 194.158.175.132(cable132.175.eneco.bart.nl) scan net for port 21, try to create directories. 2001/04/25-16:36:00.84 205.246.85.4 (Red Rose Systems, HARRISBURG,PA) scan net for port 111 2001/04/25-17:03:14.30 205.246.85.4 (Red Rose Systems, HARRISBURG,PA) buff overflow attacks 2001/04/25-18:31:50.81 129.241.212.111 (rover.nvg.ntnu.no) scan high port on 5 machines 2001/04/26-01:27:27.19 24.24.157.227 (we-24-24-157-227.we.mediaone.net)scannet for port 515+attacks, conn to port 3879 2001/04/26-01:49:35.56 209.94.211.127 (cuscon2559.tstt.net.tt) portscan 132.235.1.[1-102] 1-47808 2001/04/26-02:17:30.43 209.94.211.114 (cuscon2546.tstt.net.tt) scan net for ports 21,20,22 (interesting combiniation of ports) 2001/04/26-02:55:13.36 195.120.134.31 (dns.sit.it) scannet for port 111 2001/04/26-06:39:45.89 66.35.227.102 (NetGeo, Mountain View , CA,US) scan several machines for port 3345[012] 2001/04/26-08:54:38.21 199.172.136.19 (gemini2.ieee.org) start of numberous probes to port 113 on multiple machines 2001/04/26-09:22:39.99 199.172.136.140 (gemini3.ieee.org) start of numberous probes to port 113 on multiple machines 2001/04/26-09:41:39.43 62.153.204.207 (Deutsche Telekom AG,,BONN,GERMANY) scan net for ports 23, 111+buiff overvlow attacks 2001/04/26-18:51:32.74 65.24.63.55 (dhcp065-024-063-055.columbus.rr.com) portscan 132.235.3.89 2001/04/27-15:38:55.93 62.179.129.37 (Chello Broadband GmbH,VIENNA,Austria) scan net for port 515 2001/04/27-15:47:17.93 62.179.129.37 (Chello Broadband GmbH,VIENNA,Austria) scan net for port 23 2001/04/27-18:47:40.92 216.246.21.48 (0000tuttogratis.com) 4 connects per hr to random port on 132.235.1.160. 2001/04/28-02:51:10.46 63.199.26.205 (John Brand,Redwood City, CA,US-aka-scenariogame.com) scan net for port 515 2001/04/28-02:53:33.22 63.199.26.205 (John Brand,Redwood City, CA,US-aka-scenariogame.com) scan net for port 23 2001/04/28-05:42:33.48 216.246.21.48 (0000tuttogratis.com) 4 connects per hr to random port on 132.235.1.160. 2001/04/28-06:40:17.74 210.52.214.15 (China Netcom Corp.,CN) 1. scan net for port 21 2001/04/28-06:40:17.74 210.52.214.15 (China Netcom Corp.,CN) 2. rescan selected machines port 21, 137,53 2001/04/28-07:25:09.28 210.145.136.146 (Open Ccomputer Network- JP) scannet for port 53 2001/04/28-12:12:47.75 208.7.130.163 (BIZWIND INC.,HONOLULU, HI) scan net for port 111 2001/04/28-12:12:50.07 208.7.130.163 (BIZWIND INC.,HONOLULU, HI) rescan machines that answered previous probe. 2001/04/28-12:42:01.52 208.7.130.163 (BIZWIND INC.,HONOLULU, HI) launch buffer overflow attacks 2001/04/28-14:28:43.49 132.235.150.85 (dhcp-150-085.cns.ohiou.edu-Porter hall) scan net for port 80 2001/04/28-14:44:59.30 132.235.150.85 (dhcp-150-085.cns.ohiou.edu-Porter hall)download most all anon-ftp files availablefrom ace. 2001/04/28-15:02:13.57 132.235.150.85 (dhcp-150-085.cns.ohiou.edu-Porter hall) rescan net for port 80 2001/04/28-15:46:29.59 132.235.150.85 (dhcp-150-085.cns.ohiou.edu-Porter hall) scan net for port 139 2001/04/28-15:47:11.58 132.235.150.85 (dhcp-150-085.cns.ohiou.edu-Porter hall) scan net for port 137,139 and 445 2001/04/28-16:29:39.26 132.235.150.85 (dhcp-150-085.cns.ohiou.edu-Porter hall) scan net for port 139 2001/04/29-00:56:02.32 154.20.30.236 (ip236.quebec15.dialup.canada.psi.net) scannet for port 21, attempt mkdirs. 2001/04/29-05:32:09.60 210.204.194.163 (Korea crap) scan net for port 111 2001/04/29-05:58:42.57 196.31.28.34 (UUNET africa.) scannet for port 111 2001/04/29-10:01:39.51 24.132.203.138 (Kabeltelevisie Amsterdamm NL) scan net for port 21 2001/04/29-11:55:12.99 63.109.1.20 (Netcom Technologies,Gaithersburg, MD) scan net for port 23 2001/04/29-12:10:22.77 213.51.112.148 (cc58075-a.sneek1.fr.nl.home.com) scannet for port 21 2001/04/29-14:53:51.64 140.251.160.46 (Cornell University Medical College,New York, NY,US) scan net for port 111+buff overflow attk 2001/04/29-15:26:20.00 210.160.137.136 (INMEL Corporation,JP) scan net for port 111+buff overflow attacks 2001/04/29-15:34:16.85 210.119.188.57 (Korea crap) probe port 111 + buff overflow attacsk on 132.235.1.[1,2,252] 2001/04/29-18:26:44.27 208.176.186.48 (Concentric DIAL /32s - Chico CA) scan net for port 23, buff overflow attack vi imapped ports 2001/04/29-21:12:59.29 199.243.250.136(WorldLinx Telecommunications, Inc.,Ottawa, Ontario,CA) probe port 111,530 on prime 2001/04/29-23:53:45.93 64.209.190.236 (Presenter.com,San Jose, Ca,US) scan net for port 53,probe DNS severs 2001/04/30-00:42:45.85 193.165.168.178 (SkyNet, a.s., Brno,CZ) scan net for port 53 2001/04/30-02:55:50.83 63.237.42.4 (RELEVANT BUSINESS SOL,CLEVELAND, OH,US) scan net for port 111 2001/04/30-02:55:52.81 63.237.42.4 (RELEVANT BUSINESS SOL,CLEVELAND, OH,US) start of buff overflow attacks 2001/04/30-05:06:16.83 63.208.241.96 (dialup-63.208.241.96.LosAngeles1.Level3.net) scannet for port 1243 4565 7734 27374 2001/04/30-07:12:19.70 202.134.83.212 (ip-212-83-134-202.rev.dyxnet.com-HK) scan net for port 111 + buff overflow attacks 2001/04/30-10:25:47.74 195.5.17.246 (www.gc.lviv.ua) try to connect port 80.88.8888.8080,3128 on several machines doine day. 2001/04/30-15:35:33.10 200.216.192.4 (TELECOMUNICACOES DA BAHIA S/A,-BRAZIL) scan several machiens for high ports. 2001/04/30-18:38:40.28 64.210.163.57 (iTelco Communications,San Jose,CA,US) scannet for port 111+buff overflow attacks 2001/04/30-19:21:07.71 139.223.12.158 (Tatung Company,Taipei,TW) scan net for port 53 2001/04/30-23:55:52.99 212.144.204.43 (dusdi5-212-144-204-043.arcor-ip.net) ftp to printer, try mkdir as an atack.