Short summary of some of the attacks against us for May. 2001

year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes




2001/05/01-10:14:03.88 213.57.125.62 (onstop Cable ISP,IL) scan net for port 21, try to create dirs.
2001/05/01-10:26:10.63 193.252.43.137 (AReims-101-2-1-137.abo.wanadoo.fr) scan net for port 21
2001/05/01-15:49:56.10 210.91.243.124 (Korea crap) scan net for port 21,111,137
2001/05/01-16:11:10.50 152.149.41.86 (Daewoo Information Systems Co.,KR) scan net for port 111+buff overflow attacks
2001/05/01-23:00:26.70 212.131.172.130:111 (COMAIS (interbuisiness.net?) IT) scannet for port 111
2001/05/02-02:55:27.37 211.48.194.12 (Korea crap) scan net for port 53
2001/05/02-03:01:05.71 203.199.199.114 (INDIA) scannet for port 53
2001/05/02-03:42:28.18 170.210.240.100 (Red de Interconexion Universitaria,AR) scan for port 53+l1on/adore attack
2001/05/02-08:48:49.38 198.139.144.247 (QuadNet Communications,Inc,Southampton,PA,US) scannet for port 111+buff overflow attacks
2001/05/02-10:39:08.16 213.76.88.131 (pb131.wroclaw.cvx.ppp.tpnet.pl) scan net for port 53,buff overflow attack
2001/05/02-11:46:38.11 132.235.173.56 (w5056.west-green.ohiou.edu) try to login to 132.235.1.12:23 as root
2001/05/02-16:27:38.59 212.83.152.32 (ppp-32.dialup-152.worldonline.fr) scan net for port 21,try to created dirs .landtag,BearShare
2001/05/02-21:40:31.33 63.199.16.15 (adsl-63-199-16-15.dsl.snfc21.pacbell.net) scan net for port 111+buff overflow attack
2001/05/02-22:41:26.82 63.103.140.98 (UUNET crap) scannet for port 53
2001/05/03-12:14:57.88 210.240.54.8 (TAIWAN....) scan net for port 515
2001/05/03-12:58:37.94 206.47.37.129 (cpu1898.adsl.bellglobal.com) scan net for port 2005
2001/05/04-07:23:56.63 208.62.67.51 (BellSouth.net) slow probe of network for port 33435.
2001/05/04-07:41:05.01 212.131.172.130 (cgi.interbusiness.it) buff overflow attackst against 20 specific unix boxes.
2001/05/04-07:52:37.14 193.252.43.137 (AReims-101-2-1-137.abo.wanadoo.fr) scan net for port 21,try mkdir as anon ftp
2001/05/04-08:07:00.97 150.185.68.4 (Consejo Nacional de Investigaciones,CARACAS,VE) scan net for port 1
2001/05/04-08:45:06.19 132.235.198.205 (dhcp-198-205.cns.ohiou.edu) try to connect to port 177 on 132.235.1.[27]
2001/05/04-14:11:33.23 (dhcp-198-205.cns.ohiou.edu) try to connect to port 177 on 132.235.1.[27]
2001/05/04-15:20:48.28 210.43.176.8 (Changsha University Of Electric Power,CHINA) 1. probe answerbook 2 server on prime. 
2001/05/04-15:20:48.28 210.43.176.8 (Changsha University Of Electric Power,CHINA) 2. get shell with buffer overflow attack!
2001/05/04-15:20:48.28 210.43.176.8 (Changsha University Of Electric Power,CHINA) 3. Run inetd with special inetd.conf file
2001/05/04-15:26:42.17 210.43.192.208 (Changsha Communication University,CHINA) 1. use shell from previous inetd to attack server
2001/05/04-15:26:42.17 210.43.192.208 (Changsha Communication University,CHINA) 2. download rootkit hacks from 63.104.237.27
2001/05/04-15:26:42.17 210.43.192.208 (Changsha Communication University,CHINA) 3. shoretownstudio2/shoretownstudio2 from /tmp
2001/05/04-19:31:18.76 207.248.133.41 (Consorcio Red Uno, S.A.Jardines del Pedregal,MZ) scan net for port 111
2001/05/04-20:52:39.93 61.144.231.35 (sz61.144.szptt.net.cn) scan net for port 80 (yes, 231.35)
2001/05/04-20:53:35.31 61.144.231.3 (sz61.144.szptt.net.cn) scannet for port 80
2001/05/04-21:03:19.81 64.174.128.76 (adsl-64-174-128-76.dsl.sntc01.pacbell.net) scan net for port 111+buff overflow attacks
2001/05/04-22:46:00.11 203.144.197.75 (cvx1800 modem pool#2.@asianet.co.th) scannet for port 20034
2001/05/05-04:01:29.12 202.231.11.25 (Asahikawa National College of Technology,JP) scannet for port 53
2001/05/05-04:15:56.82 62.108.11.46 (node0b2e.a2000.nl) scan net for port 21
2001/05/05-10:04:33.03 210.104.151.1 (Korea crap) scan net for port 21
2001/05/05-21:04:51.61 61.180.255.100 (CHINANET Heilongjiang province network, CHINA) scan net for port 53
2001/05/05-22:20:44.31 195.90.73.10 (Cosmoline S.A.,GR) scan net for port 80
2001/05/06-03:08:04.32 131.114.18.186 (lab4f3.df.unipi.it) scan net for port 555
2001/05/06-06:37:12.20 210.104.151.1 (Korea crap) scan net for port 21
2001/05/06-07:15:19.02 130.89.223.122 (mat024102.student.utwente.nl) probe 132.235.1.2 for  ports 111, mountd.
2001/05/06-07:34:31.08 160.243.188.145 (JUSCO Co., Ltd. Nakase, Chiba,JP) scan net for port 111+heavy buff overflow attacks
2001/05/06-08:38:24.83 208.238.254.25 (Montcalm Area ISD,STANTON,MI,US) scan net for port 111+heavy buff overflow attacks
2001/05/06-09:26:05.50 212.107.153.252 (Madge Managed Network Services,WEXHAM,UK) scannet for port 111+heavy buff overflow attacks
2001/05/06-13:04:12.29 203.253.12.4 (SoongSil University, SEOUL, KR) scan net for port 111+heavy buff overflow attacks
2001/05/06-17:11:08.02 63.192.214.43 (adsl-63-192-214-43.dsl.snfc21.pacbell.net) scan net for port 111
2001/05/06-17:39:28.88 148.223.73.113 (ALBINO GARCIA ,CELAYA,MX) scan net for port 111
2001/05/06-19:27:33.37 166.114.22.20 (Red Bolivina de Comunicacion de Datos,LA PAZ< BO) scan ent for port 515,21
2001/05/06-19:39:11.57 148.215.125.66 (Universidad Autonoma del Estado de Mexico)  scan net for port 111+buff overflow attacks
2001/05/06-19:53:01.90 213.76.250.168 (TP S.A. ZT Warszawa Poludnie,PL) scan net for port 111
2001/05/06-20:17:37.33 211.248.159.66 (Korea crap) scan net for port 111 +heavy buff overflow attacks
2001/05/06-21:25:30.90 210.81.37.20 (Open Market Japan K.K.,JP) scan net for port 111+heavy buff overflow attacks
2001/05/06-22:05:11.60 195.185.39.3 (Brite Voice Systems Group GmbH, DE) sca net for port 80
2001/05/06-23:15:18.93 207.248.133.41 (Consorcio Red Uno, S.A., MX) scan net for port 111
2001/05/07-01:21:48.54 202.114.69.105 (Wuhan University, CN) scan net for port 53
2001/05/07-02:05:08.03 148.233.9.178 (CALLE 59 X 64 N 516 COL. CENTRO,MERIDI,MX) scan net for port 111+buff overflow attacks
2001/05/07-02:17:27.39 202.130.164.242 (ILink.net Limited,HK) scan net for port 80
2001/05/07-04:03:17.82 210.55.27.113 (Esurf Holdings Limited,AUKLAND, NZ) scan net for port 21
2001/05/07-04:38:56.79 148.202.224.2 (nautilus.melaque.udg.mx) scan net for port 111+buff overflow attacks
2001/05/07-06:06:45.78 210.104.151.1 (Korea) scanet for port 21
2001/05/07-08:22:47.25 202.30.210.7 (Korea) scan net for port 53
2001/05/07-10:11:22.32 166.114.22.20 (Carrera de Ingenieria Electronica,LA PAZ,BO) scan net for port 23
2001/05/07-11:04:03.09 210.28.144.4 (Wuxi Science And Technology Committee,JIANGSU,CN) scan net for port 111
2001/05/07-11:39:59.06 202.118.120.4 (Fushun Petroleum University,LIAONING, CN) scannet for port 53
2001/05/07-19:55:02.80 202.99.192.58 (network in Shanxi province ,China) scannet for port 80
2001/05/07-23:11:40.20 24.187.9.188 (ool-18bb09bc.dyn.optonline.net) scan net for port 27374
2001/05/07-23:11:40.32 142.59.60.173 (a6g834oty32of.ab.hsia.telus.net) scannet for port 27374
2001/05/08-01:57:23.79 24.31.232.66 (mkc-31-232-66.kc.rr.com) scan net for port 27374
2001/05/08-02:37:58.60 200.199.223.150 (ws1.ucdb.br) scan net for port 111
2001/05/08-04:28:00.08 200.199.223.150 (ws1.ucdb.br) buff overflow attack on sadmind port, conn to trojan port 600
2001/05/08-04:56:54.09 64.2.54.200 (w200.z064002054.sjc-ca.dsl.cnc.net) 1. scannet for port 111, lauch buff overflow on sadmind.
2001/05/08-04:56:54.09 64.2.54.200 (w200.z064002054.sjc-ca.dsl.cnc.net) 2. Attack with 50 buff overflow+ conn to port 600 attacks
2001/05/08-04:56:54.09 64.2.54.200 (w200.z064002054.sjc-ca.dsl.cnc.net) 3. per machine, against almost all unix machines on net
2001/05/08-06:00:31.75 210.104.151.1 (Korea crap) slow scan (1 per 4 hrs) of port 21 on net
2001/05/08-06:24:58.40 64.2.54.200 (w200.z064002054.sjc-ca.dsl.cnc.net) scannet for port 111, buff overflow attack,conn to trojan port 600
2001/05/08-06:51:01.91 206.146.15.60 (rogue.quikpage.com) scan 132.235.1.1 for ports 111, 530
2001/05/08-08:52:32.73 211.227.239.157 (Korea crap) scan net for port 111
2001/05/08-09:18:36.85 199.172.136.140 (gemini3.ieee.org) constant stream of probes on port 113 to random machines.
2001/05/08-09:48:52.65 212.36.8.25 (md25-ppp.sof.otel.net) attack machines via web with GET /scripts/..  hack
2001/05/08-10:39:02.38 211.227.239.157 (Korea crap) start of buff overflow attacks
2001/05/08-14:15:05.94 193.188.144.7 (Public Authority of Applied Education and Training,Safat Kuwait) scan net for port 111
2001/05/08-16:11:54.84 193.188.144.7 (Public Authority of Applied Education and Training,Safat Kuwait) rescan 111, buff overflow atack
2001/05/08-19:03:16.01 193.188.144.7(Public Authority of Applied Education and Training,Safat Kuwait) port 111, buff overflor attk
2001/05/08-22:42:00.11 12.73.3.24 (24.tucson-08-09rs.az.dial-access.att.net) scan net for port 21, try anon/ftp mkdir cmds.
2001/05/08-22:47:30.10 206.25.237.141 (bost141.vgernet.net) scan net for port 27374
2001/05/08-22:48:47.95 208.61.180.149 (adsl-61-180-149.mia.bellsouth.net) scan selected machines for port 27374
2001/05/08-22:48:48.09 65.32.162.77 (6532162hfc77.tampabay.rr.com) scan net for port 27374
2001/05/08-22:48:48.13 205.245.168.206 (SYSTEMS PLUS INTERNET INC,EAST LIVERPOOL, OH,US) scan net for port 27374
2001/05/08-22:48:51.19 24.79.201.37 (h24-79-201-37.ed.shawcable.net) scannet for port 27374
2001/05/09-07:24:49.50 210.104.151.1 (Korea Telecom crap) scan net for port 21
2001/05/09-08:31:42.63 208.185.0.249:0 (Abovenet Communications, Inc.,San Jose, Ca, US) slow scan of net ports 1024,3072
2001/05/09-09:07:44.78 166.114.22.20 (Carrera de Ingenieria Electronica,La Paz,BO) scan net for port 23
2001/05/09-12:44:55.06 210.110.249.159 (iecom.hanbat.ac.kr,Korea ISP) scannet for port 111
2001/05/09-15:37:29.58 200.176.51.92 (cm-net-C8B0335C.cwb.terra.com.br) scan net for port 111 + buff overflow attacks
2001/05/09-18:05:45.27 208.62.67.50 (BellSouth.net Inc.) scan net for port 33435
2001/05/09-22:45:47.55 216.230.40.67 (216-230-40-067.corpserv.mpinet.net) scannet for port 515
2001/05/09-23:27:54.56 216.230.40.67 (216-230-40-067.corpserv.mpinet.net)scan subset of net for port 23
2001/05/09-23:45:11.81 216.167.158.250 (PVT Networks,Artesia,NM,US) scannet for port 111, buff overflow attacks
2001/05/10-06:10:46.54 198.59.26.87 (Colorado Supernet, Inc,Denver,CO,US) scan net for port 111+buff overflow attack

2001/05/10-07:08:12.01 210.104.151.1 (Korea crap) scannet for port 21
2001/05/10-10:12:33.12 202.99.64.123 (CHINANET Tianjin province network) scan net for port 80, std IIS attacks
2001/05/10-11:41:36.29 12.144.243.146 (CNC CONTAINER,TUMWATER, WA,US) 1. scan net for port 80
2001/05/10-11:41:36.29 12.144.243.146 (CNC CONTAINER,TUMWATER, WA,US) 2. start IIS attacks againsts IIS servers with 
2001/05/10-11:41:36.29 12.144.243.146 (CNC CONTAINER,TUMWATER, WA,US) 3. GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+copy+\winnt\system32\cmd.exe+root.exe HTTP/1.0
2001/05/10-14:30:53.45 172.165.188.120 (ACA5BC78.ipt.aol.com) scannet for port 21
2001/05/11-00:24:00.49 4.3.40.144 (lsanca1-ar3-040-144.lsanca1.dsl.gtei.net) scannet for port 111, 600
2001/05/11-07:13:52.60 195.229.91.61 (Technical Parts Company.,Abu Dhabi, UAE) scan net for port 80
2001/05/11-07:54:34.00 62.55.96.29 (mediaWays GmbH,DE) scannet for port 80+IIS attack
2001/05/11-10:35:13.38 211.250.154.250 (Korea crap) scan net for port 111+buff overflow attacks
2001/05/11-14:03:42.03 210.104.151.1 (Korea crap) scan net for port 21,
2001/05/11-21:27:59.27 159.226.117.243 (Institute of Computing Technology Chinese Academy of Sciences,BEIGING) scan net for port 80
2001/05/12-02:10:04.13 208.61.146.37 (adsl-61-146-37.mia.bellsouth.net) scan net for port 21
2001/05/12-02:11:09.27 209.15.2.7 (earth.hosting4u.net) scan net for port 80 on specific machines (including printer)+IIS attack
2001/05/12-04:56:01.65 202.204.113.13 (mail.bjfu.edu.cn) scan net for port 111+IIS attack.
2001/05/12-06:17:32.68 155.230.28.215 (gsahn.ce.knu.ac.kr) scannet for port 111+probe port 600
2001/05/12-06:37:45.46 202.204.113.13 (mail.bjfu.edu.cn) massive scan net for port 111, buff overflow attacks, conn to port 600
2001/05/12-07:19:07.25 210.104.151.1 (Korea crap) scan net for port 21
2001/05/12-18:54:36.12 194.228.57.189 (pha-189.eridan.cz) scan net for port 53
2001/05/12-21:06:49.61 62.227.233.231 (p3EE3E9E7.dip.t-dialin.net) scan net for port 21
2001/05/12-23:30:10.50 200.198.85.111 (dial-85-111.nitnet.com.br) scan ace on ports 80,21,111
2001/05/13-04:29:49.28 202.77.142.122 (eonline.asiacontent.com) scan net for port 111
2001/05/13-10:30:19.93 202.204.113.13 (mail.bjfu.edu.cn) scan net for port 80
2001/05/13-19:09:02.58 146.169.48.11 (visual11.doc.ic.ac.uk) scannet for port 111+buff overflow attacks
2001/05/13-19:36:26.47 24.41.42.95 (CBL095.pool003.CH001-west-covina.dhcp.hs.earthlink.net) scan net for port 27374
2001/05/13-23:00:57.53 63.196.54.19 (www.musiccity.com) scan net for port 21
2001/05/14-00:41:43.52 198.79.109.153 (DSL Designs Inc.,LOS GATOS,CA,US) scannet for port 53
2001/05/14-05:57:55.34 63.196.54.19 (www.musiccity.com) scan net for port 21
2001/05/14-06:02:20.89 63.218.225.88 (unleashed.slackware.dk) scan random ports on random machines throughout the day
2001/05/14-06:43:23.91 24.179.73.176 (cx613417-c.lbbck1.tx.home.com) scan random ports on random machines throughout the day
2001/05/14-10:06:30.92 211.100.117.126 (Dial UP User IP Pool,CN) scan net for port 111
2001/05/14-12:19:00.53 24.142.102.145 (news.vsat.net) scan net for port 53
2001/05/14-15:19:15.55 212.198.64.186 (d186.dhcp212-198-64.noos.fr) scan net for port 21
2001/05/14-18:39:43.91 211.75.16.158 (CHTD, Chunghwa Telecom Co.,Ltd.,Taipei Taiwan) scannet for port 111+buff overflow attacks
2001/05/14-23:46:10.93 202.188.114.7 (Telekom Cellular Sdn. Bhd.,MY) scan net for port 80
2001/05/15-06:47:47.12 208.62.67.54 (BellSouth.net Inc.,Atlanta, GA,US) scan serveral machines (tracert?) for port 33435 each hour
2001/05/15-08:33:19.46 208.62.67.53 (BellSouth.net Inc.,Atlanta, GA,US) scan serveral machines (tracert?) for port 33435 each hour
2001/05/15-10:48:22.12 208.62.67.50 (BellSouth.net Inc.,Atlanta, GA,US) scan serveral machines (tracert?) for port 33435 each hour
2001/05/15-17:02:35.29 210.198.48.187 (all8048187.allnet.ne.jp) scannet for port 111+buff overflow attacks
2001/05/15-17:19:39.72 61.139.60.87 (CHINANET Sichuan province network,CN) scan net for port 111+buff overflow attacks
2001/05/15-21:07:26.60 211.192.214.147 (Korea crap) scannet for port 111+buff overflow attacks
2001/05/16-00:15:36.07 66.1.129.237 (Sprint BWG ,San Jose, CA,US) scan net for port 80, probe found servers,IIS homepage defile attack
2001/05/16-09:45:05.92 210.151.108.52 (earth.do-bunkyodai.ac.jp) scan net for port 80
2001/05/16-15:46:37.16 139.130.91.238 (phosyn.lnk.telstra.net) scan net for port 515
2001/05/16-15:56:41.34 139.130.91.238 (phosyn.lnk.telstra.net) sca net fo port 23
2001/05/16-16:10:20.16 148.240.56.98 (dial-148-240-56-98.zone-2.dial.net.mx) scannet for port 111
2001/05/16-21:48:03.84 212.103.7.144 (estelfree144.free.ip.estel.net) scan net for port 21
2001/05/17-01:41:02.31 212.93.193.74 (nas4.riyadh.awalnet.net.sa) scan serveral machines for port 1024,3072
2001/05/17-15:21:33.56 216.198.100.45 (dial-216-198-100-45.farmerstel.com) scannet for port 111+heavy buff overflow attacks
2001/05/17-20:12:19.23 208.192.193.166 (Dexter Shoe Company,Newton, MA,US) scan net for port 111+buff overflow attacks
2001/05/17-23:45:17.62 24.8.156.76 (cc964475-a.scrmnt1.ca.home.com) scannet for port 21
2001/05/18-00:50:19.02 211.123.101.3 (Some JP site) scan net for port 21
2001/05/18-02:50:00.54 208.44.33.226 (austtx-dial-01.dial.qwest.net) scan serveral machiens for port 3072,1024
2001/05/18-03:16:18.95 211.168.167.199 (Korea crap) scannet for port 53
2001/05/18-13:23:53.45 204.192.99.70 (dyn070-nas03.athens.frognet.net) portscan  132.235.15.175
2001/05/18-13:24:00.14 204.192.99.70 (dyn070-nas03.athens.frognet.net) portscan  132.235.1.239
2001/05/18-14:48:22.19 64.26.0.36 (weber.siteprotect.com) scan net for port 111 + buff overflow attacks
2001/05/18-23:34:13.75 204.192.99.78 (dyn078-nas03.athens.frognet.net)) portscan  132.235.1.239
2001/05/18-23:45:26.42 204.192.99.78 (dyn078-nas03.athens.frognet.net)) portscan 132.235.15.175
2001/05/19-02:24:51.52 204.192.99.102 (dyn102-nas03.athens.frognet.net) probe port 544,514 on 132.235.1.[7,11]
2001/05/19-02:47:50.36 62.225.219.69 (p3EE1DB45.dip.t-dialin.net) scannet for port 21
2001/05/19-13:00:53.75 142.177.204.172 (nat204.172.mpoweredpc.net) scan selected machines on net for port 27374
2001/05/19-13:01:35.33 24.141.219.130 (d141-219-130.home.cgocable.net) sca net for port 27374
2001/05/19-13:01:36.07 208.188.162.162 (ppp79.intplsrv.net) scan net 132.235.3.x for port 27374
2001/05/19-13:02:21.42 66.20.66.78 (adsl-20-66-78.mem.bellsouth.net) sca net fo port 27374
2001/05/19-13:02:26.30 24.48.245.235 (vt-bennington1a-235.bur.adelphia.net) scan net 132.235.201.x for port 27374
2001/05/19-17:17:06.72 202.188.114.7 (Telekom Cellular Sdn. Bhd.,MY) scan net for port 80+web defacment via root.exe
2001/05/19-20:23:29.73 217.32.149.45 (host217-32-149-45.hg.mdip.bt.net) scan net 132.235.201.x for port 27374
2001/05/20-06:15:44.31 211.33.122.158 (s211-33-122-158.thrunet.ne.kr) scan for port 33447 on several machines throughout the day
2001/05/20-18:08:24.69 159.84.80.100 (name pointer scdinf.univ-lyon2.fr) scan net fo rport 111 +buff overflow attack
2001/05/20-18:14:36.94 211.91.132.240 (China United Telecommunications Corporation,CN) scan net for port 111+buff overflow attacks
2001/05/20-19:02:48.61 63.170.232.2 (TECNICO,DEARBORN,MI,US,also agonvote.net) scan net for port 21
2001/05/21-08:46:17.97 217.84.6.143 (pD954068F.dip.t-dialin.net) sca net for port 21
2001/05/21-09:56:54.62 63.227.133.120 (120.ballenterprises.com) scannet for port 515
2001/05/21-10:03:38.44 63.227.133.120 (120.ballenterprises.com) scan selectedmachines for port 23
2001/05/21-18:13:40.61 131.174.118.120 (catv8120.extern.kun.nl) scan net for port 21
2001/05/21-19:59:41.42 204.152.186.49 (monkey.lpsg.net) scan net for port 1024,3072
2001/05/21-20:48:02.12 202.204.113.13 (mail.bjfu.edu.cn) scan net for port 80
2001/05/22-04:31:20.16 211.199.73.21 (whois.apnic.net is down.) scannet for port 111+buff overvlow attacks
2001/05/22-08:27:53.99 210.242.211.2 (Taiwan) scan for port 53 + L1on attack.
2001/05/22-10:25:44.51 142.177.193.246 (nat193.246.mpoweredpc.net) scannet for port 6666
2001/05/22-10:25:44.62 216.76.214.164 (host-216-76-214-164.coi.bellsouth.net) sca net 132.235.1[789].x for port 6666
2001/05/22-10:26:51.51 142.177.113.5 (Stentor National Integrated Communications Network,OTOWWA,CA) scan 132.235.15.x for port 6666
2001/05/22-10:27:41.88 142.177.106.187 (hlfx56-187.ns.sympatico.ca)  scannet 132.235.201.x for port 6666
2001/05/22-16:10:48.33 203.197.32.155 (Jabalpur ISP Node,IN) scan net for port 53
2001/05/22-20:30:00.70 210.178.202.90 (Korea crap) scan net for port 80
2001/05/23-06:14:41.18 211.200.118.9 (Hanaro Telecom, Inc,KR) scannet for port 111+buff overlfow attacks
2001/05/23-08:25:28.46 211.21.254.66 (CHTD, Chunghwa Telecom Co.,Ltd.,TW) scan net for port 111
2001/05/23-11:23:29.82 65.1.127.188 (ci583149-a.nash1.tn.home.com) scan net for port 27374
2001/05/23-15:43:39.75 64.30.133.196 (pm3-p24-wny-037.modempools.net) scan net for port 111, 21
2001/05/23-15:43:50.11 210.96.35.189 (Korea crap) scannet for port 53
2001/05/23-15:53:26.37 64.30.133.196 (pm3-p24-wny-037.modempools.net) attack 132.235.1.2 via port 515 w/buff overflow attack
2001/05/23-22:16:43.44 61.132.62.135 (CHINANET Jiangsu province network,CN) scan net for port 111
2001/05/23-22:29:25.31 61.132.62.135 (CHINANET Jiangsu province network,CN) scan net for port 21
2001/05/23-22:50:02.28 61.132.62.135 (CHINANET Jiangsu province network,CN) telnet to specific machines
2001/05/23-22:50:03.52 61.132.62.135 (CHINANET Jiangsu province network,CN) attemp SGI telnetd format bug attack
2001/05/25-13:16:42.66 210.97.117.1 (Korea crap) scan net for port 1
2001/05/25-14:20:52.22 203.197.32.155 (Jabalpur ISP Node,IN) scan net for port 53
2001/05/26-03:54:29.25 194.134.79.79 (underworld.hallucination.net) scan net for random ports, 1 port per ip, all day long
2001/05/26-15:00:28.09 209.102.64.185 (oni-ip185.rockisland.com) scan net fo rport 515+buff overlflow attacks.
2001/05/27-04:09:45.78 211.95.64.200 (China united telecommunications corporation Shanghai branch,CN) buff overflow attacks,no scan.
2001/05/27-06:22:54.24 194.134.79.79 (underworld.hallucination.net) scan net for random ports, 1 port per ip, all day long
2001/05/28-04:30:42.90 165.139.70.1 (ns.bicknell-vigo.lib.in.us) scannet for port 111,buff overflow attacks
2001/05/28-04:53:25.75 200.193.192.2 (Brazil, something) connect to high port on random machines throughout the day
2001/05/28-11:25:16.50 156.40.38.210 (National Institute of Health,MD,US) scannet for port 21
2001/05/28-11:26:36.92 200.195.15.1 (Brazil, something) connect to high port on random machines throughout the day
2001/05/28-13:28:39.80 216.98.91.243 (pm3naxs5-243.access.naxs.com) scannet for port 1080
2001/05/28-13:29:10.18 202.32.124.115 (Sysmex Co., Ltd.,JP) scannet for port 21
2001/05/28-13:29:11.08 210.160.82.162 (Ichikawa Electric CO.,LTD.) scan net for port 21
2001/05/28-13:29:19.25 24.24.42.117 (roc-24-24-42-117.rochester.rr.com) scannet fo rport 21
2001/05/28-13:29:58.54 209.181.17.187 (ms.bgh2.k12.wy.us) scan net for port 21
2001/05/28-16:54:03.69 216.3.0.242 (dyn049-ts7a.athens.frognet.net) scan several hosts for port 177
2001/05/28-23:29:18.12 202.50.80.206 (202-50-80-206.static-dialup.xtra.co.nz) scannet for port 53
2001/05/29-03:29:07.91 213.171.193.26 (FasthostInternet Ltd,Gloucester, England,GB) scannet for port 3072
2001/05/29-09:53:34.29 213.56.233.224 (ca-ol-sqy-10-224.abo.wanadoo.fr) scan net for port 21,try  to MKD . stuff. 
2001/05/29-11:02:31.67 130.227.3.123 (proxy5.monitor.dal.net) try to connect to port 1080,23 on a pc  (?)
2001/05/29-15:26:15.79 66.33.50.116 (ns.spites.com) scan net for port 21
2001/05/29-20:58:01.78 211.186.57.143 (Korea crap)_ scan net for port 111, buff overflow attacks
2001/05/29-21:44:43.05 210.104.213.109 (Korea crap)_ scan net for port 53
2001/05/29-21:53:00.21 210.104.213.109 (Korea crap)_ scan net for port 109
2001/05/29-21:54:24.23 210.104.213.109 (Korea crap)_ scan net for port 110
2001/05/29-22:05:24.94 217.57.152.11 (interbusiness.it) scan net for port 111 + buff overflow attacks
2001/05/30-00:46:50.24 213.171.193.26 (FasthostInternet Ltd,Gloucester, England,GB) scan for port 3072,1024
2001/05/30-03:01:49.10 211.48.181.17 (Korea crap)_ scan net for port  98
2001/05/30-08:53:35.89 128.8.126.7 (caipirinha.cs.umd.edu) traceroute to ace for NIMI
2001/05/30-08:53:36.48 155.99.212.82 (eureka.cs.utah.edu) traceroute to ace for NIMI
2001/05/30-08:53:36.64 204.198.76.43 (dino.dcs.uky.edu) traceroute to ace for NIMI
2001/05/30-08:53:37.12 131.243.1.87 (bip.ee.lbl.gov) traceroute to ace for NIMI
2001/05/30-08:53:41.63 192.150.187.29 (jackal.aciri.org)  traceroute to ace for NIMI
2001/05/30-08:53:45.91 142.92.65.17 (nimi.dgim.crc.ca) traceroute to ace for NIMI
2001/05/30-08:53:46.56 199.77.128.192 (nimi.cc.gt.atl.ga.us) traceroute to ace for NIMI
2001/05/30-08:53:48.66 137.189.97.196 (banpc7.ie.cuhk.edu.hk) traceroute to ace for NIMI
2001/05/30-08:53:49.21 192.65.185.37 (nimi.cern.ch)  traceroute to ace for NIMI
2001/05/30-08:53:50.37 204.123.13.64 (nimi-src.pa-x.dec.com) traceroute to ace for NIMI
2001/05/30-08:53:50.83 192.55.91.31 (netprobe.lerc.nasa.gov) traceroute to ace for NIMI
2001/05/30-08:53:52.57 128.223.220.55 (nimi.uoregon.edu) traceroute to ace for NIMI
2001/05/30-08:53:53.30 128.182.61.99 (nimi1.psc.edu) traceroute to ace for NIMI
2001/05/30-08:53:55.39 192.88.114.82 (nimi2.psc.edu) traceroute to ace for NIMI
2001/05/30-08:53:59.94 204.42.254.25 (npd.nether.net) traceroute to ace for NIMI
2001/05/30-08:54:03.24 132.227.72.168 (adonis.ipv6.lip6.fr) traceroute to ace for NIMI
2001/05/30-08:54:09.26 129.250.29.41 (nimi.plalca01.us.bb.verio.net) traceroute to ace for NIMI
2001/05/30-08:54:10.31 133.138.1.148 (tracer.csl.sony.co.jp) traceroute to ace for NIMI
2001/05/30-08:54:18.54 129.69.210.29 (nimi.informatik.uni-stuttgart.de) traceroute to ace for NIMI
2001/05/30-08:54:50.00 128.2.181.103 (HATTERAS.CMCL.CS.CMU.EDU) traceroute to ace for NIMI
2001/05/30-08:55:56.55 131.114.9.184 (info.iet.unipi.it) traceroute to ace for NIMI
2001/05/30-08:56:06.02 149.130.13.88 (nimi.wellesley.edu) traceroute to ace for NIMI
2001/05/30-08:57:14.64 141.213.11.120 (idmaps.eecs.umich.edu) traceroute to ace for NIMI
2001/05/30-08:57:22.86 128.125.52.19 (chopin.usc.edu) traceroute to ace for NIMI
2001/05/30-10:01:02.26 128.8.126.7 (caipirinha.cs.umd.edu) traceroute to ace for NIMI
2001/05/30-10:01:02.60 155.99.212.82 (eureka.cs.utah.edu) traceroute to ace for NIMI
2001/05/30-10:01:03.47 131.243.1.87 (bip.ee.lbl.gov) traceroute to ace for NIMI
2001/05/30-10:01:09.13 132.227.72.168 (adonis.ipv6.lip6.fr) traceroute to ace for NIMI
2001/05/30-10:01:09.59 137.189.97.196 (banpc7.ie.cuhk.edu.hk) traceroute to ace for NIMI
2001/05/30-10:01:09.70 142.92.65.17 (nimi.dgim.crc.ca) traceroute to ace for NIMI
2001/05/30-10:01:10.07 199.77.128.192 (nimi.cc.gt.atl.ga.us) traceroute to ace for NIMI
2001/05/30-10:01:11.06 192.150.187.29 (jackal.aciri.org)  traceroute to ace for NIMI
2001/05/30-10:01:11.33 192.65.185.37 (nimi.cern.ch)  traceroute to ace for NIMI
2001/05/30-10:01:14.05 192.55.91.31 (netprobe.lerc.nasa.gov) traceroute to ace for NIMI
2001/05/30-10:01:16.31 204.123.13.64 (nimi-src.pa-x.dec.com) traceroute to ace for NIMI
2001/05/30-10:01:16.56 129.250.29.41 (nimi.plalca01.us.bb.verio.net)  traceroute to ace for NIMI
2001/05/30-10:01:21.00 128.223.220.55 (nimi.uoregon.edu) traceroute to ace for NIMI
2001/05/30-10:01:21.99 128.182.61.99 (nimi1.psc.edu)  traceroute to ace for NIMI
2001/05/30-10:01:24.00 192.88.114.82 (nimi2.psc.edu) traceroute to ace for NIMI
2001/05/30-10:01:27.70 204.42.254.25 (npd.nether.net) traceroute to ace for NIMI
2001/05/30-10:01:37.33 133.138.1.148 (tracer.csl.sony.co.jp) traceroute to ace for NIMI
2001/05/30-10:01:43.32 129.69.210.29 (nimi.informatik.uni-stuttgart.de) traceroute to ace for NIMI
2001/05/30-10:01:58.69 204.198.76.43 (dino.dcs.uky.edu) traceroute to ace for NIMI
2001/05/30-10:02:15.07 128.2.181.103 (HATTERAS.CMCL.CS.CMU.EDU) traceroute to ace for NIMI
2001/05/30-10:03:19.10 131.114.9.184 (info.iet.unipi.it) traceroute to ace for NIMI
2001/05/30-10:03:31.41 149.130.13.88 (nimi.wellesley.edu) traceroute to ace for NIMI
2001/05/30-10:04:39.94 141.213.11.120 (idmaps.eecs.umich.edu) traceroute to ace for NIMI
2001/05/30-10:04:50.82 128.125.52.19 (chopin.usc.edu) traceroute to ace for NIMI
2001/05/30-10:34:15.13 128.143.137.137 (alpha.cs.Virginia.EDU) traceroute to ace for NIMI
2001/05/30-10:34:15.74 128.197.14.31 (BACKBAY.BU.EDU) traceroute to ace for NIMI
2001/05/30-10:34:16.25 128.8.126.7 (caipirinha.cs.umd.edu) traceroute to ace for NIMI
2001/05/30-10:34:17.50 128.125.52.19 (chopin.usc.edu) traceroute to ace for NIMI
2001/05/30-10:34:17.52 131.243.1.87 (bip.ee.lbl.gov) traceroute to ace for NIMI
2001/05/30-10:34:18.56 128.16.64.84 (borg.cs.ucl.ac.uk) traceroute to ace for NIMI
2001/05/30-10:34:23.14 137.189.97.196 (banpc7.ie.cuhk.edu.hk) traceroute to ace for NIMI
2001/05/30-10:34:26.90 132.227.72.168 (adonis.ipv6.lip6.fr) traceroute to ace for NIMI
2001/05/30-10:34:45.60 204.198.76.43 (dino.dcs.uky.edu) traceroute to ace for NIMI
2001/05/30-10:34:45.95 155.99.212.82 (eureka.cs.utah.edu) traceroute to ace for NIMI
2001/05/30-10:34:47.95 209.211.237.15 (nimi.advanced.org) traceroute to ace for NIMI
2001/05/30-10:34:48.09 141.213.11.120 (idmaps.eecs.umich.edu) traceroute to ace for NIMI
2001/05/30-10:34:48.36 142.92.65.17 (nimi.dgim.crc.ca) traceroute to ace for NIMI
2001/05/30-10:34:48.98 131.225.12.17 (nimi.fnal.gov) traceroute to ace for NIMI
2001/05/30-10:34:49.72 192.150.187.29 (jackal.aciri.org)  traceroute to ace for NIMI
2001/05/30-10:34:49.95 192.65.185.37 (nimi.cern.ch)  traceroute to ace for NIMI
2001/05/30-10:34:51.48 192.55.91.31 (netprobe.lerc.nasa.gov) traceroute to ace for NIMI
2001/05/30-10:34:51.90 199.77.128.192 (nimi.cc.gt.atl.ga.us) traceroute to ace for NIMI
2001/05/30-10:34:52.26 204.123.13.64 (nimi-src.pa-x.dec.com) traceroute to ace for NIMI
2001/05/30-10:34:52.44 131.114.9.184 (info.iet.unipi.it) traceroute to ace for NIMI
2001/05/30-10:34:52.71 129.250.29.41 (nimi.plalca01.us.bb.verio.net)  traceroute to ace for NIMI
2001/05/30-10:34:53.94 128.223.220.55 (nimi.uoregon.edu) traceroute to ace for NIMI
2001/05/30-10:34:54.17 128.182.61.99 (nimi1.psc.edu)  traceroute to ace for NIMI
2001/05/30-10:34:54.30 192.88.114.82 (nimi2.psc.edu) traceroute to ace for NIMI
2001/05/30-10:34:56.51 149.130.13.88 (nimi.wellesley.edu) traceroute to ace for NIMI
2001/05/30-10:34:57.15 204.42.254.25 (npd.nether.net) traceroute to ace for NIMI
2001/05/30-10:34:57.83 128.111.52.20 (tahoe.cs.ucsb.edu) traceroute to ace for NIMI
2001/05/30-10:34:58.01 131.179.49.67 (Pendragon.CS.UCLA.EDU) traceroute to ace for NIMI
2001/05/30-10:35:01.26 192.249.24.22 (www.kaist.kr.apan.net) traceroute to ace for NIMI
2001/05/30-10:35:03.71 200.47.90.195 (measure.palermo.edu.ar) traceroute to ace for NIMI
2001/05/30-10:35:03.98 133.138.1.148 (tracer.csl.sony.co.jp) traceroute to ace for NIMI
2001/05/30-10:35:21.79 129.69.210.29 (nimi.informatik.uni-stuttgart.de) traceroute to ace for NIMI
2001/05/30-11:55:55.48 209.247.200.163:111 (Level 3 Communications, Inc.,US) scan for port 3072,1024
2001/05/30-12:09:33.98 212.33.41.3 (cm41-3.liwest.at) scan net for port 21, attemp 'MK .' hack
2001/05/30-12:13:38.75 203.197.32.155 (Jabalpur ISP Node,IN) scannet for port 53
2001/05/31-06:41:42.30 24.114.144.63 (cr282823-a.shprd1.on.wave.home.com) scan 132.235.1[5,6,7,8,9].x for port 27374
2001/05/31-06:42:42.71 24.114.118.133 (cr819539-a.shprd1.on.wave.home.com) scan 132.235.201.x for port 27374
2001/05/31-13:07:21.24 132.235.154.24 (s2024.south-green.ohiou.edu) scan net fo prot 27374
2001/05/31-17:14:56.86 195.146.232.16 (mdm16.dialup2.nordnet.fr) sca net for port  21
2001/05/31-21:22:14.54 61.218.240.118 (61-218-240-118.HINET-IP.hinet.net) sca net for port 111
2001/05/31-21:48:36.59 61.218.240.118 (61-218-240-118.HINET-IP.hinet.net) scan certain machiens for port 21