

  Short summary of some of the attacks against us for Jun. 2001

year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes


2001/06/01-00:22:12.17 172.183.166.12 (ACB7A60C.ipt.aol.com) sca net for port 1656
2001/06/01-12:00:13.85 207.42.180.243 (Empresa Hondurena Telecomunicaciones,HN) scan net for port 111, some scanof 21,109
2001/06/01-13:18:51.79 217.5.0.155 (pD905009B.dip.t-dialin.net) port scan 132.325.1.1 132.235.1.2
2001/06/01-15:12:39.57 195.146.232.20 (mdm20.dialup2.nordnet.fr) scan net for port 21
2001/06/02-07:28:26.80 151.198.18.123 (adsl-151-198-18-123.nnj.adsl.bellatlantic.net) scan net for port 111
2001/06/02-10:56:06.36 212.216.16.76 (a-vg5-13.tin.it) heavy scan of 132.235.1.1 for port 1524 via port 111 (for rstatd)
2001/06/02-11:03:32.47 213.17.42.35 (1dyn35.wvn.casema.net) scannet for port 21
2001/06/02-11:33:53.09 217.87.184.103 (pD957B867.dip.t-dialin.net) scan specific machines for port 21
2001/06/02-19:07:08.75 24.8.234.30 (c511680-a.afour1.il.home.com) scan net for port 21
2001/06/02-19:08:26.20 24.8.234.30 (c511680-a.afour1.il.home.com) try to attack via anon ftp with mkdir....
2001/06/02-10:53:59.63 62.122.68.120 (62-122-68-120.flat.galactica.it) scan net for port 23
2001/06/02-20:40:39.05 202.39.23.155 (Taiwan somthing) scannet for port 111
2001/06/02-20:45:06.50 66.26.250.41 (rdu26-250-041.nc.rr.com) scan net for port 111-RPQ info query
2001/06/02-20:56:42.55 18.110.0.175 (peso.lcs.mit.edu) scan net for port 111
2001/06/02-20:57:32.38 63.74.2.18 (host18.farallon.com) scannet for port 23
2001/06/02-21:17:46.15 18.110.0.175 (peso.lcs.mit.edu) scan net for port 21
2001/06/02-22:05:18.25 131.178.107.10 (Instituto Tecnologico y de Estudios Superiores de Monterrey,MX) scan net for port 111
2001/06/03-01:09:29.15 65.24.156.196 (dhcp065-024-156-196.columbus.rr.com) portscan 132.235.1.2
2001/06/03-02:40:39.93 131.178.107.10 (Instituto Tecnologico y de Estudios Superiores de Monterrey,MX) start of buff overflow attacks
2001/06/03-05:55:39.85 131.178.107.10 (Instituto Tecnologico y de Estudios Superiores de Monterrey,MX) 1. buff overflow attacks-rstatd
2001/06/03-05:55:39.85 131.178.107.10 (Instituto Tecnologico y de Estudios Superiores de Monterrey,MX) 2. no scan, 50 per ip.
2001/06/03-10:20:36.53 203.197.32.155 (Jabalpur ISP Node,IN) scan net for port 53
2001/06/03-21:10:31.18 61.33.55.2 (korea crap(cssys.co.kr)) scannet for port 111
2001/06/03-23:51:04.18 193.15.237.204 (Bergsjo Data,SE) scan net for port 111
2001/06/04-03:23:38.79 61.155.13.3 (CHINANET Jiangsu province network,CN) scan net for port 53
2001/06/04-07:42:50.27 66.26.171.54 (ilm26-171-054.ec.rr.com) scannet fo rport 27374
2001/06/04-10:40:27.57 207.249.68.130 (to2-host-lan-207-249-68-130.vianetworks.com.mx)) scannet for port 111 + buff overflow attacks
2001/06/04-16:55:22.42 63.170.78.100 (rmprodmgmt02.realmed.com) portscan 132.235.1.2
2001/06/04-17:02:37.38 66.38.177.133 (133.177.38.66.gt-est.net) slowscan (1 ip/hr) of random ports on net.
2001/06/04-21:26:15.53 132.235.154.24 (s2024.south-green.ohiou.edu) scannet fo rport 27374
2001/06/04-21:27:25.36 66.26.61.31 (rdu26-61-031.nc.rr.com) scan net for port 111+buff overflow attack
2001/06/05-11:19:13.84 216.209.172.30 (guelph-ppp217557.sympatico.ca) sca net for ports 8080 1080 80 81 3128
2001/06/05-13:49:01.21 132.254.113.90 (Instituto Tecnologico y de Estudios Superiores de Monterrey,MX scan net for port 31789
2001/06/05-19:31:45.73 80.1.1.1 (NTL,Manchester site Surfport Pool 1,GB) scan net for port 515
2001/06/06-15:22:08.12 163.10.4.16 (dua.fcaglp.unlp.edu.ar) do dns zone transfer for multple zones in ohiou, scan net for port 21
2001/06/06-15:23:47.07 213.23.16.24 (esndi7-213-023-016-024.arcor-ip.net) scan several machiens port 21, anonftp, mkdir attack
2001/06/06-17:24:36.55 64.213.238.239 (Centennial PR,FL,US) scan net fo rport 21
2001/06/06-19:14:42.46 212.73.83.50 (NTnet,ARMENIA) scannet for port 111
2001/06/06-19:31:30.82 206.20.142.1 (Booze Allen & Hamilton,Falls Church, VA,US) scan net for port 53
2001/06/06-19:46:42.78 63.196.54.13 (www.musiccity.com) scan net for port 21, 
2001/06/06-21:27:34.76 203.186.139.89 (186_139user89.ctinets.com) scan net for port 515,23
2001/06/06-22:13:03.18 61.32.67.112 (KNOWLEAGE CUBE,KR) scan net for port 111, buff overflow attacks - rstatd
2001/06/07-23:16:18.75 212.73.83.50 (NTnet,ARMENIA) scan net fo rport 111+buff overflow attacks
2001/06/08-05:24:46.40 140.116.84.159 (Ministry of Education Computer Center,TW) scan net for port 21
2001/06/08-05:57:04.43 140.116.84.159 (Ministry of Education Computer Center,TW) sca net 1332.235.4.x for port 21
2001/06/08-06:30:02.64 217.1.224.126 (pD901E07E.dip.t-dialin.net) scanet fo port 21
2001/06/08-14:43:16.00 24.232.1.4 (Fibertel TCI,Buenos Aires,,AR) scannet for port 53
2001/06/08-19:05:26.75 211.91.132.240 (China united telecommunications corporation WuHan branch,CN) 1)scan net for port 111+buff over.
2001/06/08-19:05:26.75 211.91.132.240 (China united telecommunications corporation WuHan branch,CN) 2) attack on rstatd.  
2001/06/09-17:44:56.26 202.186.86.107  ( Calberson Helu-Zaid Sdn Bhd,SELANGOR,MY) ICMP Broadscan Smurf Scanner
2001/06/09-23:13:34.56 193.253.233.125 (APuteaux-102-1-4-125.abo.wanadoo.fr) scan net for port 21, anon ftp MKDIR cmds.
2001/06/10-02:44:24.22 129.13.11.158 (i31p8.ira.uka.de) scan net for port 21
2001/06/10-12:04:09.08 155.230.152.152 (knuscp.kyungpook.ac.kr) scan net for port 111,buff overflow attack on rstatd port
2001/06/11-01:27:58.25 192.204.190.76 (Steel City Telecom,PA,US) scan net for port 110
2001/06/11-01:30:23.69 194.233.147.101 (Albrecht Bauer KG,HAMBURG,DE) scan net for port 21
2001/06/11-01:42:27.49 211.63.158.124 (KOREA crap) scan net for port 21
2001/06/12-08:10:41.07 216.29.225.131 (proxy.ohiohills.com) scannet for port 21
2001/06/12-08:12:39.29 216.29.225.131 (proxy.ohiohills.com) scannet for port 137
2001/06/12-10:59:33.00 216.29.225.131 (proxy.ohiohills.com) back scanning for port 21
2001/06/12-11:10:02.28 65.2.10.57 (cn597935-a.norr1.pa.home.com) 1. scannet for port 21, probe 1 machine on port 80,21
2001/06/12-11:10:02.28 65.2.10.57 (cn597935-a.norr1.pa.home.com) 2. attack with cmd server w/ GET /scripts/..%c0%af../winnt/sys...etc
2001/06/12-13:11:44.02 132.235.92.45 (Ohio University) scanneet for port 41524
2001/06/12-15:07:29.12 24.144.45.115 (Conway Corporation,ARKANAS,US) scan net 132.235.201.x for port 21
2001/06/12-16:55:40.33 62.175.105.123 (379-MADR-XL3.libre.retevision.es) scan net 132.235.17.x for port 21.
2001/06/13-00:26:04.73 64.214.30.100 (ircd.east.gblx.net) scan(?) net 5 ips/hr random ports
2001/06/13-00:53:50.50 217.80.199.23 (pD950C717.dip.t-dialin.net) scannet for port 21
2001/06/13-09:15:19.59 132.235.207.134 (dhcp-207-134.cns.ohiou.edu) portscan 132.235.1.11 by frussell
2001/06/13-09:42:01.85 132.235.207.134 (dhcp-207-134.cns.ohiou.edu) ping scan of 132.235.36.[152-174]
2001/06/13-09:43:13.23 217.10.142.100 (rift.ukshells.co.uk) connect to port 1080 on 132.325.1.[11,12]
2001/06/13-10:14:46.41 216.209.172.16 (guelph-ppp217543.sympatico.ca) scannet for port 3128,1080
2001/06/13-14:12:21.29 217.80.132.69 (pD9508445.dip.t-dialin.net) ping scan of selected machines on net (turned on)
2001/06/13-15:49:44.63 62.225.223.16 (p3EE1DF10.dip.t-dialin.net) scan several machines for port 80, but only those that are up.
2001/06/13-21:58:28.40 151.100.53.219 (pitagora1.chem.uniroma1.it) scannet for port 111+buf overflow attacks on rstatd
2001/06/13-22:09:25.30 203.67.191.132 (h132-203-67.isonet.com.tw) scannet for port 111 + buff overflow attacks on rstatd
2001/06/15-12:03:13.46 65.2.10.57 (cn597935-a.norr1.pa.home.com) start of slow scan of net for port 80
2001/06/15-12:04:50.83 65.2.10.57 (cn597935-a.norr1.pa.home.com) download program to 132.235.16.174 vi tftp. (IIS hack)
2001/06/15-12:17:51.40 216.237.144.225  (mail02.anaserve.com) scannet for port 80
2001/06/15-14:02:07.24 216.237.144.225  (mail02.anaserve.com) attack with adore virus of GET /scripts/..%c0%af.. etc
2001/06/16-01:13:25.11 146.101.2.11 (www.lewmar.com) attack web server with adrore 
2001/06/17-05:13:28.65 217.225.237.189 (Deutsche Telekom AG,DE) scan net for port 21
2001/06/17-08:50:07.99 128.175.34.68 (waldorf.eds.udel.edu) scannet for port 111+buff overflow attacks
2001/06/17-09:06:47.27 131.230.242.42 (ws242042.widb.siu.edu) probe port 111 on net for rstatd port
2001/06/17-11:25:19.16 212.59.25.162 (flatrate417.vln.takas.lt) attack with adore virus of GET /msadc/..%255c../..%255c.. etc
2001/06/17-14:36:10.25 200.242.49.86 (EMBRATEL-EMPRESA BRASILEIRA,RIO DE JANERIO, BR) scannet for port 21
2001/06/17-15:46:47.99 202.163.120.37 (CYBERNET, PK) attack web servers wth GET /_vti_bin/..%c0%af..%c0%af ...etc
2001/06/17-15:46:54.43 202.163.122.32 (CYBERNET, PK) attack web servers wth GET /_vti_bin/..%c0%af..%c0%af..%c0%af..%c0 ..etc
2001/06/18-00:47:03.11 205.232.37.46 (cach01-bing.digital-marketplace.net) 1. attack various machines with adore via IIS server.
2001/06/18-00:47:03.11 205.232.37.46 (cach01-bing.digital-marketplace.net) 2. download serv-u via tftp to 132.235.19.50
2001/06/18-00:47:03.11 205.232.37.46 (cach01-bing.digital-marketplace.net) 3. also tried to copy cmd.exe to task.exe
2001/06/18-04:56:31.17 65.2.10.57 (cn597935-a.norr1.pa.home.com) 1. download serv-u via tftp to 132.235.19.50
2001/06/18-04:56:31.17 65.2.10.57 (cn597935-a.norr1.pa.home.com) 2. start ftp server, transfer dvi files.
2001/06/18-06:49:22.09 195.94.81.28 (ONE-2-ONE GmbH,Koeln, Germany,DE) scannet for port 111
2001/06/18-09:09:20.26 154.13.1.96 (southamerica.tier0.la.psi.net) constant (2-3/hr) stream of ICMP dest. unreachables to random ips.
2001/06/18-09:13:42.07 132.235.92.45 (Ohio Unversity) scan net for port 41524
2001/06/18-13:10:37.17 203.228.30.178 (KOREA crap) scannet for port 53
2001/06/18-21:32:05.72 202.96.119.134 (CHINANET Zhejiang province network,CN) scannet for port 80, IIS server attacks.
2001/06/19-02:35:23.86 142.177.225.136 (nat225.136.mpoweredpc.net) scannet for port 21
2001/06/19-16:33:48.60 132.235.196.4 (dhcp-196-004.cns.ohiou.edu) scan net with ICMP echo Request CyberKit 2.2 Windows
2001/06/20-04:44:01.39 211.197.130.203 (Korea crap) scannet for port 21,111
2001/06/20-08:45:33.44 193.248.64.62 (France Telecom Interactive / Wanadoo) scan port 111 on ace
2001/06/18-18:27:30.75 61.129.76.53 (Shanghai province network,CN) constant (5/hr) stream of packets to/from random high ports to random ips.
2001/06/19-05:43:02.90 209.1.225.115 (vc4.sce.yahoo.com) probra ports 1024,3072 on multiple machines
2001/06/19-05:48:59.59 216.209.123.36 (Kitchener-ppp111645.sympatico.ca) scannet for ports 80,81,1080,8080,3128
2001/06/19-12:35:23.36 172.176.167.107 (ACB0A76B.ipt.aol.com) scannet for port 21
2001/06/19-15:35:41.11 207.241.181.201 (NetSat Express, Inc.,Hauppauge, NY,US) scan net for port 111, buff overflow attacks
2001/06/20-11:16:10.37 62.208.57.193 (paradox-pc.de) probe ips on random high num ports
2001/06/20-12:08:07.46 62.227.167.143 (p3EE3A78F.dip.t-dialin.net) scan net for port 21
2001/06/20-13:57:18.42 200.24.64.50 (Gaspar de Villaroel,,QUITO,EC) scannet for port 111,21
2001/06/20-15:11:02.59 61.132.53.58 (Jiangsu Tour Admistration Bureau,Jiangsu Province,CN) scannet for port 80
2001/06/20-16:56:04.12 61.132.53.58 (Jiangsu Tour Admistration Bureau,Jiangsu Province,CN) IIS server attacks.
2001/06/20-17:03:01.36 139.142.135.118 (Myrias Computer Technologies Inc.,CALGAREY,CA) scannet for port 111
2001/06/20-17:19:22.61 158.64.9.41 (supra.ecgs.lu) scannet for port 111, buff overflow attacks rstatd
2001/06/20-22:34:43.10 208.187.122.33 (AvalancheNet.com,Salt Lake City, UT,US) scannet for port 111, buff overflow attacks rstatd
2001/06/21-02:19:36.71 205.187.90.44 (San Jose State University,SAN JOSE,CA,US) 1. scan net for port 515,3879
2001/06/21-02:19:36.71 205.187.90.44 (San Jose State University,SAN JOSE,CA,US) 2. buff overflow attack on port 515
2001/06/21-08:19:45.19 167.8.29.91 (Gannett Co. Inc.,SILVER SPRINGS,MD,US) scan 132.235.1.2 for port 33434
2001/06/21-14:52:51.04 192.150.187.29 (jackal.aciri.org) scan 132.235.1.2 for ports 7000,7001
2001/06/21-15:20:06.45 150.214.191.71 (moraima.ugr.es) scan net for port 53
2001/06/21-15:20:06.45 150.214.191.71 (moraima.ugr.es) scannet fo r port 53
2001/06/21-16:34:46.21 167.8.29.91 (Gannett Co. Inc.,SILVER SPRINGS,MD,US) scan 132.235.1.1 for port 33434
2001/06/21-17:00:29.75 216.209.173.132 (Kitchener-ppp3521579.sympatico.ca) scan net for ports 80,81,1080,3128,8080
2001/06/21-18:47:22.12 202.142.80.7 (Zee Telefilms Ltd,IN) scannet for port 111 (scan SYN FIN, again with FIN)
2001/06/21-20:06:31.43 195.254.2.18 (Krystalrech GmbH,GERMANY,DE) scan net for port 111 look for rstatd
2001/06/21-20:07:04.53 195.254.2.18 (Krystalrech GmbH,GERMANY,DE) launch buff overflow attacks againts 132.235.1.1 to 20:26:11.42
2001/06/21-20:31:01.30 195.254.2.18:646 (Krystalrech GmbH,GERMANY,DE) 1. buff overflow attack on 132.235.1.63:32795 as being rebuilt!
2001/06/21-20:31:01.30 195.254.2.18:646 (Krystalrech GmbH,GERMANY,DE) 2. ftp to 200.176.106.68(dl-cco1-C8B06A44.nho.terra.com.br) as
2001/06/21-20:31:01.30 195.254.2.18:646 (Krystalrech GmbH,GERMANY,DE) 3. cbc/anamobius2001 get sol8.tar,install wimpy rootkit.
2001/06/21-23:08:06.77 132.235.207.137 (dhcp-207-137.cns.ohiou.edu) scan 132.235.3.141,152 for rstatd
2001/06/21-23:56:28.38 24.141.89.78 (d141-89-78.home.cgocable.net) scan net for 132.235.3.x  port 2737
2001/06/21-23:56:28.45 65.8.89.86 (cc28227-c.etntwn1.nj.home.com) scan net 132.235.201.x for port 2737
2001/06/21-23:56:28.46 65.28.205.254 (nic-28-c205-254.new.rr.com) scannet 132.235.16.x for port 2737
2001/06/21-23:56:28.47 24.203.212.180 (modemcable180.212-203-24.mtl.mc.videotron.ca) scan net for 132.235.18.x  port 2737
2001/06/21-23:56:28.47 66.30.200.23 (sacome-cmt1-c4-66-30-200-23.maine.rr.com) scannet 132.235.19.x for port 2737
2001/06/21-23:56:28.48 63.228.113.62 (sttldslgw10poolB62.sttl.uswest.net)  scan net for port 2737
2001/06/21-23:56:28.80 209.214.156.149 (host-209-214-156-149.msy.bellsouth.net) scannet 132.235.17.x for port 2737
2001/06/21-23:56:29.85 24.200.129.68 (modemcable068.129-200-24.mtl.mc.videotron.ca) scan net for 132.235.3.x  port 2737
2001/06/21-23:56:40.11 24.29.181.76 (wks-29-181-76.kscable.com) scan net 132.235.16.x  for port 2737
2001/06/21-23:56:40.59 65.8.216.230 (ci391314-b.nash1.tn.home.com) scannet 132.235.2.x for port 2737
2001/06/21-23:57:18.34 64.199.3.24 (A010-0278.FTSM.splitrock.net) scan net 132.235.201.x for port 2737
2001/06/21-23:58:00.62 24.203.212.180 (modemcable180.212-203-24.mtl.mc.videotron.ca) scan net for 132.235.19.x  port 2737
2001/06/21-23:58:01.98 209.214.156.149 (host-209-214-156-149.msy.bellsouth.net) scannet 132.235.18.x for port 2737
2001/06/21-23:58:14.71 65.8.216.230 (ci391314-b.nash1.tn.home.com) scannet 132.235.3.x for port 2737
2001/06/22-06:42:29.08 193.249.86.38 (Mix-Clermont-F-110-4-38.abo.wanadoo.fr) probe port 111 on 132.235.1.252
2001/06/22-09:30:28.07 61.220.64.83 (61-220-64-83.HINET-IP.hinet.net) scannet for port 53
2001/06/22-09:38:28.87 66.27.2.214 (sc-66-27-2-214.socal.rr.com) scannet for port 515
2001/06/22-09:39:46.40 213.76.204.25 (pa25.opole.sdi.tpnet.pl) scan selected ips for port 515
2001/06/22-09:43:37.82 66.27.2.214 (sc-66-27-2-214.socal.rr.com) buff overflow attack on132.235.16.203:515
2001/06/22-10:24:57.56 209.9.184.18 (209-9-184-18.sdsl.cais.net) scan selected machines for port 21, 137
2001/06/22-10:24:57.58 24.7.32.131 (cx675811-a.blvue1.ne.home.com) scan selected machines for port 21,137
2001/06/22-10:24:57.67 24.130.82.163 (we-24-130-82-163.we.mediaone.net) scan selected machines for port 21
2001/06/22-10:24:57.68 24.188.133.236 (ool-18bc85ec.dyn.optonline.net)  scan selected machines for port 21
2001/06/22-10:24:57.82 216.67.164.34 (Union Saratoga DSL,WY,US) scan selected machines for port 21
2001/06/22-10:24:57.85 195.55.55.194 (Alimerka,Internet Public Adresses,ES) scan selected machines for port 21
2001/06/22-10:24:57.86 24.234.60.20 (cm020.60.234.24.lvcm.com) scannet for port 21
2001/06/22-10:24:57.91 24.116.61.51 (johnny.suxcpe.cableone.net)  scan selected machines for port 21
2001/06/22-10:24:58.02 213.26.247.2 (SALVIATI E SANTONI SPA,IT)  scan selected machines for port 21,137
2001/06/22-10:24:58.09 213.26.19.150 ( ANDERSEN-CONSULTING) scan selected machines for port 21
2001/06/22-10:24:58.44 216.61.40.121 (adsl-216-61-40-121.dsl.austtx.swbell.net) scan selected machines for port 21
2001/06/22-10:25:00.35 24.130.104.183 (we-24-130-104-183.we.mediaone.net) scan selected machines for port 21
2001/06/22-10:25:03.45 24.237.40.146 (cable-146-40-237-24.anchorageak.net) scan net for port 21
2001/06/22-10:25:09.14 24.143.9.94 (cswe-994.communicomm.com) scan selected machines for port 21
2001/06/22-10:25:09.19 209.166.57.178 (kprr.vinpal.com) scan selected machines for port 21
2001/06/22-10:25:13.37 24.131.8.130 (nic-c08-130.mw.mediaone.net) scan selected machines for port 21
2001/06/22-10:25:15.81 193.165.66.40 (base.knih-pt.cz) scan selected machines for port 21
2001/06/22-10:25:45.35 24.18.73.118 (@Home Network,Redwood City, CA,US) ftp to network printer.
2001/06/22-10:26:00.79 213.26.79.165 (LAFERT SPA,IT) scan selected ips for port 21
2001/06/22-10:26:30.78 213.26.79.165 (LAFERT SPA,IT)  scan selected machies for port 21
2001/06/22-10:26:32.22 216.61.41.249 (adsl-216-61-41-249.dsl.austtx.swbell.net) scan selected machines for port 21
2001/06/22-10:26:36.71 24.216.1.125 (24-216-1-125.hsacorp.net) scan selected machines for port 21
2001/06/22-10:53:04.76 213.47.141.197 (chello213047141197.15.vie.surfer.at) scan selected machiens for port 515
2001/06/22-10:58:07.62 213.47.141.197 (chello213047141197.15.vie.surfer.at) buff overflow attack on port 515 on scanned ips.
2001/06/22-10:58:39.08 213.47.141.197 (chello213047141197.15.vie.surfer.at) conn o port 3879 on attacked machines
2001/06/22-11:28:58.66 211.21.58.74 (TW) buff overflow attack on port 515 on various ips, conn to port 3879 on same ip.
2001/06/22-12:20:55.38 4.40.79.232 (crtntx1-ar5-079-232.crtntx1.dsl.gtei.net) portscan 132.235.1.252
2001/06/22-12:20:55.38 4.40.79.232 (crtntx1-ar5-079-232.crtntx1.dsl.gtei.net) various web probes against 132.235.1.252(phf, finger...)
2001/06/22-12:24:38.96 4.40.79.232 (crtntx1-ar5-079-232.crtntx1.dsl.gtei.net) ftp 132.235.1.252 as root passwds - root,guessme,tomholmes,holmes,labbell
2001/06/22-16:37:22.25 24.240.188.81 (024-240-188-081.rcm.charterpa.net) scan selected ip subset for port 2737
2001/06/22-16:37:22.27 24.228.21.96 (cv32277-a.stmfd1.ct.home.com) scan net fo rport 2737
2001/06/22-16:37:22.31 64.229.161.158 (HSE-MTL-ppp62443.qc.sympatico.ca) scan selected ips for port 2737
2001/06/22-16:37:22.32 24.250.250.5 (cc282557-a.roylok1.mi.home.com) scan selectd ips for port 2737
2001/06/22-16:37:22.32 64.230.148.101 (HSE-Kitchener-ppp231190.sympatico.ca) scan selected ips for port 2737
2001/06/22-16:37:22.37 217.136.1.221 (adsl-33245.turboline.skynet.be) scan selected ips for port 2737
2001/06/22-16:37:22.40 24.179.235.222 (c1606219-a.mntp1.il.home.com) scan net for port 2737
2001/06/22-16:37:22.40 24.79.72.87 (h24-79-72-87.vc.shawcable.net) scan selectd ips for port 2737
2001/06/22-16:37:23.81 24.178.6.24 (cb134867-a.rmdws1.il.home.com) scan selected machines for port 2737
2001/06/22-16:38:08.48 209.254.236.229 (A010-0483.TCSN.splitrock.net) scan seleted ips for port 2737
2001/06/22-16:38:08.79 64.39.190.164 (190-164.SPEEDe.golden.net) scan selected ips for port 2737 in 201 subnet
2001/06/22-16:38:16.36 216.179.5.182 (dialin-1198-tnt.nyc.bestweb.net) scan ent 132.235.3.x for port 2737
2001/06/22-16:38:20.88 209.226.180.107 (HSE-MTL-ppp12035.qc.sympatico.ca) scan selected ips for port 2737 in net 201
2001/06/22-16:40:15.22 213.47.108.145 (chello213047108145.14.vie.surfer.at) scan selected machiens for port 2737
2001/06/22-16:40:15.22 213.47.108.145 (chello213047108145.14.vie.surfer.at) scan selected machies for port 2737
2001/06/22-16:41:01.34 24.4.251.100 (cc945962-a.mdltwn1.nj.home.com) scan some ips in 132.235.125.x for port 2737
2001/06/22-20:14:24.71 209.67.29.8 (Usa Today Information Network,VA,US) query root name servers on 132.235.1.252
2001/06/22-20:20:36.56 211.22.91.92 ( CHTD, Chunghwa Telecom Co.,Ltd,TW) scan selected ips for port 515
2001/06/22-20:20:39.10 211.22.91.92 (CHTD, Chunghwa Telecom Co.,Ltd.,TW) scan selected machines for port 515
2001/06/22-20:25:16.16 211.22.91.92 ( CHTD, Chunghwa Telecom Co.,Ltd,TW) start of buff overflow attacks, con port 3879
2001/06/22-21:59:37.03 209.67.29.10 (Usa Today Information Network,VA,US) query root name servers on 132.235.1.252
2001/06/22-22:03:40.16 210.111.240.82 (KOREA CRAP) scan net for port 21
2001/06/23-13:30:06.55 200.33.79.239 (Gobierno del Estado de Morelos,MORELOS,MX) scan net for port 111
2001/06/23-13:52:09.02 200.33.79.239 (Gobierno del Estado de Morelos,MORELOS,MX) start of buff overflow attacks on various ips
2001/06/23-14:25:14.66 210.113.88.30 (KOREA CRAP) scan net for port 111
2001/06/23-16:16:37.06 210.113.88.30 (KOREA CRAP) start of buff overflow attacks
2001/06/24-02:44:42.23 65.10.19.21 (c1239119-a.flrmnd1.tx.home.com) scan net for port 1243
2001/06/24-02:44:42.25 24.76.21.152 (h24-76-21-152.vc.shawcable.net) scannet for port 1243
2001/06/24-02:44:42.69 65.185.80.37 (dsl-65-185-80-37.telocity.com) scan selected machines for port 1243
2001/06/24-02:45:28.49 24.249.152.237 (cx739046-a.vbch1.va.home.com) scan 132.235.201.x for port 1243
2001/06/24-02:46:25.62 65.6.112.58 (c1224711-a.lakwod2.co.home.com) scan selected machines for port 1243
2001/06/24-03:48:20.75 24.18.6.208 (@Home Network,CA<US) scan net for port 21
2001/06/24-04:09:48.21 210.68.194.188 (Digital United Inc,Taipei, Taiwan) scan selected machines for port 53
2001/06/24-07:44:20.93 211.44.208.109 (KOREA CRAP) scan net for port 21
2001/06/24-17:04:19.26 193.253.250.85 (AMarseille-201-1-3-85.abo.wanadoo.fr) scan net for port 21
2001/06/24-19:01:57.69 193.204.135.164 (intrigila.dm.univaq.it) scan net for port 111
2001/06/25-00:01:17.33 65.10.80.179 (c1467189-a.alntn1.tx.home.com) scan selected ips for port 2737
2001/06/25-00:01:17.34 65.10.80.179 (c1467189-a.alntn1.tx.home.com) scan selected ips for port 2737
2001/06/25-00:01:17.37 24.13.117.202 (cc192571-a.twsn1.md.home.com)scan selected ips for port 2737
2001/06/25-00:01:17.38 24.200.129.68 (modemcable068.129-200-24.mtl.mc.videotron.ca) scan selected ips for port 2737
2001/06/25-00:01:17.38 63.225.223.3 (udslppp3.phnx.uswest.net) scan selected ips for port 2737
2001/06/25-00:01:17.43 24.43.57.10 (cr460071-a.rchrd1.on.wave.home.com) scan seledted ips for port 2737
2001/06/25-00:01:17.47 208.60.255.192 (host-208-60-255-192.mia.bellsouth.net) scan selected ips for port 2737
2001/06/25-00:01:17.49 213.10.182.167 (ipd50ab6a7.speed.planet.nl) scan sel. ips for port 2737
2001/06/25-00:01:17.61 205.251.242.89 (Cable Atlantic Inc.,St. Johns. NF, CA) cat sel. ips for port 2737
2001/06/25-00:01:17.63 4.3.234.18 (evrtwa1-ar3-234-018.evrtwa1.dsl.gtei.net) scan selected ips for port 2737
2001/06/25-00:01:17.64 64.231.168.97 (HSE-London-ppp289352.sympatico.ca) scan selected ips for port 2737
2001/06/25-00:01:17.80 216.179.5.61 (dialin-1077-tnt.nyc.bestweb.net) scan selected ips for port 2737
2001/06/25-00:01:24.22 24.13.207.36 (c704095-a.btnrug1.la.home.com)scan selected ips for port 2737
2001/06/25-00:01:51.86 213.48.208.50 (usr1753-wit.cableinet.co.uk) scan selected ips for port 2737
2001/06/25-00:02:25.99 63.225.223.3 (udslppp3.phnx.uswest.net) scan selected ips for port 2737
2001/06/25-04:25:02.48 211.162.31.6 (Shanghai GWBN,Hefei Metropolitian Area Network,CN) scan net for port 515
2001/06/25-04:29:15.61 211.162.31.6 (Shanghai GWBN,Hefei Metropolitian Area Network,CN) start lprng overflow attacks on port 515
2001/06/25-04:29:16.38 211.162.31.6 (Shanghai GWBN,Hefei Metropolitian Area Network,CN) conn port 3879 on attacked machines.
2001/06/25-09:22:59.04 206.221.228.23 (pc6.coleman-eiu.advancenet.net) scan selected machines for port 111
2001/06/25-09:31:20.14 213.178.192.227 (ip-vimar.telemar.it) scan selected ips for port 515
2001/06/25-09:37:16.17 210.249.201.237 (a02-237.ip-tokyo.highway.ne.jp) scan selected ips for port 515,buff overflow attacks begin
2001/06/25-09:46:56.20 206.221.228.23 (pc6.coleman-eiu.advancenet.net) buff overflow attacks begin
2001/06/25-10:03:48.16 210.74.132.15 (Jitong Communications Co.,Ltd,CN) scan selected ips for port 515
2001/06/25-10:04:00.09 213.178.192.227 (ip-vimar.telemar.it) buff overflow attacks begin
2001/06/25-10:08:48.74 210.74.132.15 (Jitong Communications Co.,Ltd,CN) buff overflow attacks begin
2001/06/25-13:36:23.65 206.99.6.9 (OUS -ITS,CORVALLIS, OR) scan selected machines for port 515
2001/06/25-14:20:53.39 211.36.236.150 ((KOREA CRAP) scannet for port 111
2001/06/25-14:20:53.91 211.36.236.150 ((KOREA CRAP) buff overflow attacks begin
2001/06/25-15:47:24.18 216.234.247.161 (ThePlanet.com Internet Services,DALLAS,TX) scannet for port 111
2001/06/25-15:47:24.23 216.234.247.161 (ThePlanet.com Internet Services,DALLAS,TX)buff overflow attacks begin
2001/06/25-16:22:41.59 193.40.213.178 (iisaku.edu.ee) scan selected ips for port 515
2001/06/25-16:23:17.30 210.62.176.151 (151-176-62-210.lease.isl.net.tw) scan net for port 515
2001/06/25-16:26:42.40 195.168.85.170 (Telenor Internet, Slovakia,SK) buff overflow attacks on port 515 on sel. ips
2001/06/25-16:28:12.52 210.62.176.151 (151-176-62-210.lease.isl.net.tw) buff overflow attacks begin
2001/06/25-16:28:19.89 217.96.157.206 (pn206.olesnica.sdi.tpnet.pl) scan net for port 53
2001/06/25-22:58:20.22 216.209.172.27 (guelph-ppp217554.sympatico.ca) scan sel. ips for port 8080,1080,80,81,3128
2001/06/26-00:18:00.17 203.197.164.156 (Leased line - Visual, Bangalore,IN) scan net for port 53
2001/06/26-01:11:51.10 210.113.88.31 (KOREA CRAP) scannet for port 111
2001/06/26-02:54:19.14 210.113.88.31 (KOREA CRAP) buff overflow attacks begin
2001/06/26-04:15:06.04 66.89.201.19 (Concentric Network Corporation) scan net for port 515
2001/06/26-04:17:27.32 145.236.71.224 (line-71-224.dial.matav.net) scannet for port 515
2001/06/26-04:19:33.35 66.89.201.19 (Concentric Network Corporation) buff overflow attacks on port 515 start, trojan port 3879
2001/06/26-05:20:26.63 208.204.110.20 (Tamarack Development,VALENCIA,CA,US) scan selected machines for port 515
2001/06/26-05:24:56.20 208.204.110.20 (Tamarack Development,VALENCIA,CA,US) buff overflow attacks begin
2001/06/26-05:46:36.57 208.204.110.20 (Tamarack Development,VALENCIA,CA,US) try to conn to port 515 on 132.235.15.124
2001/06/26-14:35:00.33 194.19.71.65 (modem321.nktv.no) scan net for port 21
2001/06/26-16:34:52.85 132.235.62.25 (dhcp-062-025.cns.ohiou.edu) scannet for port 80,161
2001/06/26-17:44:42.03 132.235.62.25 (dhcp-062-025.cns.ohiou.edu) 1. portscan ALL ips in 132.235.1.x. Looks like he was
2001/06/26-17:44:42.03 132.235.62.25 (dhcp-062-025.cns.ohiou.edu) 2. using 2 portscanners on the same mach. simultaineously
2001/06/26-17:44:42.03 132.235.62.25 (dhcp-062-025.cns.ohiou.edu) start nmap icmp scan echo scan of net
2001/06/26-17:54:32.353 132.235.62.25 (dhcp-062-025.cns.ohiou.edu)  start of net scan for port 1080
2001/06/26-18:14:32.64 24.42.203.61 (cr791538-a.glph1.on.wave.home.com) try to create numerous dirs w/anon ftp on ace.
2001/06/26-18:26:44.36 132.235.62.25 (dhcp-062-025.cns.ohiou.edu) start scan of net for ports 13[79],445
2001/06/26-18:51:24.02 216.209.172.27 (guelph-ppp217554.sympatico.ca) scan net 132.235.17.x for port 8080,1080,80,81,3128
2001/06/26-22:04:22.26 62.255.183.204 (pc1-stev2-0-cust204.lut.cable.ntl.com) scan net for port 21
2001/06/27-00:46:22.82 155.230.152.231 (susy.kyungpook.ac.kr) scannet for port 111
2001/06/27-00:46:23.11 155.230.152.231 (susy.kyungpook.ac.kr) start of buff overflow attacks
2001/06/27-10:03:06.12 62.255.183.204 (pc1-stev2-0-cust204.lut.cable.ntl.com) scan net for port 21
2001/06/27-10:57:42.94 216.4.165.15 (Business Internet, Inc.,TAMPA,FL,US) start of tracroutes? every couple mins til 11:20:26.44
2001/06/27-13:50:55.38 211.36.236.150 ((KOREA CRAP) scan selectd ips for port 111
2001/06/27-13:50:55.61 211.36.236.150 ((KOREA CRAP) start of buff overflow attacks
2001/06/27-13:58:37.33 132.235.62.25 (dhcp-062-025.cns.ohiou.edu) scan net for port 139,445,137
2001/06/27-14:23:56.68 200.203.240.129 (AR-NET INFORMATICA LTDA,RIO,BR) scan selected ips for port 111
2001/06/27-14:24:03.69 200.203.240.129 (AR-NET INFORMATICA LTDA,RIO,BR) start of buff overflow attacks
2001/06/27-14:54:57.45 203.250.68.191 (KOREA CRAP) scan net for port 21
2001/06/27-19:51:20.45 203.45.174.139 (CPE-203-45-174-139.qld.bigpond.net.au) scan net 132.235.201.x for port 111
2001/06/28-01:18:28.93 24.2.206.14 (cc1009018-c.warn1.mi.home.com) scannet for port 515
2001/06/28-01:23:18.19 24.2.206.14 (cc1009018-c.warn1.mi.home.com) buff overflow attacks begin-trojan port 3879
2001/06/28-01:39:48.61 208.17.144.86 (virtualorchard.net) over 1600 unique probes of web server weakness against 1 web server.
2001/06/28-07:58:31.39 148.247.42.2 (Centro de Investigacion y de Estudios Avanzados del IPN,MEXICO) scan selected ips for port 515
2001/06/28-10:47:03.40 203.80.232.168 (232user168.ctinets.com) scan selected ips for port 515+buff overflow attacks
2001/06/28-11:10:55.09 202.7.214.7 (free-tpg-007.tpgi.com.au) scan selected ips for port 515
2001/06/28-16:59:25.88 211.8.91.129 (CUE BELLS SYNC Ltd.,JAPAN) scan selected ips for port 111
2001/06/28-17:57:58.41 212.182.135.114 (WISH-Noknok B.V,NL) scan net for port 21
2001/06/28-23:48:00.42 211.220.199.226 (KOREA CRAP)scan net for port 111
2001/06/29-00:16:47.73 210.53.20.230 (China Netcom Corp.,CN) scan net for port 80,PoisonBox web page replacement attack.
2001/06/29-04:33:47.29 211.237.89.109 (KOREA CRAP) netbios name scan of 132.235.3.x
2001/06/29-06:19:22.55 210.161.41.161 (?.jp) scannet for port 53
2001/06/29-17:17:36.21 64.21.81.97 (Net Access Corporation ,NJ,US) scannet for port 111
2001/06/29-17:17:36.30 64.21.81.97 (Net Access Corporation ,NJ,US) start of buff overflow attacks
2001/06/30-00:06:20.31 211.252.121.10 (KOREA CRAP)scan net for port 111
2001/06/30-01:03:05.34 209.99.235.27 (Millicom Argentina SA,Buenos Aires,AR) scannet for port 111
2001/06/30-04:13:23.35 66.46.84.82 (MetroNet Communications Group Inc.,Toronto Ontario,CA) scannet for port 53
2001/06/30-15:41:36.60 62.31.88.137:11111 (pc-62-31-88-137-dn.blueyonder.co.uk) scan net for port 21
2001/06/30-18:50:00.69 202.153.226.38 (www.spectrabox.com) scannet for port 53
2001/06/30-19:39:09.60 64.171.88.2 (Resolvenet,CA,US) scan net for port 53,buff overflow attacks
2001/06/30-21:04:33.73 200.224.251.100 (TANDEM TELECOMUNICA��ES LTDA.,SAU PAULO, BR) scan net for port 111
2001/06/30-21:04:35.16 200.224.251.100 (TANDEM TELECOMUNICA��ES LTDA.,SAU PAULO, BR) scan net for port 53