Short summary of some of the attacks against us for Jun. 2001

year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes



2001/07/01-18:25:26.40 211.252.190.116 (KOREA CRAP)scan selected ips for port 111
2001/07/01-18:25:37.62 211.252.121.10 (KOREA CRAP)scan net for port 111, buff overflow attacks
2001/07/01-18:25:58.68 192.203.142.250 (ABLEX Co., Ltd.,SEOUL,KR) scan net for port 111
2001/07/01-23:29:24.79 192.203.142.250 (ABLEX Co., Ltd.,SEOUL,KR) scan net for port 111
2001/07/02-05:58:22.28 210.160.70.66 (System Vision Co.,Ltd.,JP) scan selected ips for port 111
2001/07/02-07:34:18.20 210.200.248.175 (mse.e2100.com.tw) scan net for port 53
2001/07/02-12:26:49.79 195.143.8.121 (Berndt u. Brunge Software GmbH,,DE) scannet for port 111
2001/07/02-13:01:08.92 195.143.8.121 (Berndt u. Brunge Software GmbH,,DE) scan net for port 21
2001/07/02-17:07:12.67 204.152.186.49:6667 (monkey.lpsg.net) scan several ips for ports 3072,1024
2001/07/03-05:32:32.06 143.107.98.232 (biot.mcef.ep.usp.br) scan net for port 23
2001/07/03-05:56:54.03 61.150.49.84 (Xi'An jing cai netbar,CN) scan net for port 111
2001/07/03-05:56:54.78 61.150.49.84 (Xi'An jing cai netbar,CN) start of buff overflow attacks
2001/07/03-06:51:43.82 211.186.87.114 (KOREA CRAP) scan net for port 53
2001/07/03-23:22:46.22 200.224.251.100 (TANDEM TELECOMUNICAÇÕES LTDA.,Sao Paulo,BR) scan net for port 111
2001/07/04-06:15:32.20 216.68.247.31 (gatekeeper.cincinnati.com) slow probe of net on port 137
2001/07/04-06:22:04.25 61.129.163.135 (CHINANET Shanghai province network,CN) scannet for port 80+ IIS attacks
2001/07/04-13:49:58.75 24.109.50.217 (cisn2.powersurfr.com) scannet for port 111
2001/07/04-13:50:00.11 24.109.50.217 (cisn2.powersurfr.com)  start of buff overflow attacks
2001/07/04-22:52:26.83 162.40.32.193 (h162-040-032-193.alltel.net) scan net using ping
2001/07/04-22:56:13.62 195.224.212.66 (buzz.colo.magmom.net) scan net for port 143
2001/07/04-23:21:02.21 61.18.163.59 (cm61-18-163-59.hkcable.com.hk) scannet for port 111
2001/07/04-23:53:51.81 211.252.190.116 (KOREA CRAP) scan net for 111
2001/07/04-23:53:52.05 211.252.190.116 (KOREA CRAP) start of buff overflow attacks
2001/07/05-00:32:36.50 213.97.103.73 (Telefonica Data Espana,ES) scannet for ports 8080 3128 80 81 82 83 1080
2001/07/05-01:23:23.14 200.204.141.50 ( TELECOMUNICACOES DE SAO PAULO S/A,,Sao Paulo,BR) scan net for port 53
2001/07/05-07:42:34.73 213.97.103.73 (Telefonica Data Espana,ES) scannet for ports 3128 8080 80 8182,83
2001/07/05-09:28:51.11 217.10.208.130 (ns2.ems.ro) portscan several machiens for port 23,25,143,110,80,114,1,etc
2001/07/05-09:29:18.53 217.10.195.138 ( (MobiFon S.A.,Bucharest, Romania) scan selected ips for port 111,23,21,53,682
2001/07/05-09:30:14.94 217.10.194.6 (MobiFon S.A.,Bucharest, Romania) scan selected ips for port 80
2001/07/05-09:31:11.13 217.10.208.130 (ns2.ems.ro) scan net for port 25 with EXPM ROOT cmds
2001/07/05-09:41:31.78 217.10.208.130 (ns2.ems.ro) scan net for port 31337 (backorifice1 scan)
2001/07/05-09:41:58.11 217.10.208.130:2 (ns2.ems.ro) scannet for port 111
2001/07/05-14:09:07.38 194.158.211.33 (Republican Association BELTELECOM,BY) scan net for port 21, try to break in w/anon ftp
2001/07/05-15:34:10.48 210.232.89.36 (Peace One Inc.,JP) scan net for port 53
2001/07/06-03:20:09.51 216.130.157.36 (www.ptcgovernment.org) scan net for port 21
2001/07/06-03:49:15.11 62.158.33.43 (p3E9E212B.dip.t-dialin.net) scan net for port 21, try to break in w/anon ftp
2001/07/06-10:07:54.18 132.235.250.6 (netmon4.cns.ohiou.edu) portscan 132.235.15.250
2001/07/06-10:47:22.68 132.235.250.6 (netmon4.cns.ohiou.edu) scan port 80 on 132.235.201.[0,10]
2001/07/06-10:50:01.59 132.235.250.6 (netmon4.cns.ohiou.edu) portscan 132.235.201.8
2001/07/06-11:01:48.74 132.235.250.6 (netmon4.cns.ohiou.edu) scan 132.235.201.x for port 80
2001/07/06-20:50:15.30 216.53.218.155 (216-53-218-155.ppp.mpinet.net) scan select ips for port 25
2001/07/07-02:15:04.94 193.252.49.110 (ATours-101-1-1-110.abo.wanadoo.fr) scannet for port 21
2001/07/07-07:46:59.23 193.252.49.110 (ATours-101-1-1-110.abo.wanadoo.fr) scan select ips for port 21, use anon ftp to try to breakin
2001/07/08-01:45:37.69 195.46.96.102 (techservice-gw.irtel.ru) scan 132.235.x.x for port 111
2001/07/08-03:59:34.32 209.114.165.26 (s0-1.medfast.cust.stargate.net) scan select ips for port 53
2001/07/08-03:59:40.42 209.114.165.26 (s0-1.medfast.cust.stargate.net) scan net for port 53
2001/07/08-05:49:06.96 132.248.29.184 (stephens.nuclecu.unam.mx) scannet for port 111
2001/07/08-05:49:13.77 132.248.29.184 (stephens.nuclecu.unam.mx) scannet for port 21
2001/07/08-15:45:12.75 64.65.194.71 (host-64-65-194-71.choiceone.net) scan select ips for port 111
2001/07/08-16:05:13.39 210.115.1.81 (ns1.issan.net) scan net for port 53
2001/07/08-16:05:14.64 210.115.1.67 (ns1.issankorea.net) scan selected ips for port 53
2001/07/08-23:31:42.87 62.161.100.122 (ca-ol-marseille-5-122.abo.wanadoo.fr) attack web server at 132.235.3.154 with ../.. stuff
2001/07/09-00:04:36.35 217.80.210.95 (pD950D25F.dip.t-dialin.net) ftp to 132.235.1.8.
2001/07/09-09:20:49.80 210.95.5.60 (Korea crap) scan net for port 111
2001/07/09-17:05:04.25 210.95.5.60 (Korea crap) scan seelect ips for port 111+ buff overflow attacks
2001/07/10-03:49:10.05 211.114.176.227 (Korea crap) scan seleect ips  for port 111
2001/07/10-12:17:06.42 200.4.100.180 (Informacion Selectiva S.A. de C.V,Mexico) scan net for port 111
2001/07/10-15:24:23.03 132.235.162.229 (e2229.east-green.ohiou.edu) icmp ping scan of 132.235.36.x
2001/07/10-18:02:57.05 213.98.99.118 (Telefonica Data Espana,SPAIN) ping scan of selected ips
2001/07/11-02:04:04.04 198.62.68.250 (Kern High School District,CA,US) scannet for port 80, PoisongBox attacks
2001/07/11-08:09:54.49 24.31.195.94 (ServiceCo LLC - Road Runner,Herndon, VA,US) scan net for port 512,111
2001/07/11-09:05:00.69 194.78.158.226 (www.badpublicity.be) 1. use IIS exploit to run tftp on 132.235.a.b and download files from
2001/07/11-09:10:20.62 194.78.158.226 (www.badpublicity.be) 2 128.163.26.13 (MORPH'S SERVER ftp sever)
2001/07/11-09:10:22.70 64.167.212.170 (adsl-64-167-212-170.dsl.lsan03.pacbell.net) mv files to corel dir as explorer.exe and serv-u.ini.
2001/07/11-09:12:04.10 194.78.158.226 (www.badpublicity.be) re-download files from 128.163.26.13 onto 132.235.a.b
2001/07/11-09:13:10.80 65.32.48.30 (653248hfc30.tampabay.rr.com) 1. conn to 132.235.a.b:1010 as USER morphed,PASS 101,
2001/07/11-09:13:10.80 65.32.48.30 (653248hfc30.tampabay.rr.com) 2. download multiple files. , site exec lsass.exe
2001/07/11-09:30:38.73 4.35.3.226 (crtntx1-ar4-003-226.biz.dsl.gtei.net) logon to 132.235.a.b:1021 USER knwn,PASS fxpteam
2001/07/11-10:16:31.15 63.215.121.40 (Townsend Analytics Ltd.,Chicago, IL,US) conn to 132.235.a.b:1020
2001/07/11-10:25:12.49 213.93.67.126 (e67126.upc-e.chello.nl) con to 132.235.a.b:1021 USER knwn,PASS fxpteam
2001/07/11-10:30:51.11 216.0.218.19 (Business Internet, Inc.,TAMPE,FL.US) logon to 132.235.a.b
2001/07/11-10:33:21.00 4.35.3.226 (crtntx1-ar4-003-226.biz.dsl.gtei.net) logon to 132.235.a.b:1021 USER knwn,PASS fxpteam
2001/07/11-10:51:55.98 213.123.140.193 (host213-123-140-193.btopenworld.com) logon to 132.235.a.b:1021  USER knwn,PASS fxpteam
2001/07/11-11:03:18.66 213.82.13.36 (Provv. Studi Milano,IT)  logon to 132.235.a.b:1021 USER knwn,PASS fxpteam
2001/07/11-11:49:03.13 198.109.0.11 (staffmail.detroit.k12.mi.us) IIS attack on select ips via ..%c0%af.. on web server
2001/07/11-13:43:03.21 129.236.34.20 (crunch.ldgo.columbia.edu) start xfer of dvd from 132.235.a.b named Rapa.Nui.1994.DVDivX.SBC-ART.r00
2001/07/11-13:55:47.74 211.101.145.2 (HCint,the customer of Capital Network,CN) scan net for port 80 +std PoisonBox IIS attacks.
2001/07/11-16:06:09.18 211.101.145.2 (HCint,the customer of Capital Network,CN) attack select web servers.
2001/07/12-08:02:17.31 62.136.52.92 (modem-92.terbium.dialup.pol.co.uk) scan 132.235.3.x for port 111
2001/07/13-10:10:19.22 24.18.229.6 (cc279722-b.ebnsk1.nj.home.com) scan net for port 111
2001/07/13-10:11:38.27 24.18.229.6 (cc279722-b.ebnsk1.nj.home.com) start of buff overflow attacks
2001/07/13-16:50:19.69 217.82.22.102 (pD9521666.dip.t-dialin.net) scan net for port 21, ana ftp attacks
2001/07/13-17:02:16.10 212.210.210.11 (mail.itsosgadda.it) scannet for port 21
2001/07/14-09:48:24.42 24.165.241.15 (ubr-165.241.15.palmbayII.cfl.rr.com) icmp_ping scan of net
2001/07/14-13:34:05.62 61.159.212.51 (YunNan Province Quality Technology superintend Bureau,CN) scan net for port 111
2001/07/14-13:56:46.37 202.54.11.142 (haldane.ncl.res.in) scan net for port 111
2001/07/14-20:12:53.66 129.187.154.137 (pc47.e18.physik.tu-muenchen.de) scan net for port 111
2001/07/14-20:12:53.96 129.187.154.137 (pc47.e18.physik.tu-muenchen.de) start of buff overflow attacks
2001/07/16-00:59:20.41 216.209.172.93 (guelph-ppp217620.sympatico.ca) scan select ips for port 8080, 1080, 80, 81,3128
2001/07/16-06:55:49.25 149.31.1.26 (Newschool for Social Research,NY,NY,US) scan several ips on high level port
2001/07/16-09:06:04.16 217.165.224.235 ( Emirates Telecommunications Corp.,AE) scan 132.235.1.12 for port 50000,6667
2001/07/16-09:40:17.93 217.57.19.30 (CDC COMPUTER DATA CONTROL,IT) scan net for port 21
2001/07/16-14:33:58.41 208.188.193.89 (Web One,Plano, TX,US) scan several ips on high level port
2001/07/16-20:20:37.46 62.90.29.226 (Barak I.T.C,Israel) scannet for port 53
2001/07/17-08:32:10.97 200.230.81.215  (INTERNET DIGITAL BOULEVARD S/C LTDA.,BR) scannet for port 53,probe for version no.
2001/07/18-00:14:50.64 217.81.206.222 (pD951CEDE.dip.t-dialin.net) scannet for port 21
2001/07/18-07:36:41.62 202.64.236.148 (Hong Kong Supernet Ltd,HK) scan selected ips for port 111
2001/07/19-06:15:50.37 x.x.x.x (everywhere) hits from 23687 ips by code red virus against Stocker
2001/07/19-06:15:50.37 x.x.x.x (everywhere) hits from 4181 ips by code red virus against Morton + Bot Reserarch
2001/07/19-07:53:09.51 200.38.145.241 (dns2.redint.com) scan selectected ips for port 21
2001/07/19-11:09:41.32 216.242.182.114 (in CIBERLYNX.NET) conn to port 500 for ISAKMP authentication protocol
2001/07/19-11:09:44.72 216.242.182.114 (in CIBERLYNX.NET) conn to port 25 to deliver SPAM (ISAKMP authenticated, though)
2001/07/19-22:34:55.82 128.242.217.10 (Verio Web Hosting - digitalNATION,VA,US) scan net for port 53
2001/07/19-22:49:23.09 200.230.93.117 (primeiro.stetnet.com.br, etc) scan select ips for port 111
2001/07/19-22:49:23.71200.230.93.117 (primeiro.stetnet.com.br, etc) scan select ips for port 53
2001/07/20-06:29:00.50 213.255.46.226 (ElFlaco,IT) scan net for port 21
2001/07/20-06:29:03.58 212.187.1.211 (c1211.upc-c.chello.nl) scan net for port 21
2001/07/20-06:30:03.72 212.187.1.211 (c1211.upc-c.chello.nl) scan select ips for prt 21
2001/07/20-06:59:40.16 194.65.77.1 (Escola Superior Agraria Coimbra) scan port 137 on net
2001/07/20-10:03:38.02 148.240.68.100 (dial-148-240-68-100.zone-2.dial.net.mx) moron ftp fake passwd file from ace
2001/07/20-10:04:10.55 148.240.68.100 (dial-148-240-68-100.zone-2.dial.net.mx) moron tries to login to ace with decrpted passwds :-)
2001/07/20-12:47:47.39 213.8.129.62 (inter.net.il) scan net for port 21
2001/07/20-16:47:42.25 211.63.100.153 (Korea crap) last code red actual attack on a Morton machine
2001/07/20-19:33:21.96 200.230.93.117 (STETNET INFORMATICA LTDA.,BR) scan port 111 on selected ips
2001/07/21-05:54:50.86 212.179.248.181 (bzq-248-181.red.bezeqint.net) scannet for port 21
2001/07/21-08:25:35.19 12.5.227.215 (VIP Sales, Inc.,Tulsa, OK,US) scan net for port 22
2001/07/21-10:08:34.26 62.82.169.81 (81-BAR2-X116.libre.retevision.es) scan port 21 on 132.235.18.6
2001/07/21-11:31:23.36 62.82.169.81 (81-BAR2-X116.libre.retevision.es) 1. conn port 80 on 132.235.18.6 with command
2001/07/21-11:31:23.36 62.82.169.81 (81-BAR2-X116.libre.retevision.es) 2.   GET /cgi-bin/handler/taluego_Lucas;cat /etc/passwd|?data=Download
2001/07/21-18:15:22.64 200.193.215.2 (TELECOMUNICACOES DO PARANÁ S/A - FILIAL TELEM,BR) attack with GET //scripts/..%c0%af../winnt
2001/07/21-18:27:34.89 203.108.0.59 (netcachesyd3.ozemail.com.au)  attack with GET //scripts/..%c0%af../winnt
2001/07/21-23:34:00.67 213.46.30.84 (d30084.upc-d.chello.nl) scan net for port 21
2001/07/21-23:34:41.76 213.46.30.84 (d30084.upc-d.chello.nl) scan net for port 21
2001/07/22-04:35:43.08 211.255.136.49 (Korea crap) last ( I thought )  code red actual attack on a Stocker machine
2001/07/22-06:01:15.37 158.43.233.241:21 (pos3-0.cr1.lnd5.gbb.uk.uu.net) scan select ips for port 1024 or 3072
2001/07/22-12:10:12.98 64.229.236.115 (HSE-QuebecCity-ppp81450.qc.sympatico.ca) scan net for port 21, try to break in w/anon ftp
2001/07/22-12:10:12.98 64.229.236.115 (HSE-QuebecCity-ppp81450.qc.sympatico.ca) scannet for port 21
2001/07/22-13:09:38.49 202.146.236.4 (deimos.centrin.net.id) try the MS IIS server attack against ace
2001/07/22-15:08:54.19 203.83.67.242 (ip067242.hkicable.com) scannet for port 111
2001/07/22-18:40:35.96 212.179.248.59 (bzq-248-59.red.bezeqint.net) scan net for port 21
2001/07/22-19:06:46.61 172.185.150.94 (AOL.com) start of about 2probes/hr on high number port from various AOL addrs.
2001/07/23-01:13:54.50 61.129.163.134 (CHINANET Shanghai province network, CH) scan net for port 80
2001/07/23-01:13:54.50 61.129.163.150 (CHINANET Shanghai province network, CH) scan net for port 80
2001/07/23-01:33:51.96 211.20.237.125 (CHTD, Chunghwa Telecom Co.,Ltd.,TW) last (for today)  code red actual attack on a Stocker machine
2001/07/23-04:58:54.18 212.179.248.59 () scan net for port 21
2001/07/23-06:00:11.21 172.185.150.94:1 () 1 packet to random high port to multiple ips throughout the day
2001/07/23-06:37:19.32 172.176.163.61:1 () 1 packet to random high port to multiple ips throughout the day
2001/07/23-08:05:05.09 24.9.160.25 () first (for today)  code red actual attack on a Stocker machine
2001/07/23-08:40:30.19 172.176.190.190:1 () 1 packet to random high port to multiple ips throughout the day
2001/07/23-09:42:49.29 172.185.107.238:1 () 1 packet to random high port to multiple ips throughout the day
2001/07/23-12:08:24.86 132.235.15.159 (water.ece.ohiou.edu) HEAVY portscan of ace, and other machines.
2001/07/23-16:16:09.73 61.129.163.150  (CHINANET Shanghai province network) scan subset of ips for port 80
2001/07/23-16:16:18.77 61.129.163.134 (CHINANET Shanghai province network) scan subset of ips for port 80
2001/07/23-19:04:25.61 61.129.163.150 (CHINANET Shanghai province network) launch IIS buff overflow attack against several machines.
2001/07/23-19:18:06.13 61.129.163.134 (CHINANET Shanghai province network) launch IIS buff overflow attack against several ips
2001/07/23-19:51:33.17 211.233.25.216:1 () 1 packet to random high port to 6 diff ips throughout the day
2001/07/23-20:51:21.54 212.199.49.43 () scan net for port 21  
2001/07/23-22:51:29.75 217.225.11.170 () scan net for port 21  
2001/07/24-02:06:38.40 211.114.166.130 () scan net for port 53
2001/07/24-03:15:50.89 211.175.33.40 () scannet for port 111
2001/07/24-03:46:13.29 211.139.140.137 (China Mobile Communications Corporation,CN) scan net for port 53
2001/07/24-04:26:35.59 206.241.58.139  () last (for today)  code red actual attack on a Stocker machine
2001/07/24-05:55:43.97 172.176.190.190 (ACB0BEBE.ipt.aol.com) probe 1 high port per ip, random ip,
2001/07/24-10:35:40.91 172.185.150.94 (ACB9965E.ipt.aol.com) probe 1 high port per ip, random ip, 1/hr
2001/07/24-10:49:33.96 212.179.248.59 (bzq-248-59.red.bezeqint.net) slow scan (3/hr) of net for port 21
2001/07/24-12:38:03.99 172.190.139.18 (ACBE8B12.ipt.aol.com) probe 1 high port per ip, random ips
2001/07/24-13:00:42.52 172.188.38.64 (ACBC2640.ipt.aol.com) probe 1 high port per ip, random ip,
2001/07/24-13:37:22.31 195.93.52.50 (supportl3-loh-P0-1.router.aol.com) probe 1 high port per ip, random ips
2001/07/24-14:11:49.65 204.253.14.97 (John Wiley & Sons,NY,US) probe port 6666 on packers
2001/07/24-15:06:23.17 172.185.107.238 (ACB96BEE.ipt.aol.com) probe 1 high port per ip,  random ip
2001/07/24-15:39:24.07 217.83.199.160 (pD953C7A0.dip.t-dialin.net) scannet for port 21
2001/07/24-15:39:46.44 217.83.199.160 (pD953C7A0.dip.t-dialin.net scannet for port 21
2001/07/24-17:27:03.88 172.176.163.61 (ACB0A33D.ipt.aol.com) probe 1 high port per ip,  random ip,
2001/07/24-17:44:27.85 195.92.95.23 (hoover.netcraft.com) scan several ips for port 443
2001/07/24-18:42:23.79 202.133.67.61 (Sattech (Private) Limited,PK) scan port 23 on several ips
2001/07/24-19:22:54.70 216.238.126.34 (blackntan.ehammer.com) portscan 132.235.18.188
2001/07/24-19:35:30.73 200.15.122.205 (Verio, Inc.,CA,US) scan net for port 111
2001/07/24-19:36:19.29 210.118.201.202 (KOrea crap) portscan 132.235.4.110,, scan net for port 111, buff overflow attacks
2001/07/24-23:53:30.41 211.185.195.1 ((KOrea crap)scan net for port 111
2001/07/25-05:57:42.50 172.176.163.61:1 (ACB0A33D.ipt.aol.com) probe 1 high port per ip,  random ips,
2001/07/25-06:03:48.13 172.185.107.238:1 (ACB96BEE.ipt.aol.com) probe 1 high port per ip,  random ips,
2001/07/25-06:10:24.48 212.179.248.59 (bzq-248-59.red.bezeqint.net) scan net for port 21
2001/07/25-06:26:51.92 24.20.29.207 (c775295-a.almda1.sfba.home.com) scannet for port 21
2001/07/25-06:26:52.04 209.181.17.186 (el.bgh2.k12.wy.us) scan net for port 21
2001/07/25-06:26:52.74 202.32.124.115 (Sysmex Co., Ltd.,JP) scan net for port 21
2001/07/25-06:26:52.78 210.226.91.50 (T.B.I.Corporation,JP) scan net for port 21
2001/07/25-06:26:52.87 202.33.226.130 (narita airport security co., ltd.,JP) scan net for port 21
2001/07/25-06:26:57.00 203.155.56.131 (New process ltd,BANKCOC,TH) scan net for port 21
2001/07/25-06:27:02.78 210.229.158.130 (AIRPORT INTELLIGENTCOMMUNICATIONSSERVICE, Co.,Ltd.,JP) scannet for port 21
2001/07/25-07:05:45.11 195.93.52.50 (supportl3-loh-P0-1.router.aol.com)  probe 1 high port per ip,  random ips,
2001/07/25-11:00:49.31 202.183.217.100 ( C.S.Communications Co., Ltd.,Bangkok, THAILAND) scanport 111 on ace
2001/07/25-12:27:21.07 211.100.12.122 (263 network group company in china,CN) scannet for port 53
2001/07/25-13:47:35.90 172.176.190.190:1 (ACB0BEBE.ipt.aol.com) probe 1 high port per ip,  random ips,
2001/07/25-14:14:54.20 63.204.50.40 (B E Logistics Inc,HAWTHORN,CA,US) ONLY ida buff overflow attack of the day in Stocker
2001/07/25-15:15:49.81 132.235.197.40 (ws101.cns.ohiou.edu) portscan 132.235.3.131
2001/07/25-16:16:16.32 213.239.149.49 (PBTech,NL) probe 1 high port per ip,  random ips,
2001/07/25-19:21:37.82 136.145.187.99 (cncac079.cnnet.clu.edu) scannet for port 111,rstatd service
2001/07/25-19:21:38.04 136.145.187.99 (cncac079.cnnet.clu.edu) start of buff overflow attacks
2001/07/25-19:31:27.65 211.185.157.222 (Korea crap) scannet for port 111,+buff overflow attacks
2001/07/25-21:21:59.19 200.27.165.214 (Instacob,Santiago,CL) scanport 111 on ace
2001/07/26-01:58:01.98 172.188.38.64 (ACBC2640.ipt.aol.com) probe 1 high port per ip,  random ips,
2001/07/26-05:59:57.83 212.179.248.59 (bzq-248-59.red.bezeqint.net) scan net for port 21
2001/07/26-08:50:59.47 61.157.201.207 (CHINANET Sichuan province network) scan port 80 on 132.235.1.209
2001/07/26-09:56:40.74 213.239.149.49 (PBTech,NL)  probe 1 high port per ip,  random ips, possibly all day
2001/07/26-10:37:05.98 61.9.134.22 (CPE-61-9-134-22.vic.bigpond.net.au) scannet for port 21
2001/07/26-14:03:40.28 213.233.101.53 (101dial53.xnet.ro) probe 1 high port per ip,  random ips, possibly all day
2001/07/26-18:57:17.83 172.176.190.190 (ACB0BEBE.ipt.aol.com) probe 1 high port per ip,  random ips,
2001/07/26-20:03:33.35 61.160.80.31 (CHINANET Jiangsu province network) scan port 80 on  132.235.1.35
2001/07/26-20:14:21.50 61.177.255.64 (CHINANET Jiangsu province network) scan port 80 on  132.235.1.35
2001/07/26-22:46:11.04 168.234.167.50 (mail.intek-ca.com) scannet on port 53
2001/07/26-23:03:14.30 61.147.48.65 (CHINANET Jiangsu province network,CN) scan port 80 on  132.235.1.35
2001/07/26-23:10:00.61 61.147.45.149 (CHINANET Jiangsu province network,CN) 1. scan port 21 on 132.235.1.35 (down for 5 months 
2001/07/26-23:10:00.61 61.147.45.149 (CHINANET Jiangsu province network,CN) 2. previosly then up 19 hrs before scan of this ip only.
2001/07/27-05:59:08.71 212.179.248.117 (bzq-248-117.red.bezeqint.net) scannet for port 21
2001/07/27-09:17:57.18 153.33.32.222 (ts2_mod2.ltx-tr.com) scan net for port 21
2001/07/27-10:34:11.06 61.136.17.194 ( CHINANET Tianjin province network) first (for today) code red actual attack on a Stocker machine
2001/07/27-16:39:28.81 62.37.147.66 (62-37-147-66.dialup.uni2.es) scannet for port 21
2001/07/27-19:41:57.82 210.96.171.36 (KOREA CRAP) probe port 11 on 132.235.1.75, buff overflow attack on 
2001/07/28-04:36:40.04 193.231.115.121 (Dragon Art SRL,RO) last  for today code red actual attack on a Stocker machine
2001/07/24-20:19:00.00 202.133.67.61 (Sattech (Private) Limited,PK) hack into condor
2001/07/28-08:23:54.47 200.193.215.2 (TELECOMUNICACOES DO PARANÁ S/A - FILIAL TELEMS) attack web server with ..%5c..%5cwinnt/
2001/07/28-11:41:02.33 206.117.204.162 (pool.206.117.204.162.cinenet.net) scan select ips for port 111, buff overflow attack
2001/07/28-20:11:45.00 200.193.215.2 (TELECOMUNICACOES DO PARANÁ S/A - FILIAL TELEMS) attack web server with ..%5c..%5cwinnt/
2001/07/29-01:08:42.00 62.224.242.9 (p3EE0F209.dip.t-dialin.net) try login/passwds on ace from dummy passwd file
2001/07/29-01:24:44.86 209.249.97.208 (infinite.wezl.org) scan several random high ports on 132.235.3.0
2001/07/29-05:50:57.00 62.155.233.145 (p3E9BE991.dip.t-dialin.net) ftp dummy passwd file from ace
2001/07/29-09:09:25.57 212.98.160.55 (ns2.rosinstrument.com) scan 1 ip for port 1080
2001/07/29-17:50:09.00 62.224.242.9 (p3EE0F209.dip.t-dialin.net) try login/passwds on ace from dummy passwd file
2001/07/29-18:07:17.76 213.11.89.243 (OREDIA,FR) scannet for prt 21
2001/07/29-19:42:09.65 211.185.157.222 (KOREA CRAP) scannet for port 111
2001/07/30-01:58:39.71 61.160.80.147 (HINANET Jiangsu province network) ANOTHER probe on port 80 on  132.235.1.35
2001/07/30-05:02:03.05 206.215.217.215 (Weblications,Princeton, NJ,US) scannet for port 21
2001/07/31-13:33:16.96 62.226.214.49 (Deutsche Telekom AG) 1. attack garuda with  GET /scripts/..%c0%af.. overflow. 
2001/07/31-13:33:16.96 62.226.214.49 (Deutsche Telekom AG) 2. put pgm ServUDaemon.exe on garuda 
2001/07/31-15:34:08.09 202.5.131.37 (Gem Internet Services (pvt) Ltd,Karachi,PK) return visit, hack into condor DOS 63.144.122.37
2001/07/31-17:53:24.04 209.172.219.37 (mail.neosho.cc.ks.us) attack web server on ace with GET /scripts/..%255c..%255cw ...etc
2001/07/31-19:15:26.78 207.61.107.141 (1228606 Ontario Limited,Ontario,cA) scan net for port 21