Short summary of some of the attacks against us for Aug. 2001


year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes

2001/08/01-03:28:43.08 61.177.255.90 (CHINANET Jiangsu province network,CN) probe ports on 132.235.1.39
2001/08/01-03:43:43.78 63.204.176.126 (adsl-63-204-176-126.dsl.lsan03.pacbell.net) first code red attack in stocker of the day
2001/08/01-05:04:11.81 213.56.32.4 (ca-ol-angers-1-4.abo.wanadoo.fr) scan net for port 21, std anon ftp search for writable dirs.
2001/08/01-05:23:29.57 63.79.185.131 (Internetwerx, Inc.,Dallas, Tx, US) code red attack
2001/08/01-06:03:54.66 212.131.138.136 () start of 2483 code red attacks from 2421 ips against 121 servers in Stocker (24hrs)
2001/08/01-08:29:41.02 61.163.237.6 () start of 174 code red attacks from 174 ips against 8 servers in Morton (24hrs)
2001/08/01-11:16:11.48 140.129.65.177 (ym65177.ym.edu.tw) scannet for port 111
2001/08/01-12:59:34.49 140.129.65.177 (ym65177.ym.edu.tw) start of buff overflow attacks against almost all unix boxes.
2001/08/02-06:05:35.23 203.233.194.197 () start of 186 code red attacks from 147 hosts against 7 servers in Morton (24hrs)
2001/08/02-06:05:35.23 203.233.194.197 () start of 3062 code red attacks from 2988 hosts against 116 servers in Stocker (24hrs)
2001/08/02-16:35:36.80 63.195.86.245 (adsl-63-195-86-245.dsl.snfc21.pacbell.net) scan net for port 21
2001/08/03-23:09:46.07 200.161.11.144 ( TELECOMUNICACOES DE SAO PAULO S/A) scan net for port 111
2001/08/03-23:09:47.33 200.161.11.144 ( TELECOMUNICACOES DE SAO PAULO S/A) start buff overflow attack - rstatd
2001/08/04-20:37:47.57 216.196.46.214 (d470.as0.clmb.oh.voyager.net) portscan boss,ace for mult. ports, net for port 137
2001/08/05-11:44:31.46 200.188.80.30 (lc-proxy.sp.psinet.com.br) scan net for ramdon ips, 1 high port ea.
2001/08/05-18:16:53.76 62.46.241.144 (L1421P16.dipool.highway.telekom.at) scan net for port 21
2001/08/06-06:17:29.46 200.188.80.30 (lc-proxy.sp.psinet.com.br) scan net for ramdon ips, 1 high port ea.
2001/08/06-08:33:07.38 210.12.46.47 (The Graduate School of China Technology University,CN) scannet for port 111
2001/08/06-08:41:20.81 210.12.46.47 (The Graduate School of China Technology University,CN) start of buff overflow attacks -rstatd
2001/08/06-08:43:53.16 210.12.46.47 (The Graduate School of China Technology University,CN) scan ips for port 9704-see if attack worked.
2001/08/06-12:54:57.65 132.235.19.113 (dhcp-019-113.cns.ohiou.edu) scan net for port 80
2001/08/06-16:40:02.83 132.235.145.145 (dhcp-145-145.cns.ohiou.edu) scan net for port 80
2001/08/06-18:38:42.39 24.28.216.83 (24-28-216-83.ma.cox.rr.com) portsan ace (1-426)
2001/08/06-19:55:04.02 132.235.197.77 (inspiration.cns.ohiou.edu) scan net for port 80
2001/08/07-03:29:44.48 132.235.145.145 (dhcp-145-145.cns.ohiou.edu) scannet for port 80
2001/08/07-03:29:45.18 61.177.160.12 () scannet for port 80
2001/08/07-03:38:23.79 132.235.197.77 (inspiration.cns.ohiou.edu) scannet for port 80
2001/08/07-07:29:38.14 200.188.80.30  (lc-proxy.sp.psinet.com.br) scan net for ramdon ips, 1 high port ea.
2001/08/07-09:27:20.19 132.235.19.113 (dhcp-019-113.cns.ohiou.edu) scan net for port 80
2001/08/07-14:06:13.28 132.235.133.193 (dhcp-133-193.cns.ohiou.edu) scannet for port 80
2001/08/07-14:18:31.58 132.235.132.246 () scannet for port 80
2001/08/07-15:20:39.46 216.154.60.137 (Look Communications Inc.,Toronto, Canada) scan 1 ip, port 80 with GET /scripts/..%255c. attack
2001/08/07-20:54:14.84 61.147.47.197 () scannet for port 80
2001/08/07-23:01:13.94 24.162.178.125 (ServiceCo LLC - Road Runner,VA,US) scan net for port 21
2001/08/07-23:32:42.04 217.128.86.123 (ANice-102-1-4-123.abo.wanadoo.fr) scannet for port 21, anon ftp attacks
2001/08/08-03:53:13.41 132.235.132.246 (zanesville campus, OU) scannet for port 80
2001/08/08-06:08:12.12 12.11.149.5 (ptc-gw.ptc.com) scan net for port 83
2001/08/08-06:11:50.28 200.188.80.30 (lc-proxy.sp.psinet.com.br) scan net for ramdon ips, 1 high port ea.
2001/08/08-06:27:13.14 132.237.150.247 (Porter Hall, OU) scannet for port 80
2001/08/08-08:44:35.23 24.67.137.215 (h24-67-137-215.cc.shawcable.net) scan net with ping - icmp_ping-windows9x2000
2001/08/08-13:11:33.76 132.235.19.113 (dhcp-019-113.cns.ohiou.edu) scan net for port 80
2001/08/08-16:16:01.19 212.199.3.77 () scan net for port 21
2001/08/08-18:57:27.63 213.46.86.81 (d86081.upc-d.chello.nl) scan net for port 21
2001/08/08-18:57:29.66 213.46.86.81 (d86081.upc-d.chello.nl) scan net with ping
2001/08/08-22:19:36.88 61.140.76.193 () scan net for port 111
2001/08/08-22:19:37.42 61.140.76.193 ()  start of buff overflow attacks
2001/08/09-03:59:29.76 132.235.132.246 (zanesville campus, OU) scannet for port 80
2001/08/09-04:00:44.90 132.235.145.145 (dhcp-145-145.cns.ohiou.edu) scannet for port 80
2001/08/09-05:58:44.18 12.11.149.5 (ptc-gw.ptc.com) continue scanning net for port 80 today.
2001/08/09-06:08:56.34 200.188.80.30 (lc-proxy.sp.psinet.com.br) continue to scan net for random ips, 1 high port ea.
2001/08/09-09:04:13.45 132.237.150.247 (Porter Hall, OU) scannet for port 80
2001/08/10-06:49:33.58 200.188.80.30 (lc-proxy.sp.psinet.com.br) continue to scan net for random ips, 1 high port ea. 2/hr
2001/08/10-08:41:22.77 210.97.124.129 (Korea crap)scan net for port 111
2001/08/10-14:10:25.11 132.235.197.130 (hardnoc2.cns.ohiou.edu) scannet for port 53
2001/08/10-16:21:25.82 132.248.129.175 (ecologia.fciencias.unam.mx) probe port 500 on several ips
2001/08/10-16:47:56.43 196.40.9.115 (Terminales Santamaria S.A.,Alajuela,CR) scan net for port 111
2001/08/10-16:48:09.77 196.40.9.115 (Terminales Santamaria S.A.,Alajuela,CR) start of buff overflow attacks
2001/08/10-18:42:14.48 202.109.122.21:881 (Shanghai NanHui Telecom Bureau,CN) scan net for random ips, 1 high port ea. 2/hr
2001/08/10-22:28:43.76 210.73.149.2 (YangZhong Science & Technology Information Networks,CN) scan net for port 80
2001/08/11-00:12:27.91 210.73.149.2 (YangZhong Science & Technology Information Networks,CN) attack with GET /scripts/..%e0%80%af../ ...
2001/08/11-08:59:43.17 202.100.26.139 (The administrative committee of xi'an high-tech development,CN) scan net for port 98
2001/08/11-11:19:12.72 132.248.129.175 (ecologia.fciencias.unam.mx) probe port 500 on several ips
2001/08/11-14:56:54.30 202.100.26.139 (The administrative committee of xi'an high-tech development,CN) scan port 111 on tarpit ips
2001/08/11-14:56:54.55 202.100.26.139 (The administrative committee of xi'an high-tech development,CN) scan port 21 on tarpit ips
2001/08/11-15:53:33.15 202.104.227.38 (www.jieyang.net.cn) scan net for port 111
2001/08/11-17:37:19.34 202.104.227.38 (www.jieyang.net.cn) start of buff overflow attacks, multiple target ips
2001/08/11-19:15:40.55 130.118.4.2 (isdmnl.wr.usgs.gov) scan net for random ips, 1 high port ea. 2/hr
2001/08/12-05:53:16.81 208.10.115.2 (ns2.mainlink.net) scan net for random ips, 1 high port ea. 2/hr
2001/08/12-06:11:58.94 130.118.4.2 (isdmnl.wr.usgs.gov) scan net for random ips, 1 high port ea. 2/hr
2001/08/12-10:02:07.57 202.100.26.139 ((The administrative committee of xi'an high-tech development,CN) scan port 111 on tarpit ips
2001/08/12-10:02:07.83 202.100.26.139 (The administrative committee of xi'an high-tech development,CN) scan port 21 on tarpit ips
2001/08/12-11:42:59.73 132.248.129.175 (ecologia.fciencias.unam.mx) probe port 500 on several ips
2001/08/12-17:08:40.39 200.180.26.3 (router103.tro.matrix.com.br) scan net for random ips, 1 high port ea. 2/hr
2001/08/12-18:10:15.58 203.30.254.62 (Prodata Technology, VIC,AU) scannet for port 111
2001/08/12-20:45:17.91 172.176.190.190 (ACB0BEBE.ipt.aol.com) can net for random ips, 1 high port ea. 1/hr
2001/08/12-20:55:31.90 217.128.213.91 (ATuileries-103-1-3-91.abo.wanadoo.fr) scannet for port 21
2001/08/13-04:10:38.03 132.235.28.187 (dhcp-028-187.cns.ohiou.edu) scan for port 80
2001/08/13-04:13:53.94 132.235.46.239 (dhcp-046-239.cns.ohiou.edu) scan for port 80
2001/08/13-07:25:42.20 193.226.125.36 (JavaWeb.Org) scan net for random ips, 1 high port ea. 4/hr
2001/08/13-10:16:03.20 132.235.19.113 (dhcp-019-113.cns.ohiou.edu) scan for port 80
2001/08/13-11:28:13.71 172.176.163.61:1 (ACB0A33D.ipt.aol.com) scan net for random ips, 1 high port ea. 1/hr
2001/08/13-11:49:54.51 66.1.174.82 (cpe-66-1-174-82.az.sprintbbd.net) conn to port 500 on 132.235.4.103
2001/08/13-13:26:12.14 132.235.83.46 (dhcp-083-046.cns.ohiou.edu) scan for port 80
2001/08/13-13:59:58.84 213.56.238.149 (ca-ol-sqy-15-149.abo.wanadoo.fr) scan net for port 21, attack via anon ftp
2001/08/13-14:22:05.00 132.248.61.79 (Universidad Nacional Autonoma de Mexico) conn to port 500 on several ips
2001/08/13-15:56:31.82 217.128.56.127 (ABesancon-102-1-1-127.abo.wanadoo.fr) scannet for port 21
2001/08/13-21:54:04.35 217.1.59.137 (pD9013B89.dip.t-dialin.net) scannet for port 21, attack via non ftp
2001/08/14-01:04:43.39 132.235.19.71 (dhcp-019-071.cns.ohiou.edu) pound on port 161 on printer in br201.
2001/08/14-04:04:03.53 61.155.13.3 ( CHINANET Jiangsu province network,CN) probe named on non-dns
2001/08/14-04:10:00.61 61.177.254.45 (CHINANET Jiangsu province network,CN) scan net for port 80, random ip order.
2001/08/14-07:29:12.24 62.157.52.170 (p3E9D34AA.dip.t-dialin.net) probe port 500 on ace.
2001/08/14-08:46:54.56 61.147.45.12 (CHINANET Jiangsu province network,CN) scan net for port 80, random ip order.
2001/08/14-12:06:31.40 24.201.97.224 (modemcable224.97-201-24.sherb.mc.videotron.ca) scan net for port 21
2001/08/14-22:38:17.78 193.253.32.34 (ATuileries-103-1-2-34.abo.wanadoo.fr) scan net for port 21
2001/08/15-02:46:22.30 210.43.24.3 (Xinyang Teachers College,HENAN,CN) scan net for port 80
2001/08/15-02:46:24.59 210.43.24.3 (Xinyang Teachers College,HENAN,CN)attack with :GET /scripts/..%c0%af../winnt/syst ...
2001/08/15-07:55:18.82 64.0.98.128 (Compend It? - (concentric.net)) scan net, 1 high num. port per ip, 
2001/08/15-11:18:41.56 212.43.240.137 (pa0003.servers.two-wings.net) scannet for port 111
2001/08/15-12:16:05.29 24.201.97.224 (modemcable224.97-201-24.sherb.mc.videotron.ca) attack 132.235.17.45 ports 80,21
2001/08/15-13:06:04.42 216.210.143.210 (216-210-143-210.atgi.net) scannet for port 21
2001/08/15-13:06:06.58 139.130.213.176 (intern34.lnk.telstra.net) scannet for port 21,137
2001/08/15-15:14:28.48 213.123.15.191 (host213-123-15-191.btinternet.com) attack 132.235.17.45 ports 80,21
2001/08/15-17:40:06.29 216.94.151.23 (mgir.mgisoft.com)  attack 132.235.17.45 port 80
2001/08/15-17:40:08.13 195.211.217.226 (I/P/B/ Internet Provider in Berlin GmbH,DE) attack 132.235.17.45 ports 80,21
2001/08/15-17:55:27.38 195.10.103.94 (Telecoms Services in the Isle of Man,GB) attack 132.235.17.45 port 80
2001/08/15-18:58:59.54 24.201.97.224 (modemcable224.97-201-24.sherb.mc.videotron.ca) scan net for port 21
2001/08/15-21:51:26.04 61.147.41.33 (CHINANET Jiangsu province network,BEIJING,CN) hammer port 53 on 132.235.1.70
2001/08/15-22:05:01.08 200.38.156.49 (uninet-customer-49.uninet.net.mx) scan net for port 111
2001/08/15-23:56:07.22 200.38.156.49 (uninet-customer-49.uninet.net.mx) start of buff overflow attacks - rstatd
2001/08/16-03:16:12.64 61.177.254.117 (CHINANET Jiangsu province network,CN) scan net for port 80, random ip order. Code red attack
2001/08/16-05:41:24.32 61.147.41.226 (CHINANET Jiangsu province network,BEIJING,CN) 1. hammer dns server on 132.235.1.70 looking
2001/08/16-05:41:24.32 61.147.41.226 (CHINANET Jiangsu province network,BEIJING,CN) tadsoi.kitty.com.vg. and tadsoi.kitty.com.
2001/08/16-05:56:45.68 61.147.41.226 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/16-21:06:48.32 64.17.55.4 (st01b-via04-11711-004.arcommunications.net) scannet for port 111
2001/08/16-21:06:48.43 64.17.55.4 (st01b-via04-11711-004.arcommunications.net) start of buff overflow attacks - rstatd
2001/08/16-21:25:28.73 61.147.41.111 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/16-21:45:45.76 61.147.41.165 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/16-21:52:27.43 61.147.41.189 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/16-22:16:08.62 61.147.41.222 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/16-22:28:27.84 61.147.41.236 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/17-05:11:54.16 61.147.41.82 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/17-05:28:21.47 61.147.41.115 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/17-14:55:13.78 61.156.28.14 ( CHINANET Shandong province network,CN) scannet for port 111
2001/08/17-15:21:24.96 131.187.108.251 (Somewhere in oarnet) try to login to freenet as root/amy3000
2001/08/17-21:36:11.98 61.147.41.49 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/18-02:27:33.83 61.147.41.66 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/18-03:52:20.01 61.147.41.253 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/18-14:37:49.49 131.220.96.240:20 (upc240.astro.uni-bonn.de) scan net for port 21
2001/08/18-19:14:08.67 210.59.226.201 (CHTD, Chunghwa Telecom Co.,Ltd.,TW) scan net for port 111
2001/08/18-19:14:08.90 210.59.226.201 (CHTD, Chunghwa Telecom Co.,Ltd.,TW) start buff overflow attacks - rstatd
2001/08/19-08:59:56.68 172.176.163.61 (ACB0A33D.ipt.aol.com) scan random ips, 1 high num port per ip on net.
2001/08/19-21:36:18.45 61.147.41.52 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/19-22:11:44.77 61.147.41.158 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/19-23:07:36.87 61.147.41.158 (CHINANET Jiangsu province network,CN) try to use 132.235.1.70 as a dns.
2001/08/20-05:00:56.15 64.24.160.62 (01-062.077.popsite.net) ICMP superscan echo scan of net
2001/08/20-05:00:57.16 64.24.160.62 (01-062.077.popsite.net)  scan net for port 21, anon ftp
2001/08/20-05:53:16.99 64.24.160.41 (01-041.077.popsite.net) scan net fpr ort 21, anon ftp
2001/08/20-05:53:47.85 64.24.160.41 (01-041.077.popsite.net) scannet for port 21
2001/08/20-05:55:55.49 62.11.102.175 (an1-175.dialup.tiscalinet.it) scan net for port 21
2001/08/20-05:55:55.55 62.11.102.175 (an1-175.dialup.tiscalinet.it) scan net for port 21
2001/08/20-05:58:35.40 172.176.163.61 (ACB0A33D.ipt.aol.com) scan random ips, 1 high num port per ip on net.
2001/08/20-06:33:06.27 61.147.45.148 (CHINANET Jiangsu province network) scan net for prt 80 (not code red)
2001/08/20-07:14:25.01 64.24.160.39 (01-039.077.popsite.net) scannet for port 21
2001/08/20-08:17:12.98 210.75.208.7 ((CPIP)Beijing Information Highway Corp,CN) scannet for port 111
2001/08/20-08:17:13.27 210.75.208.7 ((CPIP)Beijing Information Highway Corp,CN) start of buff overflow attacks
2001/08/20-09:26:23.17 61.147.45.92 (CHINANET Jiangsu province network) scan net for prt 80 (not code red)
2001/08/20-13:10:08.27 61.147.45.133 (CHINANET Jiangsu province network) scan net for prt 80 (not code red)
2001/08/20-16:26:31.23 61.132.0.159 ( JIANGSU Nuclear Power Co.ltd,,cn) try to get to port 80 on odd13 multiple times.
2001/08/20-21:37:46.17 211.251.136.189 (Korea Network Information Center) scan net for prt 111
2001/08/20-21:39:23.02 210.178.193.60 (Korea Network Information Center) scan rstatd port on 132.235.1.244
2001/08/21-00:28:09.02 196.42.31.70 (ppp-196-42-31-70.coqui.net) scannet for port 27374
2001/08/21-01:00:42.64 61.147.45.66 (CHINANET Jiangsu province network) scan net for prt 80 (not code red)
2001/08/21-04:52:46.94 212.170.23.141 (Telefonica Data Espana,ES) scan net for port 21
2001/08/21-13:05:34.75 61.143.109.98 (CHINANET Guangdong province network,CN) probe port 500 on 132.235.1.3
2001/08/21-23:18:05.41 202.101.153.21 (chinanet fujian province network,CN) scannet for port 8000
2001/08/22-03:44:49.94 61.132.53.58 (Jiangsu Tour Admistration Bureau) attack web servers wth :GET /scripts/..%e0%80%af.. ...
2001/08/22-09:07:24.14 131.243.1.87:37456 (bip.ee.lbl.gov) send large (1472) udp packets to ace, starting port 33439-37456
2001/08/22-12:25:15.09 129.22.149.250:58989 (byblos.EEAP.CWRU.Edu) 1. send large (1480) udp packets to ace, starting port 22438
2001/08/22-12:25:15.09 129.22.149.250:58989 (byblos.EEAP.CWRU.Edu) 2. thru port 33463
2001/08/22-12:44:28.82 210.184.94.33;1 (mail.chinawin.com.hk) scan several ips, 1 high num port per ip
2001/08/22-16:14:08.17 216.210.143.210 (216-210-143-210.atgi.net) scannet for port 21, try anon ftp.
2001/08/22-16:14:08.89 139.130.213.176 (intern34.lnk.telstra.net) scannet for port 21, then 137 on interesting ips, try anon ftp.
2001/08/22-21:01:36.57 172.176.163.61:1 (ACB0A33D.ipt.aol.com) scan several ips, 1 high num port per ip
2001/08/22-21:54:58.05 61.147.45.143 (HINANET Jiangsu province network) try to ftp to 132.235.1.35
2001/08/23-00:00:00.00 0.0.0. () Hello to our local code red machines for today  - 132.235.83.22 132.235.242.135
2001/08/23-04:08:31.77 61.147.52.143 (HINANET Jiangsu province network) try to ftp to 132.235.1.35
2001/08/23-07:03:55.34 200.59.152.65 (host152065.metrored.net.ar) scannet for port 53
2001/08/23-07:28:11.33 61.147.53.66 (CHINANET Jiangsu province network,CN) probe port 21 on 132.235.1.35
2001/08/23-07:45:56.81 66.156.208.165 (adsl-156-208-165.bct.bellsouth.net) probe port 137 on 132.235.4.34
2001/08/23-19:19:33.02 210.243.77.22 (Taiwan Academic Network,TW) scannet for port 111
2001/08/23-19:19:33.63 210.243.77.22 (Taiwan Academic Network,TW) start of buff overflow attacks-rstatd
2001/08/23-19:27:13.88 172.176.163.61:1 (ACB0A33D.ipt.aol.com) scan random machines, 1 time each , high port num.
2001/08/23-22:45:19.13 61.163.241.2  (CHINANET Henan province network) probe dns on 132.235.1.7
2001/08/24-03:23:55.02 200.224.132.139:21 (rjo-1-as08-7-a11.gd.uol.com.br) scannet for port 21
2001/08/24-05:01:22.93 61.147.41.70 (CHINANET Jiangsu province network,CN) probe dns server on 132.235.1.70
2001/08/24-11:27:58.78 172.176.163.61 (ACB0A33D.ipt.aol.com)  scan random machines, 1 time each , high port num.
2001/08/24-13:28:06.39 209.196.12.230:1 (Isle Inc ,Calif, US) scan random machines, 1 time each , high port num.
2001/08/24-21:40:28.43 61.147.41.17 (CHINANET Jiangsu province network,CN) probe dns server on 132.235.1.70
2001/08/24-21:49:53.86 148.235.119.183 (du-148-235-119-183.prodigy.net.mx) scan port 111 on boss
2001/08/25-05:14:16.84 61.147.41.14 (CHINANET Jiangsu province network,CN) probe dns server on 132.235.1.70
2001/08/25-05:37:54.79 61.147.41.97 (CHINANET Jiangsu province network,CN) probe dns server on 132.235.1.70
2001/08/25-06:08:42.11 209.196.12.230:1 (Isle Inc ,Calif, US) scan random machines, 1 time each , high port num.
2001/08/25-06:23:59.20 203.241.228.138 (korea crap) scannet for port 53
2001/08/25-09:08:39.88 217.225.103.9 (pD9E16709.dip.t-dialin.net) scannet fpro port 21
2001/08/25-11:24:24.85 196.37.225.162 (The Internet Solution,PARKLANDS,ZA) scannet for port 111
2001/08/25-16:54:15.46 212.95.92.219 (ip-92-219.evc.net) scannet for port 21
2001/08/26-00:20:50.81 64.109.173.101 (adsl-pool54-173-101.chicago.il.ameritech.net) scannet for port 21
2001/08/26-01:02:54.95 193.252.43.106 (AReims-101-2-1-106.abo.wanadoo.fr) scannet for port 21
2001/08/26-04:13:17.54 198.78.130.170 (Starlan Communications, Corp.) scan net for port 23
2001/08/26-05:56:41.70 209.196.12.230 ((Isle Inc ,Calif, US) scan random machines, 1 time each , high port num.
2001/08/26-06:15:30.15 198.78.130.170 (Starlan Communications, Corp.) scan net for port 23
2001/08/26-08:06:26.24 193.252.43.106 (AReims-101-2-1-106.abo.wanadoo.fr) scan net for port 21
2001/08/26-08:28:00.33 195.120.0.232 (INTERBUSINESS,IT) scan net for port 6635
2001/08/26-13:06:24.06 172.176.163.61 (ACB0A33D.ipt.aol.com) scan random machines, 1 time each , high port num.
2001/08/26-13:58:23.01 203.194.164.116 (iAdvantage Ltd.,HK) scan net for port 21, anon ftp attacks
2001/08/26-17:07:01.26 206.133.80.240 (sdn-ar-002nctarbP224.dialsprint.net) scan net for port 27374
2001/08/26-17:07:03.41 24.254.34.197 (c1799423-a.wntck1.sfba.home.com) scannet for port 27374
2001/08/26-19:11:01.87 24.252.32.143 (cc213177-a.chstfld1.va.home.com) scannet for port 2737
2001/08/26-19:12:33.69 216.164.177.210 (RCN Corporation,NJ,US) scannet for port 2737
2001/08/27-11:37:00.68 132.248.61.79:500 (Universidad Nacional Autonoma de Mexico) scan net for port 500
2001/08/27-21:25:29.33 24.222.88.185 (u88n185.syd.eastlink.ca) scan net for port 27374
2001/08/27-21:25:43.96 4.33.13.252 (lsanca1-ar2-013-252.lsanca1.dsl.gtei.net) scan net for port 27374
2001/08/27-23:29:55.53 24.222.88.185 (u88n185.syd.eastlink.ca) scan net for port 2737
2001/08/27-23:30:00.84 24.226.187.68 (187-68.sg.cgocable.ca) scan net for port 2737
2001/08/28-04:04:11.04 132.235.130.249 (O.U.) start of code red scans by this machine for today
2001/08/28-06:14:12.24 132.248.61.79 (Universidad Nacional Autonoma de Mexico) scan net for port 500
2001/08/28-10:06:19.58 24.31.173.195 (dhcp31173195.columbus.rr.com) scan port 177 on ace,prime
2001/08/28-11:24:39.63 210.178.193.60 (Korea crap) scannet for port 111
2001/08/28-12:07:15.50 65.81.228.122 (adsl-81-228-122.bhm.bellsouth.net) scannet for port 27374
2001/08/28-12:07:15.54 64.231.233.143 (HSE-Montreal-ppp131770.qc.sympatico.ca) scannet for port 27374
2001/08/28-12:07:15.65 216.77.252.133 (adsl-77-252-133.bhm.bellsouth.net) cannet for port 27374
2001/08/28-12:07:15.70 24.141.100.205 (d141-100-205.home.cgocable.net) scan net for port 27374
2001/08/28-12:07:26.84 213.10.48.64 (ipd50a3040.speed.planet.nl) scannet for port 27374
2001/08/28-12:07:27.42 65.24.26.132 (dhcp065-024-026-132.columbus.rr.com) scannet for port 27374
2001/08/28-12:07:30.02 24.254.34.197 (c1799423-a.wntck1.sfba.home.com) scannet for port 27374
2001/08/28-12:07:36.49 216.26.42.4 (Teleport, Inc.,OR,US) scannet for port 27374
2001/08/28-12:08:01.38 142.165.189.31 (hsdb-regn-189-31.sasknet.sk.ca) scannet for port 27374
2001/08/28-12:08:10.23 203.164.45.80 (co3013273-a.frank1.vic.optushome.com.au) scannet for port 27374
2001/08/28-12:08:12.63 63.231.25.93 (sttldslgw20poolB93.sttl.uswest.net) scan net for port 27374
2001/08/28-12:08:59.11 24.180.202.172 (cc628393-a.hwrd1.md.home.com) scannet for port 27374
2001/08/28-12:09:00.44 4.35.69.53 (lsanca1-ar8-069-053.biz.dsl.gtei.net) scannet for port 27374
2001/08/28-12:33:20.32 132.235.19.98 (O.U.) start of code red scans by this machine for today
2001/08/28-12:39:38.88 132.235.19.149 (O.U.) start of code red scans by this machine for today
2001/08/28-14:22:50.24 132.235.19.79 (O.U.) start of code red scans by this machine for today
2001/08/28-14:24:45.98 132.235.130.249 (O.U.) start of code red scans by this machine for today
2001/08/28-21:12:56.67 132.235.148.247 (O.U.) start of code red scans by this machine for today
2001/08/28-21:16:39.39 132.235.148.247(O.U.) start of code red scans by this machine for today
2001/08/28-23:56:17.72 65.81.150.101 (adsl-81-150-101.asm.bellsouth.net) scan net for port 2737
2001/08/28-23:56:17.73 216.232.183.234 (bngb161jy503k.bc.hsia.telus.net) scan net for port 2737
2001/08/28-23:56:17.73 65.0.1.97 (c743698-a.bllvu1.wa.home.com) scan net for port 2737
2001/08/28-23:56:17.85 200.176.112.82 (radio-112-82.poa.terraempresas.com.br) scan net for port 2737
2001/08/28-23:56:17.90 24.129.185.51 (24129185hfc51.tampabay.rr.com) scannet for port 2737
2001/08/28-23:56:17.92 213.66.121.56 9h56n2fls23o906.telia.com)  scan net for port 2737
2001/08/28-23:56:18.11 24.31.84.133 (a24b31n84client133.hawaii.rr.com) scan net for port 2737
2001/08/28-23:56:18.13 62.46.16.242 (Host Master Highway,Austria) scan net for port 2737
2001/08/28-23:56:20.91 66.24.199.139 (alb-66-24-199-139.nycap.rr.com) scanne for port 2737
2001/08/28-23:56:29.24 64.231.217.149 (HSE-Montreal-ppp124664.qc.sympatico.ca) scannet for port 2737
2001/08/28-23:56:29.25 141.151.230.56 (Bell Atlantic ) scan net for port 2737
2001/08/28-23:56:29.64 66.66.238.229 (alb-66-66-238-229.nycap.rr.com) can net for port 2737
2001/08/28-23:56:52.72 24.102.215.163 (cr395907-a.mtwh1.on.wave.home.com) scannet for port 2737
2001/08/28-23:56:57.75 63.226.38.250 (phnxapanas68poolA187.phnx.uswest.net)  scan net for port 2737
2001/08/29-00:18:34.54 4.17.123.60 (60-123.champlain.edu) scan net for port 2737
2001/08/29-00:29:16.74 213.170.86.10 (Quantum Internet Service Provider,RU) scan net for port 21
2001/08/29-02:33:16.56 61.218.66.165 (61-218-66-165.HINET-IP.hinet.net) scannet for port 111
2001/08/29-02:43:30.38 217.0.61.216 (pD9003DD8.dip.t-dialin.net) scannet for port 21 - anon ftp attack
2001/08/29-08:09:09.55 132.248.61.79 (Universidad Nacional Autonoma de Mexico) scan net for port 500
2001/08/29-09:07:08.74 212.19.4.94 (ppp94.arc1.dialup.redcom.ru) scan 132.235.4.12 for port 3128
2001/08/29-09:47:31.90 217.0.61.12 (pD9003D0C.dip.t-dialin.net) scannet for port 80, attack with GET /scripts/..%C0%AF.. attack.
2001/08/29-10:58:45.76 61.147.41.53 (CHINANET Jiangsu province network,CN) probe dns server on 132.235.1.70
2001/08/29-11:07:27.88 212.120.79.12 (AtHome Benelux Networ,NL) scan net for port 5882
2001/08/29-11:13:10.02 132.235.8.51 (ginkgo.cats.ohiou.edu) scan net for ports 23, 515
2001/08/29-11:13:10.02 132.235.8.52 (ginkgo1a.cats.ohiou.edu) scan net for ports 21 9100 280 631 161 9099
2001/08/29-11:13:49.57 132.235.8.51 (ginkgo.cats.ohiou.edu) probe printer on ports 23,515
2001/08/29-11:13:49.57 132.235.8.52 (ginkgo1a.cats.ohiou.edu) probe printer on ports 23 161  9099  9100  280  631 
2001/08/29-12:19:35.46 61.147.41.158 (CHINANET Jiangsu province network,CN) probe dns server on 132.235.1.70
2001/08/29-13:13:56.95 193.159.138.76 (pC19F8A4C.dip.t-dialin.net) scannet for port 21
2001/08/29-15:06:14.72 216.148.234.244 (AT&T CERFnet Redwood City,CA,US) scan net for port 21
2001/08/29-15:41:07.92 212.19.4.12 (ppp12.arc1.dialup.redcom.ru) scan 132.235.4.12 for port 8080
2001/08/30-07:44:35.36 132.248.61.79:500 (Universidad Nacional Autonoma de Mexico) scan net for port 500
2001/08/30-11:22:59.14 12.105.215.2 (egress-a.healthsouth.com) scan ace for port 500
2001/08/30-13:01:00.94 24.72.7.32 (static24-72-7-32.reverse.accesscomm.ca) scan ace for port 500
2001/08/30-17:57:41.83 211.163.113.122 (China Internet Information Center(CNNIC,CN) scan net for port 111
2001/08/30-22:09:37.65 209.195.84.171 (ip171.ts4.mn.dialup.ottawa.cyberus.ca) scan net for port 27374
2001/08/31-01:14:22.73 146.163.219.78 (cv515-78.cv.siue.edu) scan net for port 27374