Short summary of some of the attacks against us for Sep. 2002


 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes

2002/09/04-20:04:51.76 61.81.114.6 (Korea Telecom,KR) scannet for port 21

2002/09/09-16:24:25.73 212.171.141.44 (Telecom Italia S.p.A.,IT) buff overlfow attacks on unix - CDE dtspcd exploit
2002/09/09-19:01:33.94 65.71.233.243 (e-freelance-network.com) buff overlfow attacks on unix - CDE dtspcd exploit
2002/09/17-09:47:47.49 64.12.180.129,13[0-7] (mow-m13.webmail.aol.com) portscan? 132.235.4.221
2002/09/17-18:32:43.05 66.21.145.76 (adsl-21-145-76.mia.bellsouth.net) scannet for ports 445,139 to 21:40:47.53
2002/09/17-14:00:13.31 150.101.241.206 (eth3535.sa.adsl.internode.on.net) scannet for prt 1433
2002/09/17-19:55:06.79 216.98.154.72 (will.ownyou.net(California Regional Internet, Inc.,CA,US) slowscan port 1024
2002/09/17-18:33:28.68 216.112.102.6 (w006.z216112102.sjc-ca.dsl.cnc.net) scannet for prts 1080,8080.80,3128
2002/09/17-20:22:11.57 170.215.59.34 (170-215-59-34.br1.kgm.az.frontiernet.net) scan 1 ip for ports 80,500


2002/09/18-06:23:24.36 62.160.145.2 (ALPHA CIM,EVRY,FR) scannet for port 1433
2002/09/18-07:02:47.67 80.15.116.89 (AMontsouris-104-1-1-89.abo.wanadoo.fr) scannet for port 21
2002/09/18-07:25:13.55 208.191.130.97 (adsl-208-191-130-97.dsl.spfdmo.swbell.net) scannet for por 57
2002/09/18-07:35:28.38 200.66.1.61 (customer-LMM-1-61.megared.net.mx) slow scan of net, 1 packet to high # port, random ips
2002/09/18-14:01:32.86 195.132.7.123 (m123.net195-132-7.noos.fr) scannet for port 21
2002/09/18-14:59:58.53 211.62.49.20 (Korea crap) scannet for port 1433
2002/09/18-16:19:47.98 66.109.137.77 (jims1.mso.montana.com) scannet for port 1433,try to login as root
2002/09/18-18:37:21.23 211.167.75.214 (pengrun corp,BeiJing,CN) scannet for port 21
2002/09/23-14:58:58.89 217.88.179.194 (pD958B3C2.dip.t-dialin.net) scannet for port 1433
2002/09/18-22:55:10.57 147.46.53.22 (Seoul National University,KR) scannet for port 445
2002/09/19-01:35:07.64 66.140.25.157 (ROBERT LEVIN,TX) 1. scan p2 ports 8080,3128,80,1080,23.
2002/09/19-01:35:07.64 66.140.25.157 (ROBERT LEVIN,TX) 2. try to login as cisco telnet to   216.218.240.132 6667
2002/09/19-02:11:18.09 213.221.18.36 (Moscow Russia,RU) scannet for port 139
2002/09/19-06:33:08.66 200.66.1.61 (customer-LMM-1-61.megared.net.mx) slow scan of net, 1 packet to high # port, random ips
2002/09/19-08:59:41.90 216.153.245.170 (host-216-153-245-170.gra.choiceone.net) scannet for oprt 1433
2002/09/19-09:36:13.38 80.11.207.237 (AAnnecy-101-1-5-237.abo.wanadoo.fr) 1. scannet for pots 80,135,139,445
2002/09/19-09:36:13.38 80.11.207.237 (AAnnecy-101-1-5-237.abo.wanadoo.fr) 2. heavy pounding of knows iis holes on 2 servers.
2002/09/19-10:18:45.92 80.131.79.136 (p50834F88.dip.t-dialin.net) access illegal ftp server on 132.235.19.193
2002/09/19-10:24:17.54 192.136.71.176 (via Helsinki Telephone,HI) scannet for port 1433
2002/09/19-14:16:46.37 63.207.167.90 (9-63-207-167-90.dsl.lsan03.pacbell.net) scannet for port 1433
2002/09/19-15:49:26.46 81.9.3.131 (ds008.eltel.net) scan 132.235.4.204 ports 25,80,8080,1080,3128
2002/09/19-15:55:32.21 208.179.126.20 (The Pajo Group,CA,US) scannet for port 21
2002/09/20-00:53:51.33 210.241.40.125 (Taitung County Luh-Yee Town Hall,TW) partial scannet for port 21
2002/09/20-10:34:08.35 151.204.162.51 (Voss USA,NY,NY,USA) scannet for port  139
2002/09/20-11:27:35.04 64.38.84.243 (dhcp-84-243.dsl.pe.net) scannet for port  139
2002/09/20-11:47:56.87 62.163.164.53 (a164053.upc-a.chello.nl) scannet for port 139
2002/09/20-22:13:06.99 216.221.84.85 d221-84-85.commercial.cgocable.net
2002/09/20-19:57:45.21 213.93.55.123 (e55123.upc-e.chello.nl) scannet for port 137,139 thru 2002/09/21-04:26:40.59
2002/09/21-10:35:43.64 209.192.14.69 (209-192-14-69.deltacom.net) scannet for port 139
2002/09/20-14:35:36.36 68.37.158.213 (bgp480437bgs.summit01.nj.comcast.net) scannet for port 445
2002/09/20-21:58:39.12 80.14.211.230 (ALimoges-101-1-5-230.abo.wanadoo.fr) scannet for port 1433
2002/09/20-10:46:34.76 80.133.51.51 (p50853333.dip.t-dialin.net) scannet for port 1433
2002/09/20-21:25:21.65 193.15.92.188 (Sikroma AB, SE) scannet for port 1433
2002/09/20-11:55:32.11 198.189.35.177 (dewey.CHS.Chico.K12.CA.US) scannet for port 57
2002/09/20-21:00:29.46 202.97.210.71 (CHINANET Heilongjiang province network,CN) scannet for port 111
2002/09/20-22:45:52.75 202.97.210.71 (CHINANET Heilongjiang province network,CN) start of buff overflow attacks(sadmind)
2002/09/20-12:37:41.96 217.215.169.16 (as1-2-1.kc01.mael.s.bonet.se) scannet for port 1433
2002/09/21-23:58:22.62 12.238.136.19 (12-238-136-19.client.attbi.com) scannet for port 21,80,445
2002/09/21-11:05:38.18 63.224.216.241 (First Presbyterian Church,Spokane, WA ) scannet for port 1433
2002/09/21-19:22:19.78 65.29.123.5 (nic-29-c123-5.twmi.rr.com) scannet for port 1433
2002/09/22-03:24:15.51 129.219.38.95 (ryugang2.eas.asu.edu) scannet for port 443
2002/09/22-01:38:47.89 217.1.32.173 (pD90120AD.dip.t-dialin.net) scan select ips port 80,57
2002/09/21-21:36:10.86 218.234.169.194 (BAROTEC INC,KYONGNAM,KR) scannet for port 515
2002/09/22-20:20:32.98 66.51.220.190 (adsl-66.51.220.190.dslextreme.com) scan net for port 23
2002/09/22-16:59:29.39 80.131.236.68 (p5083EC44.dip.t-dialin.net) scan select ips for ports 445,139
2002/09/22-13:23:04.55 148.204.242.2 (ic.esimecu.ipn.mx) scannet for port 6112
2002/09/22-19:05:38.54 208.61.152.125 (adsl-61-152-125.mia.bellsouth.net)ping scan, scannet for port 2002
2002/09/22-05:12:15.34 213.86.132.163 ( COLT Internet,LONDON,UK) scannet for port 1433
2002/09/22-13:02:50.03 195.205.11.38 (Firma Komputerowo-Informatyczna Prof-Net,RYPIN,PL) scannet for port 139
2002/09/22-13:31:44.57 212.63.102.5 (p261.palmanova.adriacom.it) scannet for port 445
2002/09/22-13:51:11.61 209.245.71.149 (dialup-209.245.71.149.Dial1.LosAngeles1.Level3.net) scannet for port 445
2002/09/22-14:45:59.07 217.83.140.74 (pD9538C4A.dip.t-dialin.net) scannet for port 21
2002/09/22-22:00:21.01 212.179.247.91 (bzq-247-91.red.bezeqint.net) scannet for port 139,445
2002/09/23-04:58:53.65 217.68.174.100 (217-68-174-100.asl1.cable.primacom.net) probe several ips pots  57  21 
2002/09/23-11:39:05.22 66.208.24.242 (Allied Telecom Group, LLC,Washington,DC.US) scannet for port 1433
2002/09/23-14:23:34.90 24.62.79.149 (h00a04b02badc.ne.client2.attbi.com) scannet for port 53
2002/09/23-14:58:58.89 217.88.179.194 (pD958B3C2.dip.t-dialin.net) scannet for port 1433
2002/09/23-15:38:43.55 148.223.48.234 (customer-148-223-48-234.uninet.net.mx) scannet for port 1433
2002/09/23-19:10:36.47 80.8.54.147 (ca-sqy-1-147.abo.wanadoo.fr) scannet for port 1433
2002/09/23-22:52:08.08 208.45.12.48 (208-45-12-48.dslgw4.chcg.qwest.net) scannet for ports 445,139
2002/09/24-06:04:49.80 64.109.254.193 (pointeadsl-64-109-254-193.dsl.chcgil.ameritech.net)scan selectd ips for port 445
2002/09/24-09:06:08.34 65.69.155.135 (adsl-65-69-155-135.dsl.rcsntx.swbell.net) scannet fo rport 25
2002/09/24-11:28:00.14 217.113.6.117 (117.6.113.217.auto.web.am) scannet for port 139
2002/09/24-12:12:15.59 217.68.174.100 (217-68-174-100.asl1.cable.primacom.net) odd portscanof ace-50192,25986,59136,29564 etc
2002/09/24-12:16:55.82 217.68.174.100 (217-68-174-100.asl1.cable.primacom.net) scannet for ports 57,21,80
2002/09/24-17:41:49.12 66.140.44.88 (adsl-66-140-44-88.dsl.rcsntx.swbell.net) scannet for port 25
2002/09/24-17:57:32.91 195.132.7.123 (m123.net195-132-7.noos.fr) scannet for port 21
2002/09/24-18:45:36.31 203.199.102.93 (Leased line at Mumbai -- Mahendra&Mahendra,IN) scannet for port 1433
2002/09/24-19:25:49.56 62.211.216.116 (r-fi049-1a116.tin.it) scannet for port 21,6112-CDE dtspcd exploit attempt
2002/09/24-21:44:19.01 157.86.109.6 (Fundacao Oswaldo Cruz,Rio de Janeiro-Brazil) scannet for port 1433
2002/09/24-22:28:02.04 132.203.128.70 (poste70-128.fmed.ulaval.ca) scannet for port 135,139,445
2002/09/25-02:42:19.59 66.82.48.9 (dpc6682048009.direcpc.com) scannet for port 445
2002/09/25-02:42:21.15 66.24.84.241 (roc-66-24-84-241.rochester.rr.com) scannet for port 445
2002/09/25-02:42:29.57 64.81.143.216 (dsl081-143-216.chi1.dsl.speakeasy.net) scan selectd ips for port 445
2002/09/25-02:43:02.77 66.1.7.234 (cpe-66-1-7-234.il.sprintbbd.net)  scan selectd ips for port 445
2002/09/25-02:43:03.13 66.47.123.18 (user-112uuoi.biz.mindspring.com) scan selectd ips for port 445
2002/09/25-02:43:40.14 24.42.1.237 (CPE000103c51fda.cpe.net.cable.rogers.com) scannet for port 445
2002/09/25-02:43:44.62 66.181.251.41 (Ultrasw.com,Tucson, AZ ,US) scannet for port 445
2002/09/25-03:59:18.66 63.226.46.6 (Ultimate Computer Concepts,Phoenix, AZ ,US) scannet for port 32774,111-UDP cachefsd
2002/09/25-13:15:20.85 199.203.55.64 (vl601.host64.netvision.net.il) scannet for port 443
2002/09/25-16:08:15.21 64.251.6.209 (IHosting,Fort Lauderdale, FL,US) scannet for port 1080
2002/09/25-18:32:45.41 66.130.162.193 (modemcable193.162-130-66.que.mc.videotron.ca) scannet for ports 135,445,80
2002/09/25-19:04:42.26 213.169.172.224 (ip-172-224.evhr.net) scannet for port 21
2002/09/25-19:48:08.68 217.136.36.49 (49.36-136-217.adsl.skynet.be) scannet for port 21
2002/09/25-20:44:09.26 24.69.90.153 (h24-69-90-153.ca.shawcable.net) scannet for port 3389
2002/09/26-12:32:59.16 63.78.137.251 (nat.digitalriver.com) scan 132.235.4.12 for port 22,23,21,25,139,80
2002/09/26-18:51:52.75 206.78.3.189 (Tulare County Office of Education,Visalia, CA ,USA) scannet for port 445,139
2002/09/26-20:10:08.20 208.50.204.117 (Frontier Communications,Rochester, NY, USA) scannet for port 1433
2002/09/26-23:11:05.23 212.179.97.63 (cablep-179-97-63.cablep.bezeqint.net) scannet for port 445,139
2002/09/27-03:59:21.33 64.247.80.247 (dhcp-064-247-080-247.sg5.ohiou.edu) portscan boss

2002/09/26-21:40:35.95 80.14.44.228 (ALimoges-102-1-1-228.abo.wanadoo.fr) access hacked pc 18.8

2002/10/01-07:04:42.57 62.154.81.46 (HAL-ag1.HAL.net.DTAG.DE) net scan 1 packet to high order port per ip
2002/10/01-10:21:29.49 194.16.9.10: (Skovde Kommun,SKOVDE,SWEDEN) scannet for SMB C access
2002/10/01-11:20:40.59 216.151.64.170 (dap-216-151-64-170.nfas.greensburg-tnt-2.sns234.pa.stargate.net) scannet for SMB C access
2002/10/01-11:42:36.02 211.186.132.32 (Thrunet Co.,Ltd,SEOUL,KR) scannet for port ports 139 135
2002/10/01-11:53:35.39 64.50.43.90 (40322B5A.ptr.dia.nextlink.net) scannet for SMB C access
2002/10/01-12:05:11.72 61.177.255.233 (CHINANET jiangsu province yancheng city network,CN)  scannet for SMB C access
2002/10/01-14:55:42.82 195.29.57.106 (ad22-m106.net.hinet.hr) scannet for SMB C access
2002/10/01-15:09:10.30 62.42.29.29 (VA1-1F-u-1308.mc.onolab.com) scannet for SMB C access
2002/10/01-16:58:38.75 62.83.79.114 (114-SEVI-30.libre.retevision.es) scannet for SMB C access
2002/10/01-19:47:12.46 63.100.76.66 (American Red Cross in Greater New York,NY,US) scannet for port ports 139 135
2002/10/01-20:04:26.34 61.177.254.224 (CHINANET jiangsu province yancheng city network,CN)  scannet for SMB C access
2002/10/01-21:38:05.38 61.177.254.171 (CHINANET jiangsu province yancheng city network,CN)  scannet for SMB C access