Short summary of some of the attacks against us for Dec. 2002

 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes

2002/12/03-01:03:24.02 12.129.76.203 (ASV Cyber Solutions,Atlanta GA,US) ftp to 19.193 port 14232 pass caretakers/h3r3baby
2002/12/03-06:00:00.00 -- last day before firewall
2002/12/03-08:38:46.62 12.252.248.135 (12-252-248-135.client.attbi.com) scannet for ports  445
2002/12/03-11:32:01.75 64.0.182.90 (w090.z064000182.hou-tx.dsl.cnc.net) scannet for ports  139
2002/12/03-14:04:50.40 62.251.67.121 (fia121-67.dsl.hccnet.nl) scannet for ports  139 445 
2002/12/03-16:07:21.94 200.69.25.153 (153.0/24.25.69.200.in-addr.arpa) scannet for ports  80 
2002/12/03-17:07:12.88 12.251.190.46 (12-251-190-46.client.attbi.com) scannet for ports  1432
2002/12/03-19:26:12.24 80.135.83.250 (p508753FA.dip.t-dialin.net) scannet for ports  1433 
2002/12/03-20:02:05.84 64.204.240.140 (64-204-240-140.client.dsl.net) scannet for ports  80
2002/12/03-21:43:18.89 66.130.242.231 (Le Groupe Videotron Ltee,QUEEBEC,CA) scannet for ports  80 135 1433
2002/12/03-23:50:55.13 66.233.54.225 (cdm-66-54-225-laft.cox-internet.com) scannet for ports  80
2002/12/04-06:00:00.00 -- firewalled at last
2002/12/04-06:38:50.95 66.147.141.252 (66-147-141-252.focaldata.net) scannet for ports  1433 
2002/12/04-07:06:12.57 217.85.125.50 (pD9557D32.dip.t-dialin.net) scannet for ports  21 80 57
2002/12/04-07:15:12.82 217.85.125.50 (pD9557D32.dip.t-dialin.net) scan net for ports 21 80 57
2002/12/04-07:54:59.85 80.15.34.185 (ANancy-107-1-3-185.abo.wanadoo.fr) scan net for ports 80
2002/12/04-09:22:49.26 167.230.38.14 (American International Group Data Center, Inc.,NJ,US) telnet to 132.235.16.100 as sysadmin
2002/12/04-09:31:00.03 162.40.93.114 (h162-040-093-114.adsl.navix.net) scan net for ports 80
2002/12/04-10:04:35.38 64.50.8.84 (40320854.ptr.dia.nextlink.net) scan net for ports 57 1433
2002/12/04-10:56:37.08 211.104.180.58 (KOREA CRAP) scan net for ports 1433
2002/12/04-12:11:02.49 66.233.54.225 (cdm-66-54-225-laft.cox-internet.com) scan net for ports 80
2002/12/04-12:38:45.70 212.211.91.22 (fra-tgn-oyl-vty22.as.wcom.net) ssh to 132.235.16.100 : 54000 and start irc bot.
2002/12/04-16:32:45.23 204.225.7.2 (gateway.stclairc.ca) scan net for ports 80
2002/12/04-22:19:05.33 217.118.44.198 (a217-118-44-198.bluecom.no) scan net for ports 80
2002/12/04-22:50:36.21 209.135.112.161 (xtreme6-161.aci.on.ca) scan net for ports 80
2002/12/05-00:39:14.22 200.229.133.106 (rev-133-106.telnet.com.br) scan net for ports 80
2002/12/05-00:43:37.00 172.163.176.217 (ACA3B0D9.ipt.aol.com) portscan prime
2002/12/05-02:25:26.40 195.210.150.15 (Sojuzpatent Ltd,MOSCOW.RUSSIA) scan net for ports 1433
2002/12/05-02:48:23.97 61.171.250.26 (CHINANET Shanghai province network,CN) try to logon bobcat as root, then as new..
2002/12/05-04:37:13.49 80.65.226.17 (bix.net1.nerim.net) scan net for ports 135
2002/12/05-05:52:45.15 205.158.61.240 (XO Communications,RESTON,VA,US) scan net for ports 21
2002/12/05-09:12:23.42 62.211.236.111 (Telecom Italia,IT)  ICMP superscan echo of net
2002/12/05-09:12:50.46 62.211.236.111 (Telecom Italia,IT) scan net for ports 21
2002/12/05-11:14:43.27 81.112.92.219 (host219-92.pool81112.interbusiness.it) scan net for ports 1433
2002/12/05-13:45:06.51 66.227.222.63 (66.227.222.63.kzo.mi.chartermi.net) scan net for ports 80
2002/12/05-15:53:24.29 207.232.126.13 (207-232-126-13.ip.van.radiant.net) scan net for ports 80 443
2002/12/05-20:25:40.16 66.147.141.252 (66-147-141-252.focaldata.net) scan net for ports 1433
2002/12/06-09:36:46.86 217.39.85.142 (host217-39-85-142.in-addr.btopenworld.com) scannet for ports 80 
2002/12/06-14:05:32.09 200.89.38.61 (61-38-89.dial.terra.cl) scannet for ports 21 
2002/12/06-16:40:54.23 64.227.233.177 (www.lottoaruba.ws) scannet for ports 135 
2002/12/07-02:33:49.74 132.235.101.178 (cs10.southern.ohiou.edu) scannet for ports 1433 
2002/12/07-02:59:01.04 80.181.142.57 (host57-142.pool80181.interbusiness.it) scannet for ports 8000 8080 3128 80 
2002/12/07-03:24:22.17 218.1.37.18 () scannet for ports 80 
2002/12/07-09:37:56.30 24.191.187.237 (ool-18bfbbed.dyn.optonline.net) scannet for ports 1433 
2002/12/07-10:48:15.14 68.81.226.35 (pcp01439891pcs.pwayne01.pa.comcast.net) scannet for ports 57 21 80 
2002/12/07-12:24:42.06 61.123.230.85 (061123230085.cidr.odn.ne.jp) scannet for ports 80 443 
2002/12/07-13:49:33.72 152.101.81.180 (pc180.kccshatin.edu.hk) scan net for por 1433, try to login sql as user root
2002/12/07-13:50:04.03 152.101.81.180 (pc180.kccshatin.edu.hk) scannet for ports 1433 
2002/12/07-17:59:06.73 195.128.137.78 (Samara-Internet, Ltd,Samara/Russia) anon ftp dummy passwd file from ace
2002/12/07-19:02:45.92 62.109.111.50 (b111050.adsl.hansenet.de) scannet for ports 57 
2002/12/08-01:33:41.86 205.179.220.30 (205-179-220-30.client.dsl.net) scannet for ports 80 
2002/12/08-05:42:33.39 200.38.255.48 () scannet for ports 1433 
2002/12/08-07:41:01.19 195.161.86.142 (VTEK.Ekaterinburg.rt-comm.ru) scannet for ports 21 80 57 
2002/12/08-10:57:15.07 217.39.56.6 (host217-39-56-6.in-addr.btopenworld.com) scannet for ports 80 
2002/12/08-05:43:30.09 200.38.255.48 (viceversa sa de cv, MX) scannet for port 1433
2002/12/08-07:40:47.69 195.161.86.142 (VTEK.Ekaterinburg.rt-comm.ru) scannet for ports 80,l57,21
2002/12/08-11:02:33.71 210.22.168.10 () scannet for ports 80 
2002/12/08-14:32:59.09 12.213.46.19 (12-213-46-19.client.attbi.com) scannet for ports 1433 
2002/12/08-14:36:00.67 12.213.46.19 (12-213-46-19.client.attbi.com) scannet for port 1433
2002/12/08-15:17:46.37 62.201.4.169 (Caja Rural de Almeria,ES) sacnnet for port 80,57,21
2002/12/08-15:18:26.41 62.201.4.169 () scannet for ports 80 21 57 
2002/12/08-18:02:22.78 210.235.96.82 (ns.ecogarden.jp) scannet for ports 443 80 
2002/12/08-20:30:57.08 202.75.169.230 () scannet for ports 80 443 
2002/12/08-20:53:54.25 61.149.35.4 () scannet for ports 3128 8080 80 
2002/12/08-20:57:19.19 61.149.35.4 (CHINANET Beijing province network) scannet for ports 8080,80,3128
2002/12/08-23:38:19.74 12.251.202.108 (12-251-202-108.client.attbi.com) scannet for ports 80 
2002/12/09-08:21:54.90 24.222.25.214 (u25n214.hfx.eastlink.ca) scannet for port 80
2002/12/09-11:17:18.59 218.146.253.72 (Korea crap) probe net 1 packet to new ip ever 2-4 hours.
2002/12/09-11:18:57.57 81.56.131.166 (lns-p19-7-81-56-131-166.adsl.proxad.net) scannet for port 21
2002/12/09-13:39:38.69 172.181.250.23 (ACB5FA17.ipt.aol.com) probe port 21 on several ips
2002/12/09-13:49:47.43 217.84.27.152 (pD9541B98.dip.t-dialin.net) scannet for port 135,80
2002/12/09-15:21:03.04 12.24.76.131 (cmss-outside-perimeter01.chasemellon.com) try to telnet to bobcat as root
2002/12/09-17:19:49.96 217.80.196.71 (pD950C447.dip.t-dialin.net) scan net for ports 80,57,21
2002/12/09-17:41:07.07 130.81.254.224 (lo0-0.PEER-RTR1.NY60.verizon-gni.net) scannet for port 646
2002/12/09-19:21:40.42 64.0.121.103 (w103.z064000121.pit-pa.dsl.cnc.net) scannet for port 22
2002/12/10-00:48:11.75 65.119.144.6 (NEW KNOXVILLE TELEPHONE COMPAN,New Knoxville,OH)) scannet for port 1433
2002/12/10-00:51:42.83 212.250.105.230 (New Media Services Ltd,GB) scannet for port 1433
2002/12/10-09:17:04.47 64.78.41.218 () scannet for port 1543
2002/12/10-09:38:10.23 65.40.197.208 (user208.net512.nj.sprint-hsd.net) bang on prime port 5281  several times
2002/12/10-11:06:04.07 65.40.197.208(user208.net512.nj.sprint-hsd.net)  bang on homer port 1700
2002/12/10-11:07:42.93 218.146.253.72 (korea crap) map network 1 packet per ip, 1 packet/hour
2002/12/10-12:22:57.63 217.128.127.232 (AMarseille-102-1-1-232.abo.wanadoo.fr) scnanet for port 21
2002/12/10-14:08:42.98 208.17.80.6 (AMP Dollar Savings Inc,MESA,AZ) scannet for ports 1080,8080,80,3128
2002/12/10-15:02:42.79 65.40.197.208 (user208.net512.nj.sprint-hsd.net) bang on prime ports 5280,5281 
2002/12/10-16:53:34.20 129.119.188.197 (188-197.housenet.smu.edu) scannet for port 57, 1433
2002/12/10-18:40:54.49 67.81.73.155 (ool-4351499b.dyn.optonline.net) scannet for port  80
2002/12/10-19:40:26.89 68.40.24.183 (pcp02498642pcs.vnburn01.mi.comcast.net) scannet for port 80
2002/12/10-20:16:44.94 213.123.218.47 (host213-123-218-47.in-addr.btopenworld.com) scannet for port 1433
2002/12/10-22:28:43.98 216.58.90.204 (i216-58-90-204.igs.net) scannet for port 1433
2002/12/11-00:02:12.77 217.39.29.137 (host217-39-29-137.in-addr.btopenworld.com) scannet for port 80
2002/12/11-01:04:15.56 210.90.208.153 ()scannet for port 80,57
2002/12/11-02:42:13.46 212.35.66.131 (korea crap) scannet for port 1433
2002/12/11-03:06:26.57 172.178.222.232 (ACB2DEE8.ipt.aol.com) scannet for port 80
2002/12/11-07:45:03.77 218.53.111.112 (intermedia.net) scannet for port 1433
2002/12/11-13:08:10.68 200.44.210.21 (cantv.net caracas,ve) probe 132.235.1.5 ports 6112, 64774
2002/12/11-17:19:50.38 200.67.211.162 (dsl-200-67-211-162.prodigy.net.mx) scan net for port 135
2002/12/11-17:19:52.15 200.206.159.185 (200-206-159-185.terra.com.br) scan net for port 135
2002/12/11-19:06:13.39 202.158.40.20 (ip40-20.cbn.net.id) scan net for port 135
2002/12/11-19:48:51.31 211.186.130.98 (korea crap)  scan net for port 1433
2002/12/11-20:37:07.99 61.177.251.254 (CHINANET jiangsu province network)probe 132.235.1.5:1521, 132.235.1.35:[21,80]
2002/12/11-20:59:39.59 200.72.155.150 (ENTEL CHILE,SA, Santiago,CL) scan net for port 135
2002/12/11-21:21:25.92 217.96.10.133 (EURODENTAL SP. Z O.O,WARSAW,PL) scannet for port 1433
2002/12/12-06:04:36.98 161.58.220.103 (rolec.de) map network 1 packet per ip, 1 packet/hour
2002/12/12-06:10:51.38 218.146.253.72 (korea crap) map network 1 packet per ip, 1 packet/hour
2002/12/12-07:45:28.98 213.123.159.29 (host213-123-159-29.in-addr.btopenworld.com) scannet for port 1433
2002/12/12-17:37:29.66 81.49.134.138 (ATuileries-104-1-6-138.abo.wanadoo.fr) scannet for port 21
2002/12/12-21:06:15.98 61.177.251.125 (CHINANET jiangsu province network) probe 132.235.1.35 ports 21,23
2002/12/12-23:26:01.87 61.149.12.199 (CHINANET Beijing province network) scannet for ports 10080,8080,8000,81,3128,8888
2002/12/13-01:58:23.89 193.253.232.146 (APuteaux-102-1-3-146.abo.wanadoo.fr) scannet fo rport 1433
2002/12/13-02:37:40.32 151.204.98.127 (pool-151-204-98-127.ny325.east.verizon.net) scannet for ports 3128,80,8080,1080
2002/12/13-03:19:17.82 211.191.201.105 (korea crap)  scannet for port 1433
2002/12/13-04:53:02.10 210.58.80.254 (254.c80.ethome.net.tw) scannet for port 23