*SHORT* summary of some of the attacks against us for Mar. 2003

   Just too many scans and not enough to keep the list up all the time

 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes

2003/03/13-22:17:03.79 69.3.205.33 ( h-69-3-205-33.SFLDMIDN.covad.net) scan of net, finger probe of unix boxes,
2003/03/13-22:17:03.79 69.3.205.33 ( h-69-3-205-33.SFLDMIDN.covad.net) scan smpt servers for AUTH mechanism LOGIN 
2003/03/13-22:17:03.79 69.3.205.33 ( h-69-3-205-33.SFLDMIDN.covad.net) pop attacks USER admin PASS admin1234
2003/03/13-22:17:03.79 69.3.205.33 ( h-69-3-205-33.SFLDMIDN.covad.net) web attaks, ftpd, etc

 
2003/03/20-11:43:23.18 132.235.30.107 (dhcp-030-107.cns.ohiou.edu) scannet for ports 135 139 thru 14:31:37.96
2003/03/20-14:21:35.14 132.235.196.142 (dhcp-196-142.cns.ohiou.edu) scannet for port 23
2003/03/20-11:43:23.18 132.235.30.107 (dhcp-030-107.cns.ohiou.edu) 2. break into machine, store files

2003/03/25-16:16:37.97 132.235.196.142 (dhcp-196-142.cns.ohiou.edu) scannet for port 80,1433,137 till 16:48:53.57
2003/03/25-16:28:39.71 132.235.196.142 (dhcp-196-142.cns.ohiou.edu) portscan 132.235.17.241
2003/03/25-20:47:51.27 204.252.57.167 (ros167.abq.com) scannet of port 3389
2003/03/25-13:36:36.97 218.25.142.197 (CHINANET liaoning province network) scannet for port 25,1080

2003/03/28-09:06:48.49 80.136.248.101 (p5088F865.dip.t-dialin.net) large unix style attack against DNS servers-finger,port111,6000,ftp,pop,sendmail,http,etc
2003/03/28-11:00:53.69 218.103.211.95 (n218103211095.netvigator.com) portscan each ip on net for 25 ports, 808?,3128,1080...
2003/03/29-08:48:12.32 81.86.116.156 (81-86-116-156.dsl.pipex.com) try to telnet to each ip login root pass root