*SHORT* summary of some of the attacks against us for Oct 2004 Just too many scans and not enough time to keep the list up all the time so... some of the more intresting scans/attacks, or 1 day samples are here year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2004/10/04-02:59:48 218.148.76.176 (korea) scan net on telnet... 2004/10/04-08:15:44 66.154.106.246 (66-154-106-246.hulamundo.com.) try dumb passwords loggind on via ssh. 2004/10/05-07:07:36 66.134.43.221 (h-66-134-43-221.snvacaid.covad.net.) scan ssh ports, try to login to root with bad passwords. 2004/10/05-21:58:49 213.199.101.183 (sql.jeloin.se.) scan ssh ports, try to login to root with bad passwords. 2004/10/12-12:52:35 61.166.6.60 (china) scan net via ssh, try to login as user root 2004/10/13-16:47:08 212.217.26.238 (ll212-2-238-26-217-212.ll212-2.iam.net.ma.) scan ssh ports, try to login to root with bad passwords. 2004/10/16-13:31:24 220.70.167.67 (korea crap) scan ssh ports, try to login to root with bad passwords. 2004/10/17-15:38:17 67.19.107.114 (ns1.nphost.com.) scan ssh ports, try to login to root with bad passwords 2004/10/17-23:27:52 202.123.169.217 (Facility Management, Hong KOng) scan ssh ports, try to login to root with bad passwords 2004/10/20-04:33:55 210.222.214.161 (korea crap) scan ssh ports, try to login to root with bad passwords 2004/10/21-18:27:34 222.45.45.132 (CHINA RAILWAY TELECOMMUNICATIONS) scan ssh ports, try to login to root with bad passwords 2004/10/24-12:37:11 209.184.119.6 (hermes.sac.accd.edu.) scan ssh ports, try to login to root with bad password 2004/10/27-17:22:45 61.129.102.174 (Shanghai Global Network Co) scan ssh ports, try to login to root with bad passwords 2004/10/28-10:09:50 202.30.198.226 (korea crap) scan ssh ports, try to login to root with bad passwords 2004/10/28-12:15:16 61.129.102.174 ( Shanghai Global Network Co/.CN) scan ssh ports, try to login to root with bad passwods 2004/10/28-22:51:57 220.117.182.14 (korea crap) scan ssh ports, try to login to root with bad passwords 2004/10/29-02:53:17 221.116.253.130 (usen-221x116x253x130.ap-US01.usen.ad.jp.) scan net on port 111 2004/10/29-17:23:26 69.20.124.242 (nall.i-site.com.) scan ssh ports, try to login to root with bad passwords 2004/10/29-10:18:32 203.233.235.62 (korea crap) scan net for port 111, probe other ports