| IP address obtained/matched from the IDS log |
|
Win98 |
|
|
|
| IP
address inferred from the IDS log |
|
RH 6.2 |
|
| Notable Events |
|
|
Solaris 2.6 |
|
|
|
|
NT 4 |
|
| Firewall Log |
Snort/IDS Log |
|
| Resolved Ips |
Date |
Time |
Service |
|
| Windows 98,
172.16.1.105 brought online, Oct 31st 2001 |
|
| 62.98.12.116 |
02-Nov-00 |
3:10:08 |
http |
Nov 2 03:10:09 |
IDS128 - CVE-1999-0067
- CGI phf attempt |
62.98.12.116:4406
-> 172.16.1.107:80 |
Hack Attempt |
|
| 62.98.14.40 |
02-Nov-00 |
5:30:36 |
http |
Nov 2 05:30:37 |
IDS128 - CVE-1999-0067
- CGI phf attempt |
62.98.14.40:1402 ->
172.16.1.107:80 |
|
| 64.229.250.79 |
03-Nov-00 |
1:39:00 |
sunrpc |
Nov 3 01:39:01 |
IDS13 - RPC -
portmap-request-mountd |
64.229.250.79:640
-> 172.16.1.107:111 |
RPC Scan |
|
|
Nov 3 01:39:01 |
IDS13 - RPC -
portmap-request-mountd |
64.229.250.79:641
-> 172.16.1.107:111 |
|
|
Nov 3 01:39:18 |
IDS13 - RPC -
portmap-request-mountd |
64.229.250.79:642
-> 172.16.1.107:111 |
|
|
Nov 3 01:39:18 |
IDS13 - RPC -
portmap-request-mountd |
64.229.250.79:645
-> 172.16.1.107:111 |
|
|
Nov 3 01:39:30 |
IDS13 - RPC -
portmap-request-mountd |
64.229.250.79:656
-> 172.16.1.107:111 |
|
|
Nov 3 01:39:30 |
IDS13 - RPC -
portmap-request-mountd |
64.229.250.79:657
-> 172.16.1.107:111 |
|
| RedHat 6.2,
172.16.1.107 brought online, Nov 4th 2001 |
|
| 203.59.72.172 |
04-Nov-00 |
18:25:59 |
ftp |
Nov 4 18:25:59 |
spp_portscan |
PORTSCAN DETECTED from
203.59.72.172 (STEALTH):: |
FTP Scan |
|
|
Nov 4 18:25:59 |
SCAN-SYN FIN |
203.59.72.172:21 ->
172.16.1.103:21 |
|
|
Nov 4 18:25:59 |
SCAN-SYN FIN |
203.59.72.172:21 ->
172.16.1.101:21 |
|
|
Nov 4 18:25:59 |
SCAN-SYN FIN |
203.59.72.172:21 ->
172.16.1.102:21 |
|
|
Nov 4 18:25:59 |
SCAN-SYN FIN |
203.59.72.172:21 ->
172.16.1.105:21 |
|
|
Nov 4 18:25:59 |
SCAN-SYN FIN |
203.59.72.172:21 ->
172.16.1.104:21 |
|
|
Nov 4 18:25:59 |
SCAN-SYN FIN |
203.59.72.172:21 ->
172.16.1.106:21 |
|
|
Nov 4 18:25:59 |
SCAN-SYN FIN |
203.59.72.172:21 ->
172.16.1.107:21 |
|
|
Nov 4 18:25:59 |
SCAN-SYN FIN |
203.59.72.172:21 ->
172.16.1.108:21 |
|
|
Nov 4 18:25:59 |
SCAN-SYN FIN |
203.59.72.172:21 ->
172.16.1.109:21 |
|
|
Nov 4 18:26:17 |
spp_portscan |
portscan status from
203.59.72.172: 11 connections across 9 hosts: TCP(11), UDP(0) STEALTH |
|
|
Nov 4 18:26:33 |
spp_portscan |
End of portscan from
203.59.72.172: TOTAL time(2s) hosts(9) TCP(11) UDP(0) STEALTH: |
|
| 24.69.66.75 |
04-Nov-00 |
22:24:54 |
rpc |
Nov 4 22:29:45 |
RPC Info Query |
24.69.66.75:738 ->
172.16.1.107:111 |
Hack Attempt |
|
|
Nov 4 22:30:41 |
IDS15 - RPC -
portmap-request-status |
24.69.66.75:851 ->
172.16.1.107:111 |
|
|
Nov 4 22:30:41 |
IDS362 - MISC -
Shellcode X86 NOPS-UDP |
24.69.66.75:852 ->
172.16.1.107:949 |
|
| Solaris 2.6,
172.16.1.101 brought online, Nov 5th 2001 |
|
|
Nov 5 09:52:07 |
IDS152 - PING BSD |
207.239.115.11 ->
172.16.1.101:: |
|
|
Nov 5 09:52:08 |
IDS152 - PING BSD |
207.239.115.11 ->
172.16.1.101:: |
|
|
Nov 5 09:52:09 |
IDS152 - PING BSD |
207.239.115.11 ->
172.16.1.101:: |
|
|
Nov 5 09:52:40 |
IDS08 - TELNET -
daemon-active |
172.16.1.101:23 ->
207.239.115.11:1270 |
|
|
Nov 5 11:54:40 |
spp_portscan |
PORTSCAN DETECTED from
202.114.208.160 (THRESHOLD 5 connections exceeded in 0 seconds):: |
??? Scan |
|
|
Nov 5 11:57:15 |
spp_portscan |
portscan status from
202.114.208.160: 9 connections across 9 hosts: TCP(9), UDP(0) |
|
|
Nov 5 11:57:33 |
spp_portscan |
End of portscan from
202.114.208.160: TOTAL time(0s) hosts(9) TCP(9) UDP(0): |
|
| 128.121.247.126 |
06-Nov-00 |
2:02:06 |
ftp |
|
| 61.129.65.42 |
06-Nov-00 |
16:44:13 |
rpc |
Nov 6 16:44:14 |
spp_portscan |
PORTSCAN DETECTED from
61.129.65.42 (STEALTH):: |
RPC Scan |
|
|
Nov 6 16:44:14 |
SCAN-SYN FIN |
61.129.65.42:111 ->
172.16.1.102:111 |
|
|
Nov 6 16:44:14 |
SCAN-SYN FIN |
61.129.65.42:111 ->
172.16.1.103:111 |
|
|
Nov 6 16:44:14 |
SCAN-SYN FIN |
61.129.65.42:111 ->
172.16.1.104:111 |
|
|
Nov 6 16:44:14 |
SCAN-SYN FIN |
61.129.65.42:111 ->
172.16.1.105:111 |
|
|
Nov 6 16:44:14 |
SCAN-SYN FIN |
61.129.65.42:111 ->
172.16.1.107:111 |
|
|
Nov 6 16:44:14 |
SCAN-SYN FIN |
61.129.65.42:111 ->
172.16.1.108:111 |
|
|
Nov 6 16:44:14 |
SCAN-SYN FIN |
61.129.65.42:111 ->
172.16.1.109:111 |
|
|
Nov 6 16:44:19 |
RPC Info Query |
61.129.65.42:777 ->
172.16.1.107:111 |
|
|
Nov 6 16:44:36 |
spp_portscan |
portscan status from
61.129.65.42: 8 connections across 7 hosts: TCP(8), UDP(0) STEALTH |
|
|
Nov 6 16:44:52 |
spp_portscan |
End of portscan from
61.129.65.42: TOTAL time(4s) hosts(7) TCP(8) UDP(0) STEALTH: |
|
| 62.98.45.141 |
06-Nov-00 |
17:02:49 |
rpc |
Nov 6 17:2:50 |
spp_portscan |
PORTSCAN DETECTED from
62.98.45.141 (STEALTH):: |
RPC Scan |
|
|
Nov 6 17:2:50 |
SCAN-SYN FIN |
62.98.45.141:111 ->
172.16.1.101:111 |
|
|
Nov 6 17:2:50 |
SCAN-SYN FIN |
62.98.45.141:111 ->
172.16.1.102:111 |
|
|
Nov 6 17:2:50 |
SCAN-SYN FIN |
62.98.45.141:111 ->
172.16.1.103:111 |
|
|
Nov 6 17:2:50 |
SCAN-SYN FIN |
62.98.45.141:111 ->
172.16.1.104:111 |
|
|
Nov 6 17:2:50 |
SCAN-SYN FIN |
62.98.45.141:111 ->
172.16.1.105:111 |
|
|
Nov 6 17:2:50 |
SCAN-SYN FIN |
62.98.45.141:111 ->
172.16.1.106:111 |
|
|
Nov 6 17:2:50 |
SCAN-SYN FIN |
62.98.45.141:111 ->
172.16.1.107:111 |
|
|
Nov 6 17:2:50 |
SCAN-SYN FIN |
62.98.45.141:111 ->
172.16.1.108:111 |
|
|
Nov 6 17:2:50 |
SCAN-SYN FIN |
62.98.45.141:111 ->
172.16.1.109:111 |
|
|
Nov 6 17:2:55 |
RPC Info Query |
62.98.45.141:816 ->
172.16.1.101:111 |
|
|
Nov 6 17:2:58 |
RPC Info Query |
62.98.45.141:826 ->
172.16.1.107:111 |
|
|
Nov 6 17:6:38 |
spp_portscan |
portscan status from
62.98.45.141: 11 connections across 9 hosts: TCP(11), UDP(0) STEALTH |
|
|
Nov 6 17:6:53 |
spp_portscan |
End of portscan from
62.98.45.141: TOTAL time(8s) hosts(9) TCP(11) UDP(0) STEALTH: |
|
| 212.129.5.218 |
06-Nov-00 |
20:34:00 |
sunrpc |
Nov 6 20:34:00 |
IDS13 - RPC -
portmap-request-mountd |
212.129.5.218:822
-> 172.16.1.107:111 |
|
|
Nov 6 20:34:01 |
IDS13 - RPC -
portmap-request-mountd |
212.129.5.218:823
-> 172.16.1.107:111 |
|
| 216.216.74.2 |
07-Nov-00 |
23:06:45 |
rpc |
Nov 7 23:6:47 |
spp_portscan |
PORTSCAN DETECTED from
216.216.74.2 (THRESHOLD 5 connections exceeded in 0 seconds):: |
RPC Scan |
VA Scan?? |
|
Nov 7 23:11:04 |
spp_portscan |
portscan status from
216.216.74.2: 9 connections across 9 hosts: TCP(9), UDP(0) |
|
Nov 7 23:11:05 |
RPC Info Query |
216.216.74.2:962 ->
172.16.1.101:111 |
|
Nov 7 23:11:06 |
RPC Info Query |
216.216.74.2:963 ->
172.16.1.107:111 |
|
Nov 7 23:11:31 |
spp_portscan |
portscan status from
216.216.74.2: 2 connections across 1 hosts: TCP(2), UDP(0) |
Telnet Scan |
|
Nov 7 23:11:31 |
IDS08 - TELNET - daemon-active |
172.16.1.101:23 ->
216.216.74.2:1209 |
|
Nov 7 23:11:34 |
IDS08 - TELNET - daemon-active |
172.16.1.101:23 ->
216.216.74.2:1210 |
|
Nov 7 23:11:47 |
spp_portscan |
portscan status from
216.216.74.2: 2 connections across 2 hosts: TCP(2), UDP(0) |
Hack Attempt |
|
Nov 7 23:11:51 |
IDS15 - RPC -
portmap-request-status |
216.216.74.2:709 ->
172.16.1.107:111 |
|
Nov 7 23:11:51 |
IDS362 - MISC -
Shellcode X86 NOPS-UDP |
216.216.74.2:710 ->
172.16.1.107:871 |
|
Nov 7 23:12:03 |
spp_portscan |
portscan status from
216.216.74.2: 2 connections across 1 hosts: TCP(0), UDP(2) |
|
|
Nov 7 23:12:23 |
spp_portscan |
portscan status from
216.216.74.2: 1 connections across 1 hosts: TCP(1), UDP(0) |
|
|
Nov 7 23:12:47 |
spp_portscan |
End of portscan from
216.216.74.2: TOTAL time(324s) hosts(10) TCP(14) UDP(2): |
|
| Windows 98,
172.16.1.102 rebuilt, Nov 8th 2001 |
|
| 24.12.200.186 |
08-Nov-00 |
7:31:15 |
telnet |
|
| 207.123.161.202 |
09-Nov-00 |
14:30:49 |
telnet |
|
|
Nov 9 22:14:48 |
spp_portscan |
PORTSCAN DETECTED from
24.25.74.35 (THRESHOLD 5 connections exceeded in 0 seconds):: |
??? Scan |
|
|
Nov 9 22:15:07 |
spp_portscan |
portscan status from 24.25.74.35:
8 connections across 8 hosts: TCP(0), UDP(8) |
|
|
Nov 9 22:15:23 |
spp_portscan |
End of portscan from 24.25.74.35:
TOTAL time(0s) hosts(8) TCP(0) UDP(8): |
|
| 24.12.200.186 |
10-Nov-00 |
10:37:31 |
ssh |
|
| 194.38.76.99 |
10-Nov-00 |
16:49:30 |
ssh |
|
| 24.42.46.171 |
11-Nov-00 |
21:25:06 |
sunrpc |
Nov 11 21:25:06 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
Lots of RPC Queries… |
|
|
Nov 11 21:25:12 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
|
|
Nov 11 21:25:21 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
|
|
Nov 11 21:25:26 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
|
|
Nov 11 21:25:32 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
|
|
Nov 11 21:25:36 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
|
|
Nov 11 21:25:41 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
|
|
Nov 11 21:25:47 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
|
|
Nov 11 21:25:51 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
|
|
Nov 11 21:25:56 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:02 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:635 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:07 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:12 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:17 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:22 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:27 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:32 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:37 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:42 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:47 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:52 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:26:57 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
|
Nov 11 21:27:02 |
IDS13 - RPC -
portmap-request-mountd |
24.42.46.171:636 ->
172.16.1.107:111 |
|
| 139.130.83.56 |
13-Nov-00 |
1:53:40 |
http |
Nov 13 01:53:41 |
spp_portscan |
PORTSCAN DETECTED from
139.130.83.56 (STEALTH):: |
HTTP Scan |
|
|
Nov 13 01:53:41 |
SCAN-SYN FIN |
139.130.83.56:8828
-> 172.16.1.107:80 |
|
|
Nov 13 04:16:57 |
spp_portscan |
portscan status from
139.130.83.56: 3 connections across 2 hosts: TCP(3), UDP(0) STEALTH |
|
|
Nov 13 04:17:13 |
spp_portscan |
End of portscan from
139.130.83.56: TOTAL time(1s) hosts(2) TCP(3) UDP(0) STEALTH: |
|
| 140.211.15.190 |
13-Nov-00 |
12:56:42 |
ftp |
|
| 24.12.200.186 |
14-Nov-00 |
0:58:36 |
ftp |
Nov 14 00:58:40 |
spp_portscan |
PORTSCAN DETECTED from
24.12.200.186 (THRESHOLD 5 connections exceeded in 3 seconds):: |
FTP Scan |
|
|
Nov 14 01:0:27 |
spp_portscan |
portscan status from
24.12.200.186: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 14 01:0:44 |
spp_portscan |
End of portscan from
24.12.200.186: TOTAL time(8s) hosts(8) TCP(8) UDP(0): |
|
| www.baf-fiscal.com.mx |
15-Nov-00 |
10:40:20 |
rpc |
|
| 24.42.46.171 |
16-Nov-00 |
16:49:51 |
http |
|
| 194.38.76.99 |
16-Nov-00 |
20:48:43 |
ssh |
|
| 216.84.199.xx |
17-Nov-00 |
9:11:42 |
domain-tcp |
|
| 194.38.76.99 |
17-Nov-00 |
14:17:10 |
ssh |
|
| 216.199.92.4 |
18-Nov-00 |
6:56:53 |
rpc |
Nov 18 06:56:54 |
spp_portscan |
PORTSCAN DETECTED from
216.199.92.4 (THRESHOLD 5 connections exceeded in 0 seconds):: |
RPC Scan |
|
|
Nov 18 06:56:54 |
RPC Info Query |
216.199.92.4:990 ->
172.16.1.101:111 |
|
|
Nov 18 07:32:06 |
spp_portscan |
portscan status from
216.199.92.4: 9 connections across 8 hosts: TCP(9), UDP(0) |
|
|
Nov 18 08:15:44 |
spp_portscan |
End of portscan from
216.199.92.4: TOTAL time(2113s) hosts(8) TCP(9) UDP(0): |
|
| 194.152.124.142 |
18-Nov-00 |
10:22:11 |
ftp |
Nov 18 10:22:11 |
spp_portscan |
PORTSCAN DETECTED from
194.152.124.142 (THRESHOLD 5 connections exceeded in 0 seconds):: |
FTP Scan |
|
|
Nov 18 11:31:35 |
spp_portscan |
portscan status from
194.152.124.142: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 18 11:31:52 |
spp_portscan |
End of portscan from
194.152.124.142: TOTAL time(9s) hosts(8) TCP(8) UDP(0): |
|
|
Nov 18 17:0:27 |
spp_portscan |
PORTSCAN DETECTED from
24.29.162.158 (THRESHOLD 5 connections exceeded in 0 seconds):: |
??? Scan |
|
|
Nov 18 17:16:18 |
spp_portscan |
portscan status from
24.29.162.158: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 18 17:16:39 |
spp_portscan |
End of portscan from
24.29.162.158: TOTAL time(0s) hosts(8) TCP(8) UDP(0): |
|
| 62.161.77.94 |
18-Nov-00 |
22:05:57 |
ftp |
Nov 18 22:6:13 |
spp_portscan |
PORTSCAN DETECTED from
62.161.77.94 (THRESHOLD 5 connections exceeded in 2 seconds):: |
FTP Scan |
|
|
Nov 18 22:10:11 |
spp_portscan |
portscan status from
62.161.77.94: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 18 22:10:27 |
spp_portscan |
End of portscan from
62.161.77.94: TOTAL time(11s) hosts(8) TCP(8) UDP(0): |
|
| 24.29.162.158 |
19-Nov-00 |
0:10:12 |
ftp |
|
|
Nov 19 11:13:15 |
spp_portscan |
PORTSCAN DETECTED from
24.141.204.189 (THRESHOLD 5 connections exceeded in 0 seconds):: |
FTP Scan |
|
|
Nov 19 11:26:00 |
spp_portscan |
portscan status from
24.141.204.189: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
| 202.141.26.165 |
19-Nov-00 |
14:56:58 |
rpc |
Nov 19 14:56:59 |
spp_portscan |
End of portscan from
24.141.204.189: TOTAL time(0s) hosts(8) TCP(8) UDP(0): |
|
|
Nov 19 14:56:59 |
IDS7 - MISC-Source Port Traffic
53 TCP |
202.141.26.165:53
-> 172.16.1.107:111 |
RPC Scan |
|
|
Nov 19 14:56:59 |
IDS7 - MISC-Source Port Traffic
53 TCP |
202.141.26.165:53
-> 172.16.1.101:111 |
|
| chem.iitm.ernet.in |
19-Nov-00 |
14:57:00 |
rpc |
|
| 211.42.135.14 |
19-Nov-00 |
21:27:34 |
rpc |
|
| 203.146.85.84 |
20-Nov-00 |
10:08:03 |
sunrpc |
Nov 20 10:8:04 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.84:1104
-> 172.16.1.107:111 |
RPC Queries |
|
|
Nov 20 10:8:34 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.84:1104
-> 172.16.1.107:111 |
|
|
Nov 20 10:9:04 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.84:1104
-> 172.16.1.107:111 |
|
| 131.215.30.2 |
20-Nov-00 |
13:11:06 |
telnet |
Nov 20 13:11:06 |
spp_portscan |
PORTSCAN DETECTED from
131.215.30.2 (THRESHOLD 5 connections exceeded in 0 seconds):: |
Telnet Scan |
|
|
Nov 20 13:11:06 |
IDS8 - TELNET -
daemon-active |
172.16.1.101:23 ->
131.215.30.2:4113 |
|
|
Nov 20 13:11:06 |
RPC Info Query |
131.215.30.2:741 ->
172.16.1.101:111 |
|
|
Nov 20 13:12:30 |
spp_portscan |
portscan status from
131.215.30.2: 10 connections across 8 hosts: TCP(10), UDP(0) |
Telnet Scan |
|
|
Nov 20 13:12:47 |
spp_portscan |
End of portscan from
131.215.30.2: TOTAL time(9s) hosts(8) TCP(10) UDP(0): |
|
| 64.71.163.201 |
20-Nov-00 |
14:04:55 |
domain-tcp |
Nov 20 14:4:57 |
IDS212 - MISC - DNS Zone Transfer |
207.20.109.228:1343
-> 172.16.1.107:53 |
|
| 24.21.157.47 |
20-Nov-00 |
20:46:02 |
telnet |
Nov 20 20:46:03 |
IDS8 - TELNET -
daemon-active |
172.16.1.101:23 ->
24.21.157.47:1630 |
Telnet Scan |
|
|
Nov 20 20:46:03 |
spp_portscan |
PORTSCAN DETECTED from
24.21.157.47 (THRESHOLD 5 connections exceeded in 1 seconds):: |
|
|
Nov 20 20:48:45 |
spp_portscan |
portscan status from
24.21.157.47: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 20 20:57:37 |
spp_portscan |
End of portscan from
24.21.157.47: TOTAL time(10s) hosts(8) TCP(8) UDP(0): |
|
| 203.146.64.180 |
21-Nov-00 |
12:41:25 |
http |
Nov 21 12:41:26 |
IDS128 - CVE-1999-0067
- CGI phf attempt |
203.146.64.167:7850
-> 172.16.1.107:80 |
Hack Attempt |
|
| 203.146.85.92 |
21-Nov-00 |
13:09:53 |
sunrpc |
Nov 21 13:9:53 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
Lots of RPC Queries… |
|
|
Nov 21 13:9:58 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:10:24 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:10:29 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:10:34 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:10:39 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:10:43 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:10:49 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:10:54 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:10:59 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:11:04 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:11:09 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:11:14 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:11:19 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:11:24 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:11:34 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:11:39 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
|
Nov 21 13:11:43 |
IDS13 - RPC -
portmap-request-mountd |
203.146.85.92:1267
-> 172.16.1.107:111 |
|
| 207.156.136.5 |
21-Nov-00 |
18:59:36 |
rpc |
Nov 21 18:59:36 |
RPC Info Query |
207.156.136.5:2828
-> 172.16.1.101:111 |
|
| 195.199.7.93 |
22-Nov-00 |
1:52:15 |
ssh |
|
| 217.1.30.70 |
22-Nov-00 |
7:55:16 |
ftp |
Nov 22 07:55:20 |
spp_portscan |
PORTSCAN DETECTED from
217.1.30.70 (THRESHOLD 5 connections exceeded in 3 seconds):: |
FTP Scan |
|
| 213.120.237.178 |
22-Nov-00 |
8:16:23 |
ftp |
Nov 22 08:16:29 |
spp_portscan |
portscan status from 217.1.30.70:
6 connections across 6 hosts: TCP(6), UDP(0) |
|
|
Nov 22 08:16:34 |
spp_portscan |
PORTSCAN DETECTED from
213.120.237.178 (THRESHOLD 5 connections exceeded in 6 seconds):: |
FTP Scan |
|
|
Nov 22 08:16:47 |
spp_portscan |
End of portscan from 217.1.30.70:
TOTAL time(3s) hosts(6) TCP(6) UDP(0): |
|
|
Nov 22 08:16:51 |
spp_portscan |
portscan status from
213.120.237.178: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 22 08:17:22 |
spp_portscan |
portscan status from
213.120.237.178: 4 connections across 4 hosts: TCP(4), UDP(0) |
|
|
Nov 22 08:18:36 |
spp_portscan |
End of portscan from
213.120.237.178: TOTAL time(31s) hosts(11) TCP(12) UDP(0): |
|
| 63.202.184.4 |
22-Nov-00 |
17:44:24 |
IKE |
|
| 62.136.60.95 |
22-Nov-00 |
19:55:28 |
ftp |
Nov 22 19:55:28 |
spp_portscan |
PORTSCAN DETECTED from
62.136.60.95 (THRESHOLD 5 connections exceeded in 0 seconds):: |
FTP Scan |
|
|
Nov 22 21:37:47 |
spp_portscan |
portscan status from
62.136.60.95: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 22 21:38:03 |
spp_portscan |
End of portscan from
62.136.60.95: TOTAL time(8s) hosts(8) TCP(8) UDP(0): |
|
| 208.133.204.1 |
22-Nov-00 |
21:55:12 |
sunrpc |
Nov 22 21:55:12 |
IDS13 - RPC -
portmap-request-mountd |
208.133.204.1:855
-> 172.16.1.107:111 |
Lots of RPC Queries… |
|
|
Nov 22 21:55:17 |
IDS13 - RPC -
portmap-request-mountd |
208.133.204.1:855
-> 172.16.1.107:111 |
|
|
Nov 22 21:55:47 |
IDS13 - RPC -
portmap-request-mountd |
208.133.204.1:855
-> 172.16.1.107:111 |
|
|
Nov 22 21:56:12 |
IDS13 - RPC -
portmap-request-mountd |
208.133.204.1:856
-> 172.16.1.107:111 |
|
|
Nov 22 21:56:17 |
IDS13 - RPC -
portmap-request-mountd |
208.133.204.1:856
-> 172.16.1.107:111 |
|
|
Nov 22 21:56:47 |
IDS13 - RPC -
portmap-request-mountd |
208.133.204.1:856
-> 172.16.1.107:111 |
|
|
Nov 22 21:57:07 |
IDS13 - RPC -
portmap-request-mountd |
208.133.204.1:856
-> 172.16.1.107:111 |
|
|
Nov 23 00:44:41 |
spp_portscan |
PORTSCAN DETECTED from
209.237.67.12 (THRESHOLD 5 connections exceeded in 0 seconds):: |
??? Scan |
|
|
Nov 23 02:2:07 |
spp_portscan |
portscan status from
209.237.67.12: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 23 02:2:23 |
spp_portscan |
End of portscan from
209.237.67.12: TOTAL time(0s) hosts(8) TCP(8) UDP(0): |
|
| alpha.mslc.ohio-state.edu |
23-Nov-00 |
18:42:21 |
IKE |
|
| 206.77.188.15 |
23-Nov-00 |
19:46:56 |
domain-tcp |
Nov 23 19:46:57 |
spp_portscan |
PORTSCAN DETECTED from
206.77.188.15 (STEALTH):: |
Named Scan |
|
|
Nov 23 19:46:57 |
SCAN-SYN FIN |
206.77.188.15:53 ->
172.16.1.101:53 |
|
|
Nov 23 19:46:57 |
SCAN-SYN FIN |
206.77.188.15:53 ->
172.16.1.102:53 |
|
|
Nov 23 19:46:57 |
SCAN-SYN FIN |
206.77.188.15:53 ->
172.16.1.103:53 |
|
|
Nov 23 19:46:57 |
SCAN-SYN FIN |
206.77.188.15:53 ->
172.16.1.104:53 |
|
|
Nov 23 19:46:57 |
SCAN-SYN FIN |
206.77.188.15:53 ->
172.16.1.105:53 |
|
|
Nov 23 19:46:57 |
SCAN-SYN FIN |
206.77.188.15:53 ->
172.16.1.106:53 |
|
|
Nov 23 19:46:57 |
SCAN-SYN FIN |
206.77.188.15:53 ->
172.16.1.107:53 |
|
|
Nov 23 19:46:57 |
SCAN-SYN FIN |
206.77.188.15:53 ->
172.16.1.108:53 |
|
|
Nov 23 19:46:57 |
PING-ICMP Time Exceeded |
205.171.25.58 ->
172.16.1.101:: |
|
|
Nov 23 19:46:57 |
IDS277 - NAMED Iquery Probe |
206.77.188.15:3243
-> 172.16.1.107:53 |
|
|
Nov 23 19:46:57 |
IDS278 - SCAN -named Version
probe |
206.77.188.15:3243
-> 172.16.1.107:53 |
|
|
Nov 23 20:34:09 |
spp_portscan |
portscan status from
206.77.188.15: 10 connections across 8 hosts: TCP(9), UDP(1) STEALTH |
|
|
Nov 23 20:34:24 |
spp_portscan |
End of portscan from
206.77.188.15: TOTAL time(1s) hosts(8) TCP(9) UDP(1) STEALTH: |
|
| 217.5.83.235 |
24-Nov-00 |
7:34:04 |
ftp |
Nov 24 07:34:14 |
spp_portscan |
PORTSCAN DETECTED from
217.5.83.235 (THRESHOLD 5 connections exceeded in 6 seconds):: |
FTP Scan |
|
|
Nov 24 07:34:29 |
spp_portscan |
portscan status from
217.5.83.235: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 24 08:4:16 |
spp_portscan |
portscan status from
217.5.83.235: 4 connections across 4 hosts: TCP(4), UDP(0) |
|
|
Nov 24 08:4:32 |
spp_portscan |
End of portscan from
217.5.83.235: TOTAL time(30s) hosts(11) TCP(12) UDP(0): |
|
| 64.45.218.3 |
24-Nov-00 |
9:51:55 |
ftp |
Nov 24 09:51:56 |
spp_portscan |
PORTSCAN DETECTED from
64.45.218.3 (THRESHOLD 5 connections exceeded in 0 seconds):: |
FTP Scan |
|
|
Nov 24 12:52:29 |
spp_portscan |
portscan status from 64.45.218.3:
8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 24 12:52:45 |
spp_portscan |
End of portscan from 64.45.218.3:
TOTAL time(9s) hosts(8) TCP(8) UDP(0): |
|
|
Nov 25 09:1:12 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4881
-> 172.16.1.101:1080 |
WinGate/Socks Scan |
|
|
Nov 25 09:1:12 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4882 ->
172.16.1.102:1080 |
|
|
Nov 25 09:1:12 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4883 ->
172.16.1.103:1080 |
|
|
Nov 25 09:1:12 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4884 ->
172.16.1.104:1080 |
|
|
Nov 25 09:1:12 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4885
-> 172.16.1.105:1080 |
|
|
Nov 25 09:1:12 |
spp_portscan |
PORTSCAN DETECTED from
24.42.178.243 (THRESHOLD 5 connections exceeded in 0 seconds):: |
|
|
Nov 25 09:1:12 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4886 ->
172.16.1.106:1080 |
|
|
Nov 25 09:1:12 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4887
-> 172.16.1.107:1080 |
|
|
Nov 25 09:1:12 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4888 ->
172.16.1.108:1080 |
|
|
Nov 25 09:1:13 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4881
-> 172.16.1.101:1080 |
|
|
Nov 25 09:1:13 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4887
-> 172.16.1.107:1080 |
|
|
Nov 25 09:1:13 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4881
-> 172.16.1.101:1080 |
|
|
Nov 25 09:1:13 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4887
-> 172.16.1.107:1080 |
|
|
Nov 25 09:1:14 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4881
-> 172.16.1.101:1080 |
|
|
Nov 25 09:1:14 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4887
-> 172.16.1.107:1080 |
|
|
Nov 25 09:1:15 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4882 ->
172.16.1.102:1080 |
|
|
Nov 25 09:1:15 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4883 ->
172.16.1.103:1080 |
|
|
Nov 25 09:1:15 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4884 ->
172.16.1.104:1080 |
|
|
Nov 25 09:1:15 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4885
-> 172.16.1.105:1080 |
|
|
Nov 25 09:1:15 |
MISC-WinGate-1080-Attempt |
24.42.178.243:4888 ->
172.16.1.108:1080 |
|
|
Nov 25 09:6:19 |
spp_portscan |
portscan status from
24.42.178.243: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 25 09:6:53 |
spp_portscan |
End of portscan from
24.42.178.243: TOTAL time(3s) hosts(8) TCP(8) UDP(0): |
|
| 152.2.48.83 |
25-Nov-00 |
12:13:19 |
ftp |
Nov 25 12:13:19 |
spp_portscan |
PORTSCAN DETECTED from
152.2.48.83 (THRESHOLD 5 connections exceeded in 0 seconds):: |
FTP Scan |
|
|
Nov 25 12:34:45 |
spp_portscan |
portscan status from 152.2.48.83:
8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 25 12:35:02 |
spp_portscan |
End of portscan from 152.2.48.83:
TOTAL time(0s) hosts(8) TCP(8) UDP(0): |
|
| 209.148.83.51 |
25-Nov-00 |
15:40:12 |
ftp |
|
|
Nov 25 21:25:26 |
spp_portscan |
PORTSCAN DETECTED from
172.155.157.149 (THRESHOLD 5 connections exceeded in 0 seconds):: |
FTP Scan |
|
|
Nov 25 21:31:17 |
spp_portscan |
portscan status from
172.155.157.149: 7 connections across 7 hosts: TCP(7), UDP(0) |
|
|
Nov 25 21:31:34 |
spp_portscan |
End of portscan from
172.155.157.149: TOTAL time(0s) hosts(7) TCP(7) UDP(0): |
|
| Solaris 2.6,
172.16.1.103 brought online, Nov 26th 2001 |
|
| RedHat 6.2,
172.16.1.104 brought online, Nov 26th 2001 |
|
| Windows NT SP4,
172.16.1.106 brought online, Nov 26th 2001 |
|
| 128.84.246.7 |
26-Nov-00 |
7:41:13 |
telnet |
Nov 26 07:35:34 |
spp_portscan |
PORTSCAN DETECTED from
128.84.246.7 (THRESHOLD 5 connections exceeded in 0 seconds):: |
Telnet Scan |
|
|
Nov 26 07:41:13 |
spp_portscan |
portscan status from
128.84.246.7: 9 connections across 8 hosts: TCP(9), UDP(0) |
|
|
Nov 26 07:41:13 |
IDS8 - TELNET -
daemon-active |
172.16.1.101:23 ->
128.84.246.7:3913 |
|
|
Nov 26 09:0:02 |
spp_portscan |
End of portscan from
128.84.246.7: TOTAL time(339s) hosts(8) TCP(9) UDP(0): |
|
| 207.38.118.172 |
26-Nov-00 |
17:07:19 |
imap |
|
|
Nov 26 19:51:53 |
spp_portscan |
PORTSCAN DETECTED from
208.185.167.115 (THRESHOLD 5 connections exceeded in 4 seconds):: |
IMAP Scan |
|
|
Nov 26 20:49:24 |
spp_portscan |
portscan status from
208.185.167.115: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 26 21:15:10 |
spp_portscan |
portscan status from
208.185.167.115: 1 connections across 1 hosts: TCP(1), UDP(0) |
|
|
Nov 26 21:35:31 |
spp_portscan |
portscan status from
208.185.167.115: 7 connections across 7 hosts: TCP(7), UDP(0) |
|
|
Nov 26 21:35:47 |
spp_portscan |
End of portscan from
208.185.167.115: TOTAL time(5001s) hosts(14) TCP(16) UDP(0): |
|
| 63.165.207.14 |
28-Nov-00 |
1:21:47 |
telnet |
Nov 28 01:21:50 |
spp_portscan |
PORTSCAN DETECTED from
63.165.207.14 (THRESHOLD 5 connections exceeded in 3 seconds):: |
Telnet Scan |
|
|
Nov 28 01:22:07 |
spp_portscan |
portscan status from
63.165.207.14: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 28 01:22:23 |
spp_portscan |
End of portscan from
63.165.207.14: TOTAL time(3s) hosts(8) TCP(8) UDP(0): |
|
|
Nov 29 11:13:29 |
spp_portscan |
PORTSCAN DETECTED from
12.24.136.201 (STEALTH):: |
??? Scan |
|
|
Nov 29 11:13:29 |
SCAN-SYN FIN |
12.24.136.201:511 ->
172.16.1.101:511 |
|
|
Nov 29 11:13:29 |
SCAN-SYN FIN |
12.24.136.201:511 ->
172.16.1.102:511 |
|
|
Nov 29 11:13:29 |
SCAN-SYN FIN |
12.24.136.201:511
-> 172.16.1.103:511 |
|
|
Nov 29 11:13:29 |
SCAN-SYN FIN |
12.24.136.201:511
-> 172.16.1.104:511 |
|
|
Nov 29 11:13:29 |
SCAN-SYN FIN |
12.24.136.201:511
-> 172.16.1.105:511 |
|
|
Nov 29 11:13:29 |
SCAN-SYN FIN |
12.24.136.201:511 ->
172.16.1.106:511 |
|
|
Nov 29 11:13:29 |
SCAN-SYN FIN |
12.24.136.201:511 ->
172.16.1.107:511 |
|
|
Nov 29 11:13:29 |
SCAN-SYN FIN |
12.24.136.201:511 ->
172.16.1.108:511 |
|
|
Nov 29 11:14:24 |
spp_portscan |
portscan status from
12.24.136.201: 8 connections across 8 hosts: TCP(8), UDP(0) STEALTH |
|
|
Nov 29 11:14:42 |
spp_portscan |
End of portscan from
12.24.136.201: TOTAL time(0s) hosts(8) TCP(8) UDP(0) STEALTH: |
|
| 213.56.229.206 |
29-Nov-00 |
15:04:03 |
ftp |
Nov 29 15:4:04 |
spp_portscan |
PORTSCAN DETECTED from
213.56.229.206 (THRESHOLD 5 connections exceeded in 1 seconds):: |
FTP Scan |
|
|
Nov 29 16:9:50 |
spp_portscan |
portscan status from
213.56.229.206: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 29 16:10:07 |
spp_portscan |
End of portscan from
213.56.229.206: TOTAL time(4s) hosts(8) TCP(8) UDP(0): |
|
| 144.132.223.204 |
30-Nov-00 |
4:58:45 |
ftp |
Nov 30 04:58:53 |
spp_portscan |
PORTSCAN DETECTED from
144.132.223.204 (THRESHOLD 5 connections exceeded in 7 seconds):: |
FTP Scan |
|
|
Nov 30 04:59:12 |
spp_portscan |
portscan status from
144.132.223.204: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 30 06:45:46 |
spp_portscan |
portscan status from
144.132.223.204: 2 connections across 2 hosts: TCP(2), UDP(0) |
|
| 149.225.118.255 |
30-Nov-00 |
9:36:09 |
ftp |
Nov 30 09:36:09 |
spp_portscan |
End of portscan from
144.132.223.204: TOTAL time(29s) hosts(9) TCP(10) UDP(0): |
|
|
Nov 30 09:36:09 |
spp_portscan |
PORTSCAN DETECTED from
149.225.118.255 (THRESHOLD 5 connections exceeded in 0 seconds):: |
FTP Scan |
|
|
Nov 30 09:37:19 |
spp_portscan |
portscan status from
149.225.118.255: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 30 09:37:36 |
spp_portscan |
End of portscan from
149.225.118.255: TOTAL time(3s) hosts(8) TCP(8) UDP(0): |
|
|
Nov 30 15:42:39 |
spp_portscan |
PORTSCAN DETECTED from
216.78.181.149 (THRESHOLD 5 connections exceeded in 0 seconds):: |
FTP Scan |
|
|
Nov 30 17:0:01 |
spp_portscan |
portscan status from
216.78.181.149: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 30 17:0:19 |
spp_portscan |
End of portscan from
216.78.181.149: TOTAL time(1s) hosts(8) TCP(8) UDP(0): |
|
| 141.223.222.143 |
30-Nov-00 |
20:42:58 |
ftp |
Nov 30 20:43:01 |
spp_portscan |
PORTSCAN DETECTED from
141.223.222.143 (THRESHOLD 5 connections exceeded in 2 seconds):: |
Hack Attempt |
|
|
Nov 30 21:55:43 |
spp_portscan |
portscan status from
141.223.222.143: 8 connections across 8 hosts: TCP(8), UDP(0) |
|
|
Nov 30 21:55:44 |
IDS287 - FTP -
Wuftp260 venglin linux |
141.223.222.143:4761
-> 172.16.1.104:21 |
|
|
Nov 30 21:55:47 |
IDS317 - FTP-site-exec |
141.223.222.143:4761
-> 172.16.1.104:21 |
|
|
Nov 30 22:0:32 |
spp_portscan |
End of portscan from
141.223.222.143: TOTAL time(4365s) hosts(8) TCP(8) UDP(0): |
|
|
Nov 30 22:30:56 |
IDS8 - TELNET -
daemon-active |
172.16.1.103:23 ->
207.239.115.11:1947 |
|
|
|
|
|
|
|
|
|
|