Re: Cracker angreb

• Next message: Niels Chr. Bank-Pedersen: "Re: Cracker angreb"
• Previous message: Sven Esbjerg: "Cracker angreb"
• In reply to: Sven Esbjerg: "Cracker angreb"
• Next in thread: Niels Chr. Bank-Pedersen: "Re: Cracker angreb"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Date: Tue, 10 Apr 2001 00:16:53 +0200
From: Jesper Skriver <none@jesper--skriver.dk.lh.bsd-dk.dk>
To: bsd-dk@BSD-Dk.dk
Subject: Re: Cracker angreb

On Mon, Apr 09, 2001 at 11:59:45PM +0200, Sven Esbjerg wrote:
> Jeg har indenfor den sidste og siddet og kigget lidt på scanninger efter at
> firmaet hvor jeg arbejder har sendt en prototype på nettet.
>
> Jeg får ca. 100 scanninger i timen på forskellige porte - mest 53,21,111
> etc. Hvad der er ubehageligt er at de kommer fra forskellige IP adresser.
> Jeg er pt. oppe på 11 forskellige amerikanske dial-up udbydere i dag. Jeg
> har set efter udsatte maskiner på nettet de sidste 2 års tid, men har ikke
> rigtigt været ude for noget lignende. Som regel har det været fra 1-2 IP
> adresser scanningerne kom fra i løbet af en dag.
>
> Nu er mit spørgsmål: Er der nogen af jer der oplever noget lignende? Jeg har
> et /25 subnet til min rådighed, men det burde ikke begrunde så mange
> scanninger.
>
> Hvad er jeres oplevelser?

At de er der, bare fra den sidste time i mit ydre filter ...

Det skal bemærkes at hverken 193.162.74.84 eller 193.162.74.212 normalt
bruges ...

Apr 9 23:00:22.995: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(35997), 1 packet
Apr 9 23:00:43.443: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(24221), 1 packet
Apr 9 23:00:53.037: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(18333), 1 packet
Apr 9 23:01:02.564: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(12445), 1 packet
Apr 9 23:01:50.732: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(48541), 1 packet
Apr 9 23:02:19.623: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(30877), 1 packet
Apr 9 23:02:38.709: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(19101), 1 packet
Apr 9 23:02:58.323: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(7325), 1 packet
Apr 9 23:04:06.986: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(31645), 1 packet
Apr 9 23:04:45.876: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(8093), 1 packet
Apr 9 23:05:05.395: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(61853), 1 packet
Apr 9 23:05:15.585: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(55965), 1 packet
Apr 9 23:05:45.563: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(38301), 1 packet
Apr 9 23:07:26.105: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(44957), 1 packet
Apr 9 23:09:26.526: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(39837), 1 packet
Apr 9 23:09:57.393: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(22173), 1 packet
Apr 9 23:10:27.538: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(4509), 1 packet
Apr 9 23:10:37.775: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(64157), 1 packet
Apr 9 23:12:10.528: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(11165), 1 packet
Apr 9 23:12:20.892: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(5277), 1 packet
Apr 9 23:12:31.606: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(64925), 1 packet
Apr 9 23:13:02.655: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(47261), 1 packet
Apr 9 23:13:34.030: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(29597), 1 packet
Apr 9 23:15:28.579: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(30365), 1 packet
Apr 9 23:16:41.876: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(54685), 1 packet
Apr 9 23:18:06.876: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(7581), 1 packet
Apr 9 23:18:49.349: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(49565), 1 packet
Apr 9 23:20:37.835: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(56221), 1 packet
Apr 9 23:21:11.075: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(38557), 1 packet
Apr 9 23:21:21.582: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 210.104.110.189(394) -> 193.162.74.212(13981), 1 packet
Apr 9 23:21:43.327: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(20893), 1 packet
Apr 9 23:22:26.693: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(62877), 1 packet
Apr 9 23:23:29.368: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(65437), 1 packet
Apr 9 23:23:47.605: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(59549), 1 packet
Apr 9 23:25:00.886: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(35997), 1 packet
Apr 9 23:25:20.881: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(30109), 1 packet
Apr 9 23:29:00.233: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(36765), 1 packet
Apr 9 23:30:30.418: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(13213), 1 packet
Apr 9 23:30:46.917: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(35997), 1 packet
Apr 9 23:31:15.784: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(1437), 1 packet
Apr 9 23:32:20.157: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(49309), 1 packet
Apr 9 23:32:41.346: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(43421), 1 packet
Apr 9 23:33:47.600: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(25757), 1 packet
Apr 9 23:34:19.967: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 210.104.110.189(394) -> 193.162.74.212(32413), 1 packet
Apr 9 23:35:52.550: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(55965), 1 packet
Apr 9 23:36:42.198: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(44189), 1 packet
Apr 9 23:38:00.963: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(20637), 1 packet
Apr 9 23:38:53.007: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(8861), 1 packet
Apr 9 23:39:29.929: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(62621), 1 packet
Apr 9 23:40:11.570: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(50845), 1 packet
Apr 9 23:42:00.845: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(21405), 1 packet
Apr 9 23:42:45.771: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(9629), 1 packet
Apr 9 23:44:16.444: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(51613), 1 packet
Apr 9 23:44:44.787: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(45725), 1 packet
Apr 9 23:45:29.241: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(33949), 1 packet
Apr 9 23:45:45.192: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(28061), 1 packet
Apr 9 23:46:51.129: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(10397), 1 packet
Apr 9 23:48:21.560: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.212(52381), 1 packet
Apr 9 23:49:38.725: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(414) -> 193.162.74.84(51613), 1 packet
Apr 9 23:54:52.886: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(493) -> 193.162.74.212(20637), 1 packet
Apr 9 23:56:09.457: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(493) -> 193.162.74.84(56733), 1 packet
Apr 9 23:57:59.291: %SEC-6-IPACCESSLOGP: list s0_in denied tcp 216.247.89.215(493) -> 193.162.74.212(15517), 1 packet

/Jesper

-- 
Jesper Skriver, jesper(at)skriver(dot)dk  -  CCIE #5456
Work:    Network manager   @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS2109 (A much smaller network ;-)
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.

• Next message: Niels Chr. Bank-Pedersen: "Re: Cracker angreb"
• Previous message: Sven Esbjerg: "Cracker angreb"
• In reply to: Sven Esbjerg: "Cracker angreb"
• Next in thread: Niels Chr. Bank-Pedersen: "Re: Cracker angreb"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:06 CET