Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Attempted port scans.

From: steve () SECURESOLUTIONS ORG (Steve)
Date: Tue, 11 Jan 2000 22:39:55 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Check this out guys.  I seem to get these once or twice a day on my
test machines.  They are in a lab but exposed to the net.  I run
Nukenabber on them and it blocks their scans and gives me this log.

I wonder, is there any point to me following up with ISPs on this
type of thing?  Obviously the person didn't get anywhere.

Maybe its time to put in that FW-1 installation on my test
network..........

- -Steve

============

[01/11/2000 18:48:42.410 GMT-0700] ICMP monitoring started.
[01/11/2000 18:48:43.460 GMT-0700] Ready using port 5001 (tcp).
[01/11/2000 18:48:43.570 GMT-0700] Ready using port 5000 (tcp).
[01/11/2000 18:48:43.620 GMT-0700] Ready using port 1080 (tcp).
[01/11/2000 18:48:43.680 GMT-0700] Ready using port 1032 (tcp).
[01/11/2000 18:48:43.730 GMT-0700] Ready using port 1029 (tcp).
[01/11/2000 18:48:43.900 GMT-0700] Ready using port 1027 (tcp).
[01/11/2000 18:48:44.010 GMT-0700] Ready using port 139 (tcp).
[01/11/2000 18:48:44.010 GMT-0700] Ready using port 138 (tcp).
[01/11/2000 18:48:44.060 GMT-0700] Ready using port 137 (tcp).
[01/11/2000 18:48:44.170 GMT-0700] Ready using port 129 (tcp).
[01/11/2000 18:48:44.340 GMT-0700] Ready using port 53 (tcp).
[01/11/2000 18:48:44.560 GMT-0700] Ready using port 19 (udp).
[01/11/2000 18:59:47.290 GMT-0700] Connection: 200.196.84.155 on port
1080 (tcp).
[01/11/2000 18:59:47.950 GMT-0700] 
[01/11/2000 18:59:48.000 GMT-0700] Port 1080 (tcp) is now disabled
for 90 seconds.
[01/11/2000 19:01:20.280 GMT-0700] Port 1080 (tcp) is re-enabled.

- ----------------

[01/11/2000 18:59:48.060 GMT-0700]Report Generated for 200.196.84.155
TraceRoute:
0 POWERBOX (0.0.0.0)
1 57.54.46.56 (57.54.46.56)
2 10.127.3.2 (10.127.3.2)
3 tac01-enet0.rtr.agt.net (198.80.54.202)
4 192.168.3.9 (192.168.3.9)
5 REGIONAL2.tac.net (205.233.111.67)
5 POWERBOX (0.0.0.0)
6 REGIONAL2.tac.net (205.233.111.67)
7 117.ATM3-0.XR1.CHI6.ALTER.NET (146.188.209.178)
8 191.ATM3-0.TR1.CHI4.ALTER.NET (146.188.208.246)
9 106.ATM7-0.TR1.NYC1.ALTER.NET (146.188.136.150)
10 199.ATM6-0.XR1.NYC1.ALTER.NET (146.188.178.177)
11 195.ATM1-0-0.HR1.NYC1.ALTER.NET (146.188.177.85)
12 Serial8-0-0.SR1.TTN1.ALTER.NET (137.39.30.125)
13 Embra-gw.customer.alter.net (157.130.30.66)
14 ebt-P1-0-gsr01.rjo.embratel.net.br (200.255.197.98)
15 ebt-A12-0-0-1-dist02.rjo.embratel.net.br (200.255.197.109)
16 ebt-F4-0-acc02.rjo.embratel.net.br (200.255.197.42)
16 POWERBOX (0.0.0.0)
17 ebt-F4-0-acc02.rjo.embratel.net.br (200.255.197.42)
17 POWERBOX (0.0.0.0)
18 ebt-F4-0-acc02.rjo.embratel.net.br (200.255.197.42)
19 b21155.dial-rjo2.impsat.com.br (200.196.84.155)
TraceRoute Complete.

Finger:
Finger Timed Out.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOHwTqzLmOb9TzessEQI17QCfSUYi6EiewMii/qjzrqaDBtiLwfAAoJ2M
AXMFaU0ni6xKpj1+EQDmFsl4
=Z7Q4
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: