Short summary of some of the attacks against us for December 2000 year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2000/12/02-16:27:19.00 193.251.86.109 (AToulouse-201-1-1-109.abo.wanadoo.fr) scan net for port 21 2000/12/03-17:55:11.26 63.215.116.196 (dialup-63.215.116.196.Chicago1.Level3.net) scan net for ports 139,445 2000/12/07-21:32:48.19 212.150.51.90 (Israel) DNS zone transfer for cs.ohiou.edu 2000/12/08-07:00:29.24 194.29.224.10:6666 (gigabell.net-irc reserved space) slow scan of our net, misc ports 2000/12/08-09:50:37.17 194.208.82.96 (194-208-082-096.TELE.NET) scan net for port 21/anon ftp servers. 2000/12/08-13:38:37.34 209.67.57.2:53 (ww2.hoster.com) dns server attack against boss and seorf all day 2000/12/08-22:51:22.44 149.149.206.61 (Tennessee Technological Univ.) MISC-WinGate-1080-Attempt 2000/12/08-22:51:22.75 149.149.206.61 (Tennessee Technological Univ.) WinGate-8080-Attempt 2000/12/08-22:51:24.74 149.149.206.61 (Tennessee Technological Univ.) Sun RPC high port access 2000/12/08-22:51:26.46 149.149.206.61 (Tennessee Technological Univ.) NT INETINFO.EXE 100% CPU Utilization against seorf 2000/12/08-22:51:53.62 149.149.206.61 (Tennessee Technological Univ.) RPC Info Query 2000/12/09-00:11:25.92 210.252.150.7 (alt.n-anet.com) scan net for port 111 2000/12/09-05:53:58.48 209.67.57.2:53 (ww2.hoster.com) dns server attack against boss and seorf again today 2000/12/09-10:30:20.04 202.64.161.195 (Hong Kong Supernet Ltd) scan net for port 111 2000/12/10-05:03:39.75 193.251.31.183 (APh-Aug-101-1-2-183.abo.wanadoo.fr) scan net for port 21/anon ftp servers. 2000/12/10-06:00:17.44 209.67.57.2:53 (ww2.hoster.com) dns server attack against boss and seorf again today 2000/12/11-23:30:23.11 24.179.30.222 (@Home Network) scan net for port 21/anon ftp 2000/12/12-19:16:39.91 157.228.35.30 (info-services-3.sunderland.ac.uk) scan net for port 110 2000/12/15-20:01:27.12 204.209.9.10 (unknown.remote.net) traceroute bart 2000/12/15-20:01:28.75 207.102.83.2 (mag-net.com) tradceroute bart 2000/12/15-20:01:29.07 194.182.148.146 (news01.inet.tele.dk) traceroute bart 2000/12/15-20:01:29.74 212.107.32.146 (www.ee) tracroute bart 2000/12/15-20:01:32.91 193.56.58.251 (valerian.glou.eu.org) traceroute bart 2000/12/15-20:01:32.97 194.213.224.2 (Scretchy.Czech.Net) traceroute bart 2000/12/15-20:01:33.09 194.235.29.119 (forest.globalip.ch) traceroute bart 2000/12/15-20:01:33.46 205.134.166.2 (ultrauk.tradenet.it) tracroute bart 2000/12/15-20:01:36.37 158.64.1.39 (faramir.restena.lu) traceroute bart 2000/12/15-20:01:36.79 195.2.127.124 (ir.delfi.lv) tracroute bart 2000/12/15-20:01:37.61 206.124.164.10 (trojan.neta.com) traceroute bart 2000/12/15-20:01:37.69 204.209.81.1 (doctor.nl2k.ab.ca) traceroute bart 2000/12/15-20:01:38.57 203.50.1.77 (tcruskit.telstra.net) tracroute bart 2000/12/15-20:01:39.17 192.189.54.59 (myponga.connect.com.au) traceroute bart 2000/12/15-20:01:40.12 194.129.209.14 (smtp.shellnet.co.uk) traceroute bart 2000/12/15-20:01:42.36 130.150.20.11 (thor.csu.net) traceroute bart 2000/12/15-20:01:42.65 198.202.76.58 (webfarm8.sdsc.edu) tracroute bart 2000/12/15-20:01:42.79 63.107.223.163 (host163.psitech.com) traceroute bart 2000/12/15-20:01:43.86 217.15.134.73 (big.innet.yaroslavl.su) tracroute bart 2000/12/15-20:01:44.77 192.70.252.8 (einstein.franklin.edu) tracerouter bart 2000/12/15-20:01:45.11 198.128.2.28 (netdb3.es.net) tracroute bart 2000/12/15-20:01:45.50 209.67.207.13 (herndon10.his.com) traceroute bart 2000/12/15-20:01:46.17 207.126.96.163 (www.above.net) traceroute bart 2000/12/15-20:01:47.33 207.126.97.22 (www.bungi.com) traceroute bart 2000/12/15-20:01:50.47 206.252.193.20 (Stealth Communications,New traceroute bartYork, NY)tracroute bart 2000/12/15-20:01:50.85 128.104.208.20 (spleen.medicine.wisc.edu) tracroute bart 2000/12/15-20:01:52.22 192.135.189.20 (picspc01.pics.com) tracerouter bart 2000/12/15-20:01:54.15 194.44.61.33 (donetsk.ua) traceroute bart 2000/12/15-20:01:55.30 193.166.0.65 (seitti.funet.fi) traceroute bart 2000/12/15-20:01:55.37 204.59.152.196 (hercules.gip.net) traceroute bart 2000/12/15-20:01:55.72 208.138.204.11 (moose.erie.net) tracroute bart 2000/12/15-20:01:57.04 63.64.190.159 (Aworldwidemall.com Alexandris, VA,US) traceroute bart 2000/12/15-20:01:57.37 204.177.184.254 (The iserv Company,Grandville, MI, US) tracroute bart 2000/12/15-20:01:57.68 205.217.210.1 (p3.acadia.net) tracroute bart 2000/12/15-20:01:57.74 206.132.105.74 (public.yahoo.com) traceroute bart 2000/12/15-20:01:59.05 205.197.248.25 (cpcug.org) traceroute bart 2000/12/15-20:02:01.93 199.170.88.39 (www-01.io.com) tracroute bart 2000/12/15-20:02:03.10 194.235.29.119 (forest.globalip.ch) traceroute bart 2000/12/15-20:02:16.07 216.171.14.34 (Stealth Communications,New traceroute bartYork, NY)tracroute bart 2000/12/15-20:02:34.14 204.119.27.10 (gateway.wvi.com) tracroute bart 2000/12/15-20:02:56.21 205.142.28.7 (zeus.lyceum.com) traceroute bart 2000/12/16-06:06:14.79 64.225.249.26 (Interland, Inc., Atlanta, GA) SPAM via 132.235.16.228 2000/12/16-16:41:14.70 200.39.221.89 (Network Information Center Mexico) scan net for port 110 2000/12/17-02:21:12.84 132.235.63.5 (dhcp-063-005.cns.ohiou.edu) scan multiple machiens for ports 55559,43768,54253 2000/12/17-17:16:04.75 63.204.46.38 (adsl-63-204-46-38.dsl.lsan03.pacbell.net) attack 132.235.15.76 w/ telnetd attack. 2000/12/17-23:30:59.24 4.34.155.70 (evrtwa1-ar4-155-070.biz.dsl.gtei.net) scannet for port 21 2000/12/18-01:56:38.43 132.235.63.5 (dhcp-063-005.cns.ohiou.edu) scan multiple machiens for ports 55559,43768,54253,137 2000/12/18-13:01:06.50 216.33.35.214 (EXODUS.NET) bang on port 1024 boss and ace 2000/12/18-13:01:06.51 209.249.97.40 (Abovenet Communications,, CA, USA) and other times - bang on port 1024 boss 2000/12/18-13:01:06.51 64.37.200.46 (Exodus.net) and other times - bang on port 1024 boss and ace 2000/12/18-13:01:06.53 216.220.39.42 (Myna Communications Inc, CA, USA) bang on port 1024 boss and ace 2000/12/18-13:01:06.54 216.35.167.58 (EXODUS.NET) bang on port 1024 boss and ace 2000/12/18-13:01:06.55 216.34.68.2 (EXODUS.NET) bang on port 1024 boss and ace 2000/12/18-13:01:06.56 64.14.200.154 (Exodus.net) and other times - bang on port 1024 boss and ace 2000/12/18-13:01:06.58 208.184.162.71 (208.184.162.71.mirror-image.com) and other times - bang on port 1024 boss and ace 2000/12/18-13:01:06.58 212.78.160.237 (S12-0-0-MAD-IA27AR01.ams.nl.colt.net-Amsterdam) bang on port 1024 boss and ace 2000/12/18-13:01:06.59 62.26.119.34 (Mirror-Image Internet,Stockholm,SE) and other times - bang on port 1024 boss and ace 2000/12/18-13:01:06.61 194.213.64.150 (SE-TELENORDIA, SE) and other times - bang on port 1024 boss and ace 2000/12/18-13:01:08.59 212.23.225.98 (Mirror Image Internet,Stockholm,SE) bang on port 1024 boss and ace 2000/12/18-13:01:10.33 194.205.125.26 (Internet Network Services, GB) and other times - bang on port 1024 boss and ace 2000/12/18-16:37:50.71 195.232.111.70 (par-qbu-gpb-vty70.as.wcom.net - FR) scan net for port 111 2000/12/18-16:46:07.34 212.211.8.13 (mfs-pci-bqi-vty13.as.wcom.net-GB) scan net for port 111 2000/12/18-19:44:07.79 195.114.239.55 (apollo-hrlm0307.multiweb.net- The Netherlands) scan net for port 21 2000/12/18-19:53:15.07 213.76.138.97 (bronek.bronowski.pl) scan net for port 80 2000/12/18-19:53:29.68 213.76.138.97 (bronek.bronowski.pl) scan net for port 13 2000/12/20-01:49:48.39 24.147.254.200 (choppy.ne.mediaone.net) attemp login to 132.235.17.1 using 2 stollen passwds via ftp 2000/12/20-01:50:18.39 24.147.254.200 (choppy.ne.mediaone.net) 1. login to 132.235.17.1 using stollen passwd via telnet 2000/12/20-01:50:18.39 24.147.254.200 (choppy.ne.mediaone.net) 2. ftp bnc.c from quake.h2k.org(coke/ib6ub9123) 2000/12/20-01:50:18.39 24.147.254.200 (choppy.ne.mediaone.net) 3. failed to compile it. ftp binary from quake.h2k.org. exec failed. 2000/12/20-01:50:18.39 24.147.254.200 (choppy.ne.mediaone.net) 4. telnet irc.cais.com port 6668, irc user die die die nick die 2000/12/20-01:50:18.39 24.147.254.200 (choppy.ne.mediaone.net) 5. join #madness, whine to Deleted for a bnc channel 2000/12/20-01:50:18.39 24.147.254.200 (choppy.ne.mediaone.net) 6. Told to go to subseven.mine.nu; join #birthday fuckoff 2000/12/20-06:29:01.48 212.211.70.23 (fra-pci-lai-vty23.as.wcom.net) scan net for port 21 2000/12/20-22:00:53.10 211.44.188.66 (Comtech Multimedia Inc, SEOUL, LR) scan net for port 111 2000/12/20-22:32:06.36 211.44.188.66 (Comtech Multimedia Inc, SEOUL, LR) scan net for port 21 2000/12/20-23:13:52.37 64.230.31.233 (HSE-Toronto-ppp261548.sympatico.ca) scan net for port 21 2000/12/21-13:40:30.51 64.229.250.204 (HSE - QUEBEC, Canada) scan net for port 1080 2000/12/21-13:43:50.17 64.229.250.204 (HSE-Sherbrooke-ppp78999.qc.sympatico.ca) scan net for port 1080 2000/12/21-15:50:17.21 209.249.97.40 (Abovenet Communications,San Jose, CA) probe port 1024 on ace 2000/12/21-15:50:17.21 216.33.35.214 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-15:50:17.21 216.35.167.58 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-15:50:17.21 64.37.200.46 (Exodus Communications Inc, Santa Clara, CA) probe port 1024 on ace 2000/12/21-15:50:17.23 216.220.39.42 (42.39.220-216.q9.net) probe port 1024 on ace 2000/12/21-15:50:17.26 208.184.162.71 (208.184.162.71.mirror-image.com) probe port 1024 on ace 2000/12/21-15:50:17.26 216.34.68.2 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-15:50:17.26 64.14.200.154 (Exodus Communications Inc, Santa Clara, CA) probe port 1024 on ace 2000/12/21-15:50:17.29 212.23.225.98 (Mirror Image Internet,GB for COLT Telecommunications Zurich) probe port 1024 on ace 2000/12/21-15:50:17.29 212.78.160.237 (S12-0-0-MAD-IA27AR01.ams.nl.colt.net) probe port 1024 on ace 2000/12/21-15:50:17.29 62.26.119.34 (Mirror Image Internet,Sweden) probe port 1024 on ace 2000/12/21-15:50:17.32 194.213.64.150 (Telenordia AB, SWEDEN) probe port 1024 on ace 2000/12/21-15:50:21.16 209.249.97.40 (Abovenet Communications,San Jose, CA) probe port 1024 on ace 2000/12/21-15:50:21.16 216.33.35.214 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-15:50:21.16 64.37.200.46 (Exodus Communications Inc, Santa Clara, CA) probe port 1024 on ace 2000/12/21-15:50:21.17 216.35.167.58 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-15:50:21.18 216.220.39.42 (42.39.220-216.q9.net) probe port 1024 on ace 2000/12/21-15:50:21.20 216.34.68.2 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-15:50:21.20 64.14.200.154 (Exodus Communications Inc, Santa Clara, CA) probe port 1024 on ace 2000/12/21-15:50:21.22 208.184.162.71 (208.184.162.71.mirror-image.com) probe port 1024 on ace 2000/12/21-15:50:21.23 212.78.160.237 (S12-0-0-MAD-IA27AR01.ams.nl.colt.net) probe port 1024 on ace 2000/12/21-15:50:21.24 212.23.225.98 (Mirror Image Internet,GB for COLT Telecommunications Zurich) probe port 1024 on ace 2000/12/21-15:50:21.24 62.26.119.34 (Mirror Image Internet,Sweden) probe port 1024 on ace 2000/12/21-15:57:42.60 212.242.139.216 (port76.dbc-ro.dsl.cybercity.dk) scannet for port 80 2000/12/21-15:58:04.66 212.242.139.216 (port76.dbc-ro.dsl.cybercity.dk) scannet for port 111 2000/12/21-16:52:07.69 64.14.200.154 (Exodus Communications Inc, Santa Clara, CA) probe port 1024 on ace 2000/12/21-16:52:07.70 64.37.200.46 (Exodus Communications Inc, Santa Clara, CA) probe port 1024 on ace 2000/12/21-16:52:07.71 208.184.162.71 (208.184.162.71.mirror-image.com) probe port 1024 on ace 2000/12/21-16:52:07.71 216.34.68.2 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-16:52:07.71 216.35.167.58 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-16:52:07.72 209.249.97.40 (Abovenet Communications,San Jose, CA) probe port 1024 on ace 2000/12/21-16:52:07.72 216.220.39.42 (42.39.220-216.q9.net) probe port 1024 on ace 2000/12/21-16:52:07.72 216.33.35.214 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-16:52:07.80 194.205.125.26 (Cable and Wireless UK) probe port 1024 on ace 2000/12/21-16:52:07.80 212.23.225.98 (Mirror Image Internet,GB for COLT Telecommunications Zurich) probe port 1024 on ace 2000/12/21-16:52:07.80 212.78.160.237 (S12-0-0-MAD-IA27AR01.ams.nl.colt.net) probe port 1024 on ace 2000/12/21-16:52:07.81 62.26.119.34 (Mirror Image Internet,Sweden) probe port 1024 on ace 2000/12/21-16:52:07.83 194.213.64.150 (Telenordia AB, SWEDEN) probe port 1024 on ace 2000/12/21-16:52:09.54 64.14.200.154 (Exodus Communications Inc, Santa Clara, CA) probe port 1024 on ace 2000/12/21-16:52:09.55 216.34.68.2 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-16:52:09.55 216.35.167.58 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-16:52:09.55 64.37.200.46 (Exodus Communications Inc, Santa Clara, CA) probe port 1024 on ace 2000/12/21-16:52:09.56 208.184.162.71 (208.184.162.71.mirror-image.com) probe port 1024 on ace 2000/12/21-16:52:09.56 216.33.35.214 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-16:52:09.57 216.220.39.42 (42.39.220-216.q9.net) probe port 1024 on ace 2000/12/21-16:52:09.58 209.249.97.40 (Abovenet Communications,San Jose, CA) probe port 1024 on ace 2000/12/21-16:52:09.64 212.78.160.237 (S12-0-0-MAD-IA27AR01.ams.nl.colt.net) probe port 1024 on ace 2000/12/21-16:52:09.65 194.205.125.26 (Cable and Wireless UK) probe port 1024 on ace 2000/12/21-16:52:09.65 212.23.225.98 (Mirror Image Internet,GB for COLT Telecommunications Zurich) probe port 1024 on ace 2000/12/21-16:52:09.65 62.26.119.34 (Mirror Image Internet,Sweden) probe port 1024 on ace 2000/12/21-16:52:09.68 194.213.64.150 (Telenordia AB, SWEDEN) probe port 1024 on ace 2000/12/21-16:52:11.12 209.249.97.40 (Abovenet Communications,San Jose, CA) probe port 1024 on ace 2000/12/21-16:52:11.13 216.33.35.214 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-16:52:11.13 216.35.167.58 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-16:52:11.13 64.37.200.46 (Exodus Communications Inc, Santa Clara, CA) probe port 1024 on ace 2000/12/21-16:52:11.15 216.220.39.42 (42.39.220-216.q9.net) probe port 1024 on ace 2000/12/21-16:52:11.18 208.184.162.71 (208.184.162.71.mirror-image.com) probe port 1024 on ace 2000/12/21-16:52:11.18 216.34.68.2 (Mirror Image Internet,Woburn, MA) probe port 1024 on ace 2000/12/21-16:52:11.18 64.14.200.154 (Exodus Communications Inc, Santa Clara, CA) probe port 1024 on ace 2000/12/21-16:52:11.20 194.205.125.26 (Cable and Wireless UK) probe port 1024 on ace 2000/12/21-16:52:11.20 212.78.160.237 (S12-0-0-MAD-IA27AR01.ams.nl.colt.net) probe port 1024 on ace 2000/12/21-16:52:11.21 212.23.225.98 (Mirror Image Internet,GB for COLT Telecommunications Zurich) probe port 1024 on ace 2000/12/21-16:52:11.21 62.26.119.34 (Mirror Image Internet,Sweden) probe port 1024 on ace 2000/12/21-16:52:11.24 194.213.64.150 (Telenordia AB, SWEDEN) probe port 1024 on ace 2000/12/21-16:52:11.99 194.213.64.150 (Telenordia AB, SWEDEN) probe port 1024 on ace 2000/12/21-17:42:44.00 212.21.225.27 (ISP provider in Navarra, SPAIN) attmpts to login to 132.235.1.[1,2] w stollen passwds 2000/12/21-18:53:55.34 24.72.25.114 (static24-72-25-114.reverse.accesscomm.ca) scan net for port 111,hack various services 2000/12/22-13:58:34.20 64.40.196.84 (dynip-64-40-196-84.cmh.netset.com) bang on port 20000 on boss 2000/12/23-00:23:25.03 38.27.184.12 (ip12.baton-rouge5.la.pub-ip.psi.net) portscan ace, boss 2000/12/23-00:42:49.04 38.27.184.12 (ip12.baton-rouge5.la.pub-ip.psi.net) Stacheldraht client-check-gag - IDS194 2000/12/23-01:04:36.02 38.27.184.12 (ip12.baton-rouge5.la.pub-ip.psi.net) start specific probe of ace/boss on 111,23,113,32778,22,137,514 2000/12/23-01:16:04.71 38.27.184.12 (ip12.baton-rouge5.la.pub-ip.psi.net) use tftp protocols to access root directory 2000/12/23-01:16:13.09 38.27.184.12 (ip12.baton-rouge5.la.pub-ip.psi.net) attack with multiple web server attacks 2000/12/23-01:27:24.68 38.27.184.12 (ip12.baton-rouge5.la.pub-ip.psi.net) IDS278 - SCAN -named Version probe 2000/12/23-01:54:45.10 38.27.184.12 (ip12.baton-rouge5.la.pub-ip.psi.net) portmap probes, mountd attacks, 2000/12/24-08:32:14.71 202.185.45.51 (Universiti Kebangsaan Malays) scannet for port 111, buff overflow attacks... 2000/12/24-23:42:30.49 64.229.250.139 (HSE - QUEBEC, Canada) scan net for port 1080 2000/12/26-01:03:37.23 194.221.64.3 (GEDIK, Muenchen, DE) scan net for port 111, buff overflow attacks... 2000/12/26-23:16:43.55 24.26.110.215 (ubr-26.110.215.deltona.cfl.rr.com) scan net for port 111 2000/12/27-10:02:33.29 212.211.6.29 (mfs-pci-bqh-vty29.as.wcom.net) pound on boss with sadmind buff overflow attack 2000/12/27-19:49:13.75 4.41.34.117 (crtntx1-ar6-034-117.dsl.gtei.net) DNS- zone transfer of ent.ohiou.edu 2000/12/27-20:07:51.16 4.41.34.117 (crtntx1-ar6-034-117.dsl.gtei.net) attempt to use 132.235.15.1 to relay mail 2000/12/27-21:36:50.02 133.62.220.108 (pointer popai.mis.edu.yamaguchi-u.ac.jp) scan net for port 21 2000/12/27-22:42:25.52 63.105.89.4 (Chance Telecom, MIAMI, FL, US) scan net for port 111, buff overflow attacks... 2000/12/28-14:18:25.53 129.174.124.123 (palpc1.scs.gmu.edu) scan net for port 111 2000/12/31-05:38:43.82 62.36.170.70 (usuario1-36-170-70.dialup.uni2.es) moron tries to ftp to ace w/ stollen passwds 2000/12/31-06:03:13.74 213.73.158.25 (Sonera Nederland B.V.,Netherland) scannet for port 21