*SHORT* summary of some of the attacks against us for July. 2003 Just too many scans and not enough time to keep the list up all the time so... some of the more intresting scans/attacks, or 1 day samples are here year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2003/07/05-05:55:46.85 65.200.151.115 (New England Linen Supply Co., New Haven,CT) large attack againts MSSQL 2003/07/08-03:10:55.40 172.182.17.190 (ACB611BE.ipt.aol.com) 1. attack pc via WEBDAV. created script file to ftp server from 2003/07/08-03:10:55.40 172.182.17.190 (ACB611BE.ipt.aol.com) 2. 172.182.17.190 port 999 login/passwd Stro/Stro 2003/07/17-05:08:13.93 202.101.10.182 (Shanghai Telecom Co. Qingpu Telecom Breaure,CN) telent buff overflow attacks 2003/07/23-06:38:09.12 213.118.250.32 (D576FA20.kabel.telenet.be) 1. hacked 132.235.16.174 via IIS. ftp to 195.120.127.250 user/pass 2003/07/23-06:38:09.12 213.118.250.32 (D576FA20.kabel.telenet.be) 2. of trans/fer get inetservice.exe JAsfv.dll JAsfv.ini kill.exe 2003/07/23-06:38:09.12 213.118.250.32 (D576FA20.kabel.telenet.be) 3. later login from 161.53.40.77 to fill hacked dirs.