*SHORT* summary of some of the attacks against us for Apr. 2012 Just too many scans and not enough time to keep the list up all the time counts are for times foreign ip accessed us in 24 hrs so... some of the more intersting/annoying attacks, or 1 day samples are here year attacked MULTIPLE IPs time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2012/04/01-04:21:23 91.232.58.3 attack MULTIPLE IPs 862774 times brute force passwd attacks 2012/04/01-12:09:22 200.52.40.73 attack MULTIPLE IPs 159 times brute force passwd attacks 2012/04/01-13:35:19 219.235.228.67 attack p2 267 times brute force passwd attacks 2012/04/01-15:46:30 64.247.82.148 attack p1 8 times brute force password attacks 2012/04/01-16:22:24 182.236.164.11 attack MULTIPLE IPs 19 times brute force password attacks 2012/04/02-17:13:22.598419 180.173.163.43 attack 132.235.2.22 : 23 brute forcd passwd attack on root, admin 2012/04/02-19:08:24 27.255.64.35 attack MULTIPLE IPs 277 timesbrute force password attacks 2012/04/03-00:14:06 59.60.7.111 attack MULTIPLE IPs 41 timesbrute force password attacks 2012/04/03-06:58:46 41.224.12.133 attack MULTIPLE IPs 67 times brute force passwd attack 2012/04/03-16:40:34 180.186.74.94 attack MULTIPLE IPs 595 times brute force passwd attack 2012/04/03-21:29:17 72.55.153.172 attack MULTIPLE IPs 66 times brute force passwd attack 2012/04/04-06:32:20.301789 190.136.176.156 attack 132.235.4.130 : 3306 3952 times mysql brute force password attack on root 2012/04/04-14:02:10 220.165.13.131 attack MULTIPLE IPs 1911 times brute force passwd attack 2012/04/04-15:25:41.275618 31.184.244.27 attack 132.235.1.249 : 80 1407 times multiple POST commands of supposed pdf files 2012/04/04-19:05:25 46.28.64.94 attack MULTIPLE IPs 9926 times brute force passwd attack 2012/04/04-23:21:03.55 89.32.85.149 attack 132.235.39.156:21 296 times brute force passwd attck on root 2012/04/05-05:32:24.206059 60.248.19.128 attack 132.235.1.25 : 23 brute force passwd attck on root 2012/04/05-08:05:10 173.203.200.22 attack MULTIPLE IPSs 32 times brute force passwd attack 2012/04/05-10:15:03 175.22.0.195 attack MULTIPLE IPSs 100 times brute force passwd attack 2012/04/05-16:25:00 124.238.214.83 attack MULTIPLE IPSs 535 times brute force passwd attack 2012/04/05-21:01:35 46.28.64.94 attack MULTIPLE IPSs 11134 times brute force passwd attack 2012/04/06-02:22:15 198.82.146.73 attack MULTIPLE IPSs 58636 times brute force passwd attack 2012/04/06-04:21:16 198.82.146.73 attack MULTIPLE IPSs 63914 times brute force passwd attack 2012/04/06-06:03:41 118.218.219.201 attack MULTIPLE IPSs 118889 times brute force passwd attack 2012/04/06-08:28:00 118.218.219.201 access blocked due to brute force password attacks 2012/04/06-08:28:00 198.82.146.73 access blocked due to brute force password attacks 2012/04/06-11:27:37 211.239.162.79 attack MULTIPLE IPSs 54 times brute force passwd attack 2012/04/06-15:48:34 59.60.7.111 attack MULTIPLE IPSs 29 times brute force passwd attack 2012/04/06-19:05:18 58.215.187.15 attack MULTIPLE IPSs 4 times brute force passwd attack 2012/04/06-21:10:56 119.161.162.185 attack MULTIPLE IPSs 4 times brute force passwd attack 2012/04/06-22:08:52 124.31.204.98 attack MULTIPLE IPSs 2061 times brute force passwd attack 2012/04/07-03:57:32.784228 188.124.18.141 attack 132.235.4.130 : 3306 24 times brute force password attack on mysql 2012/04/07-11:41:09.873614 92.240.68.152 proxy probe 132.235.3.157 : 80 host: www.holidaymotel.net attacked MULTIPLE IPs GET http://www.holidaymotel.net/Thunder.jpg 2012/04/07-17:58:55 123.215.30.134 attack MULTIPLE IPSs 170 times brute force passwd attack 2012/04/07-21:59:06.377144 84.113.234.122 attack 132.235.1.250 : 23 brute force passwd attack 2012/04/08-02:37:42.082751 60.28.101.163 proxy probe 132.235.1.32 : 80 host: www.sciencedirect.com attacked MULTIPLE IPs GET http://www.sciencedirect.com/science/journal/03088146 2012/04/08-08:22:06.878541 60.249.19.163 attack 132.235.1.25 : 23 brute force passwd attack on root 2012/04/08-19:50:26 184.57.79.237 attack p1 24 times brute force passwd attack 2012/04/09-02:42:17.541558 41.206.15.40 probe MULTIPLE IPs :25 23 times with commands XXXX ROOT and VRFY ROOT 2012/04/09-02:43:28 41.206.15.40 attack MULTIPLE IPSs : 21 2051 times brute force passwd attack 2012/04/09-02:47:19 41.206.15.40 attack MULTIPLE IPSs : pop 4412 times brute force passwd attack 2012/04/09-02:48:10.442242 41.206.15.36 attack MULTIPLE IPSs : 25 11 times with commands XXXX ROOT and VRFY ROOT 2012/04/09-03:05:09 41.206.15.36 attack MULTIPLE IPSs : pop 20473 times brute force passwd attack 2012/04/09-03:05:16 41.206.15.36 attack MULTIPLE IPSs : ftp 2513 times brute force passwd attack 2012/04/09-04:23:24 41.206.15.40 attack MULTIPLE IPs : pop 16679 times brute force password attacks 2012/04/09-06:13:27.953248 41.206.15.40 attack MULTIPLE IPSs : 25 14 times with commands XXXX ROOT and VRFY ROOT 2012/04/09-06:38:12 91.215.218.139 attack MULTIPLE IPs : 22 7978 times brute force password attacks 2012/04/09-09:54:31.283643 41.206.15.37 probe MULTIPLE IPs :25 73061 with commands XXXX ROOT and VRFY ROOT 2012/04/09-09:54:40 41.206.15.37 attack MULTIPLE IPs : pop 34549 times brute force password attacks 2012/04/09-10:00:41.327652 41.206.15.37 attack MULTIPLE IPSs : 25 5 times with commands XXXX ROOT and VRFY ROOT 2012/04/09-13:10:59 41.206.15.42 attack MULTIPLE IPs : pop 2634 times brute force password attacks 2012/04/10-02:45:27 59.60.7.111 attack MULTIPLE IPs : 22 66 times brute force password attacks 2012/04/10-16:50:07 69.172.137.26 attack MULTIPLE IPs : 22 155556 times brute force password attacks 2012/04/10-20:36:12 218.29.131.164 attack MULTIPLE IPs : 22 1812 times brute force password attacks 2012/04/10-20:36:12 218.29.131.164 attack MULTIPLE IPs : 22 22650 times brute force password attacks 2012/04/11-03:00:50 121.200.63.131 attack MULTIPLE IPs : 22 143 times brute force password attacks 2012/04/11-08:17:23 177.83.194.152 : 22 attacked MULTIPLE IPs attack MULTIPLE IP brute force passwd attack blocked at switch 2012/04/11-12:21:24 59.120.145.8 attack MULTIPLE IPs 100 times brute force password attacks 2012/04/11-20:37:38.880225 108.198.83.201 attack 132.235.2.22 : 23 brute force passwd attack on root/admin 2012/04/12-11:22:42.323613 83.177.211.39 attack 132.235.1.250 : 23 brute force passwd attack on root/admin 2012/04/12-16:45:46 187.50.184.26 attack MULTIPLE IPs: 22 94 times brute force password attacks 2012/04/13-10:18:54 59.60.7.111 attacked MULTIPLE IPS : 22 56 times brute force passwd attack 2012/04/13-11:50:48 222.58.151.68 attacked MULTIPLE IPS : 22 79 times brute force passwd attack 2012/04/13-14:14:26 41.75.212.22 attacked MULTIPLE IPS : 22 14647 times brute force passwd attack 2012/04/13-14:14:26 41.75.212.23 attacked MULTIPLE IPS : 22 14801 times brute force passwd attack 2012/04/13-14:14:26 41.75.212.24 attacked MULTIPLE IPS : 22 14907 times brute force passwd attack 2012/04/13-14:14:26 41.75.212.25 attacked MULTIPLE IPS : 22 15076 times brute force passwd attack 2012/04/13-14:14:28 41.75.212.XX attack MULTIPLE IPs: 22 blocked at switch 2012/04/13-15:52:30 124.238.214.90 attacked MULTIPLE IPS : 22 50 times brute force passwd attack 2012/04/13-20:06:48 114.57.56.96 attacked MULTIPLE IPS : 22 1223 times brute force passwd attack 2012/04/14-04:14:31 156.54.108.162 attacked MULTIPLE IPS : 22 3375 times brute force passwd attack 2012/04/14-04:25:11 156.54.108.162 attacked MULTIPLE IPS : 22 679 times brute force passwd attack 2012/04/14-07:24:59 176.34.22.221 attacked athena : 22 14 times brute force passwd attack 2012/04/14-14:40:27 130.185.108.36 attacked MULTIPLE IPS : 22 101 times brute force passwd attack 2012/04/14-17:26:27 59.60.7.111 attacked MULTIPLE IPS : 22 15 times brute force passwd attack 2012/04/15-08:49:14 122.72.9.19 attacked MULTIPLE IPS : 22 2205 times brute force passwd attack 2012/04/16-03:24:05 212.252.106.146 attacked MULTIPLE IPS : 22 2060 times brute force passwd attack 2012/04/16-04:50:04.398224 210.220.163.143 attacked 132.235.1.249 : 23 brute force passwd attack 2012/04/16-14:17:19 200.199.116.126 attacked MULTIPLE IPS : 22 44 times brute force passwd attack 2012/04/17-07:39:42 211.239.162.79 attacked big.seorf.ohiou.edu : 22 54 times brute force password attack 2012/04/17-08:15:01 124.238.214.90 attacked MULTIPLE IPS : 22 244 times brute force password attack 2012/04/17-15:16:17.847086 93.137.215.21 attacked 132.235.2.22 : 23 brute force password attack on root 2012/04/18-00:40:23 64.247.124.210 attacked p1 : 22 20 times brute force password attack 2012/04/18-02:41:03.329557 218.61.18.138 attacked 132.235.4.130 : 3306 4 4 times brute force password attack 2012/04/18-13:25:44 192.114.170.62 attacked p3 267 times brute force passwd attacks 2012/04/18-16:45:20 121.10.140.215 attacked MULTIPLE IPS : 22 2156 times brute force passwd attacks 2012/04/18-17:29:09 194.78.96.169 attacked MULTIPLE IPS : 22 27773 times brute force passwd attacks 2012/04/20-12:22:50 41.133.110.208 attacked excalibur 267 times brute force password attacks 2012/04/21-10:02:31 119.10.114.50 attacked MULTIPLE IPS : 22 385 times brute force password attacks 2012/04/21-21:46:54 184.57.122.14 attacked px1 4 times brute force password attacks 2012/04/22-03:53:16 118.192.65.71 attacked MULTIPLE IPS : 22 70 times brute force password attacks 2012/04/22-07:13:41 72.55.153.172 attacked MULTIPLE IPS : 22 8698 times brute force password attacks 2012/04/22-12:44:53 180.191.68.221 attacked big.seorf.ohiou.edu : 22 677 times brute force password attacks 2012/04/23-07:43:34 64.34.170.218 attacked MULTIPLE IPS : pop 409 times brute force password attacks 2012/04/23-14:25:02 175.41.16.58 attacked MULTIPLE IPS : 22 2 times brute force password attacks 2012/04/23-16:02:19 31.3.153.131 attacked MULTIPLE IPS : 22 206 times brute force password attacks 2012/04/23-17:13:30 76.193.199.14 attacked MULTIPLE IPS : 22 141 times brute force password attacks 2012/04/23-22:09:34 222.58.151.68 attacked MULTIPLE IPS : 22 204 times brute force password attacks 2012/04/24-05:20:32.103527 24.88.112.183 attacked 132.235.1.250 : 23 brute force password attack on root 2012/04/24-07:54:21.199158 61.156.236.90 attacked 132.235.2.22 : 23 brute force password attack on root 2012/04/25-05:52:50 125.64.38.158 attacked MULTIPLE IPS : 22 660 times brute force password attack 2012/04/25-12:35:06 173.197.52.172 attacked MULTIPLE IPS : 22 34 times brute force password attack 2012/04/25-16:54:39 221.204.254.140 attacked MULTIPLE IPS : 22 98 times brute force password attack 2012/04/25-18:43:36 61.155.178.242 attacked MULTIPLE IPS : 22 7 times brute force password attack 2012/04/25-20:21:10 184.57.77.212 attacked p1 : 22 5 times brute force password attack 2012/04/26-00:26:01 118.97.130.182 attacked p3 : 22 268 times brute force password attack 2012/04/26-00:36:25 114.255.41.88 attacked MULTIPLE IPS : 22 173 times brute force password attack 2012/04/26-07:10:25 79.170.7.102 attacked MULTIPLE IPS : 22 99 time brute force password attacs 2012/04/26-08:27:10 61.155.178.242 attacked MULTIPLE IPS : 22 6 time brute force password attacs 2012/04/26-09:15:10 46.166.136.109 attacked MULTIPLE IPS : 22 28 time brute force password attacs 2012/04/26-12:13:20 130.185.156.60 attacked 132.235.1.1 : 22 589 time brute force password attacs 2012/04/26-15:15:12 95.173.148.166 attacked MULTIPLE IPS : 22 146 time brute force password attacs 2012/04/26-15:15:12 95.173.148.166 attacked MULTIPLE IPS : 25 62 times with EXPN root and VRFY root commands 2012/04/26-16:13:14.986763 130.185.156.60 2 99 time brute force password attacs 2012/04/27-05:15:52 193.0.236.201 attacked athena : 22 268 times brute force password attacks failures for ssh target athena 2012/04/27-16:09:21 137.146.205.207 attacked MULTIPLE IPs : 22 131 times brute force password attacks failures for ssh target MULTIPLE IPs 2012/04/28-12:55:08.61 58.253.75.18 attacked 132.235.1.249:21 2 times brute force password attack on 2012/04/28-18:02:13.873690 202.38.113.140 attacked 132.235.1.249 : 23 brute force password attack on root 2012/04/28-18:04:25.482375 49.65.192.247 attacked 132.235.1.249 : 23 brute force password attack on root 2012/04/29-01:05:12 82.194.67.68 attacked ace : 22 2 times brute force password attacks failures for ssh target ace 2012/04/29-06:36:12 210.51.54.137 attacked p3 : 22 395 times brute force password attacks failures for ssh target p3 2012/04/29-06:42:33 91.200.55.14 attacked MULTIPLE IPs : 22 132 times brute force password attacks failures for ssh target MULTIPLE IPs 2012/04/29-09:30:59.236978 202.129.187.187 attacked 132.235.1.25 : 23 brute force password attack on root 2012/04/29-16:45:08.204719 61.231.223.6 attacked MULTIPLE IPS : 3306 406 times brute force password attack on mysql 2012/04/29-21:53:48 64.247.72.109 attacked p1 : 22 3 times brute force password attacks failures for ssh target p1 2012/04/30-02:09:27 118.97.130.182 attacked excalibur : 22 268 times brute force password attacks failures for ssh target excalibur 2012/04/30-02:51:32 200.54.176.90 attacked ace : 22 2 times brute force password attacks failures for ssh target ace 2012/04/30-03:57:44 83.247.68.141 attacked MULTIPLE IPs : 22 1412 times brute force password attacks failures for ssh target MULTIPLE IPs 2012/04/30-05:59:26 77.79.220.136 attacked MULTIPLE IPs : 22 41483 times brute force password attack 2012/04/30-07:43:00 77.79.220.136 attack MULTIPLE IPS : 22 attacked MULTIPLE IPs blocked at switches 2012/04/30-07:46:13 46.228.204.178 attacked MULTIPLE IPs : pop 395 times brute force password attack 2012/04/30-09:13:43 184.34.60.129 attacked boss : 22 33 times brute force password attack 2012/04/30-09:15:35 184.34.60.129 blocked at switch after multiple pop mail brute force password attacks 2012/04/30-09:36:45 210.245.80.44 attacked MULTIPLE IPs : 22 7104 times brute force password attack 2012/04/30-10:15:50 210.245.80.44 blocked at switch after multiple pop mail brute force password attacks 2012/04/30-20:33:29 58.215.172.230 attacked MULTIPLE IPs : 22 31870 times brute force password attack 2012/04/30-22:48:10 82.194.67.68 attacked ace : 22 2 times brute force password attack