Re: Network Probes

North American Network Operators Group

Re: Network Probes

From: Henry R. Linneweh
Date: Thu Mar 09 16:30:43 2000

Vitts Networks (NETBLK-VITT-1BLK)
                    77 Sundial Ave
                    Manchester, NH 03103
                    US

                    Netname: VITT-1BLK
                    Netblock: 216.64.0.0 - 216.64.127.255
                    Maintainer: VITT

                    Coordinator:
                       domreg  (DOM68-ORG-ARIN)  [email protected]
                       603-656-8000
              Fax - 603-656-8100

                    Domain System inverse mapping provided by:

                    NS1.VITTS.COM                216.64.31.76
                    NS2.VITTS.COM                216.64.117.21

                    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

                    Rwhois reassignment information for this block is
available at
                    rwhois.vitts.net 4321

                    Record last updated on 30-Nov-1999.
                    Database last updated on 9-Mar-2000 06:42:18 EDT.

Scott McGrath wrote:

> Hi,
>
> Has anyone else noticed probes against their network with a spoofed
> source address
> and Src (80) and Dst(2183)
>
> ---Snip.
> Mar  8 17:40:16: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 216.52.56.50(80) (Ser
> ial0 *PPP*) -> 216.64.1.198(2183), 1 packet
> .Mar  8 17:44:28: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 208.194.150.10(80) (S
> erial0 *PPP*) -> 216.64.1.142(2183), 1 packet
> .Mar  8 17:45:45: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 216.52.56.50(80) (Ser
> ial0 *PPP*) -> 216.64.1.198(2183), 3 packets
> .Mar  8 17:49:45: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 208.194.150.10(80) (S
> erial0 *PPP*) -> 216.64.1.142(2183), 2 packets
> .Mar  9 07:39:04: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 209.143.228.10(80) (S
> erial0 *PPP*) -> 216.64.1.82(2183), 1 packet
> .Mar  9 07:44:18: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 209.143.228.10(80) (S
> erial0 *PPP*) -> 216.64.1.82(2183), 9 packets
> .Mar  9 09:53:46: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 209.185.181.10(80) (S
> erial0 *PPP*) -> 216.64.1.227(2183), 1 packet
> .Mar  9 09:59:24: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 209.185.181.10(80) (S
> erial0 *PPP*) -> 216.64.1.227(2183), 9 packets
> .Mar  9 12:11:55: %SEC-6-IPACCESSLOGP: list 110 denied tcp 10.2.1.6(80)
> (Serial0
>  *PPP*) -> 216.64.1.144(1319), 1 packet
> .Mar  9 12:17:29: %SEC-6-IPACCESSLOGP: list 110 denied tcp 10.2.1.6(80)
> (Serial0
>  *PPP*) -> 216.64.1.144(1319), 8 packets
> .Mar  9 12:22:30: %SEC-6-IPACCESSLOGP: list 110 denied tcp 10.2.1.6(80)
> (Serial0
>  *PPP*) -> 216.64.1.144(1319), 4 packets
> ---snip
>
> Thanks

--
Thank you;
|--------------------------------------------|
| Thinking is a learned process so is UNIX   |
|--------------------------------------------|
Henry R. Linneweh

References:
- Network Probes Scott McGrath

Prev by Date: Re: Trojan Alert was: Check this
Next by Date: Re: Trojan Alert was: Check this
Date Index
Thread Index
Author Index
Historical