I 've had four of these hit within a couple hours. All five scans look identical to the log below and only targeting one host on my network. Scans have only come from two hosts. Anyone else seeing something similar all the sudden? I've seen alot of subnet sweeps for individual vulnerabilities, but not many of these. Apr 20 19:32:41 212.33.170.30:36600 -> x.y.z.169:23 SYN ******S* Apr 20 19:32:41 212.33.170.30:5611 -> x.y.z.169:21 SYN ******S* Apr 20 19:32:41 212.33.170.30:7612 -> x.y.z.169:22 SYN ******S* Apr 20 19:32:41 212.33.170.30:32598 -> x.y.z.169:1080 SYN ******S* Apr 20 19:32:41 212.33.170.30:38601 -> x.y.z.169:143 SYN ******S* Apr 20 19:32:41 212.33.170.30:40602 -> x.y.z.169:6000 SYN ******S* Apr 20 19:32:41 212.33.170.30:42603 -> x.y.z.169:110 SYN ******S* Apr 20 19:32:41 212.33.170.30:44604 -> x.y.z.169:111 SYN ******S* Apr 20 19:32:41 212.33.170.30:46605 -> x.y.z.169:52 SYN ******S* Apr 20 19:32:41 212.33.170.30:48606 -> x.y.z.169:79 SYN ******S* Apr 20 19:32:41 212.33.170.30:50607 -> x.y.z.169:53 SYN ******S* Apr 20 19:32:41 212.33.170.30:52608 -> x.y.z.169:2766 SYN ******S* Apr 20 19:32:41 212.33.170.30:54609 -> x.y.z.169:139 SYN ******S* Apr 20 19:32:41 212.33.170.30:3610 -> x.y.z.169:25 SYN ******S* Apr 20 19:32:41 212.33.170.30:9613 -> x.y.z.169:114 SYN ******S* Apr 20 19:32:41 212.33.170.30:11614 -> x.y.z.169:1114 SYN ******S* Apr 20 19:32:41 212.33.170.30:13615 -> x.y.z.169:1 SYN ******S* Apr 20 19:32:41 212.33.170.30:15616 -> x.y.z.169:6001 SYN ******S* -- ~~~~~~~~~~~~~~~ Sean R. Brown - srbrownat_private System Administrator Applied Geographics, Inc. Boston, MA
This archive was generated by hypermail 2b30 : Sun Apr 22 2001 - 13:54:33 PDT