Hi, I had two scans last night from two different machines with some indication that they were searching for backdoors. One scan included ingreslock & 1008 the other one just 1008. Might be that the cisco's logging, which is rate-limited, did not catchup all tested ports. But the similarities between the two scans is stunning. ScanA: ===== Repeated access detected from 210.121.173.1 to A.B.C.133 Apr 28 05:10:55 ... 100 denied tcp 210.121.173.1(3000) -> A.B.C.133(29369), 2 packets Apr 28 05:09:55 ... 100 denied tcp 210.121.173.1(2706) -> A.B.C.133(10008), 3 packets Apr 28 05:05:16 ... 100 denied tcp 210.121.173.1(2527) -> A.B.C.133(8282), 3 packets Apr 28 05:05:13 ... 100 denied tcp 210.121.173.1(2420) -> A.B.C.133(6635), 3 packets Apr 28 05:05:10 ... 100 denied tcp 210.121.173.1(2196) -> A.B.C.133(1524), 3 packets Apr 28 05:05:03 ... 100 denied tcp 210.121.173.1(2994) -> A.B.C.133(22252), 1 packet Apr 28 05:04:59 ... 100 denied tcp 210.121.173.1(2912) -> A.B.C.133(12754), 1 packet Apr 28 05:04:51 ... 100 denied tcp 210.121.173.1(2782) -> A.B.C.133(11753), 1 packet Apr 28 05:04:48 ... 100 denied tcp 210.121.173.1(2706) -> A.B.C.133(10008), 1 packet Apr 28 05:04:45 ... 100 denied tcp 210.121.173.1(2652) -> A.B.C.133(9705), 1 packet Apr 28 05:04:41 ... 100 denied tcp 210.121.173.1(2603) -> A.B.C.133(9112), 1 packet Apr 28 05:04:38 ... 100 denied tcp 210.121.173.1(2527) -> A.B.C.133(8282), 1 packet Apr 28 05:04:35 ... 100 denied tcp 210.121.173.1(2476) -> A.B.C.133(6723), 1 packet Apr 28 05:04:31 ... 100 denied tcp 210.121.173.1(2420) -> A.B.C.133(6635), 1 packet Apr 28 05:04:28 ... 100 denied tcp 210.121.173.1(2365) -> A.B.C.133(5300), 1 packet Apr 28 05:04:25 ... 100 denied tcp 210.121.173.1(2312) -> A.B.C.133(3879), 1 packet Apr 28 05:04:22 ... 100 denied tcp 210.121.173.1(2261) -> A.B.C.133(2400), 1 packet Apr 28 05:04:17 ... 100 denied tcp 210.121.173.1(2191) -> A.B.C.133(1008), 1 packet ScanB: ===== Repeated access detected from 213.76.211.50 to X.Y.Z.6 Apr 27 23:07:53 ... 100 denied tcp 213.76.211.50(2648) -> X.Y.Z.6(11753), 3 packets Apr 27 23:06:52 ... 100 denied tcp 213.76.211.50(2196) -> X.Y.Z.6(2400), 4 packets Apr 27 23:03:05 ... 100 denied tcp 213.76.211.50(2577) -> X.Y.Z.6(10008), 2 packets Apr 27 23:02:57 ... 100 denied tcp 213.76.211.50(2336) -> X.Y.Z.6(6723), 3 packets Apr 27 23:02:33 ... 100 denied tcp 213.76.211.50(2329) -> X.Y.Z.6(6635), 3 packets Apr 27 23:02:28 ... 100 denied tcp 213.76.211.50(2245) -> X.Y.Z.6(3879), 3 packets Apr 27 23:02:23 ... 100 denied tcp 213.76.211.50(2846) -> X.Y.Z.6(29369), 1 packet Apr 27 23:02:20 ... 100 denied tcp 213.76.211.50(2841) -> X.Y.Z.6(22252), 1 packet Apr 27 23:02:16 ... 100 denied tcp 213.76.211.50(2777) -> X.Y.Z.6(12754), 1 packet Apr 27 23:02:09 ... 100 denied tcp 213.76.211.50(2648) -> X.Y.Z.6(11753), 1 packet Apr 27 23:02:05 ... 100 denied tcp 213.76.211.50(2577) -> X.Y.Z.6(10008), 1 packet Apr 27 23:02:01 ... 100 denied tcp 213.76.211.50(2523) -> X.Y.Z.6(9705), 1 packet Apr 27 23:01:58 ... 100 denied tcp 213.76.211.50(2467) -> X.Y.Z.6(9112), 1 packet Apr 27 23:01:54 ... 100 denied tcp 213.76.211.50(2402) -> X.Y.Z.6(8282), 1 packet Apr 27 23:01:50 ... 100 denied tcp 213.76.211.50(2336) -> X.Y.Z.6(6723), 1 packet Apr 27 23:01:49 ... 100 denied tcp 213.76.211.50(2313) -> X.Y.Z.6(5300), 1 packet Apr 27 23:01:45 ... 100 denied tcp 213.76.211.50(2245) -> X.Y.Z.6(3879), 1 packet Apr 27 23:01:41 ... 100 denied tcp 213.76.211.50(2196) -> X.Y.Z.6(2400), 1 packet Apr 27 23:01:37 ... 100 denied tcp 213.76.211.50(2122) -> X.Y.Z.6(1008), 1 packet Regards, Jens Hektor
This archive was generated by hypermail 2b30 : Sat Apr 28 2001 - 11:08:46 PDT