Scanning from a "intruder.rs88.net"?

From: Simos Xenitellis (simosat_private)
Date: Sat May 26 2001 - 15:46:57 PDT

Next message: Jason Lewis: "RE: Scanning from a "intruder.rs88.net"?"

Previous message: Golden_Eternity: "RE: SYN/ACK to port 53"
Reply: Jason Lewis: "RE: Scanning from a "intruder.rs88.net"?"
Reply: Matthew Jonkman: "Re: Scanning from a "intruder.rs88.net"?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear All,
	Checking my logfiles, I noticed that the IP
208.50.149.200 (intruder.rs88.net) came up several times.
To be precise:
(time is in GMT+0000)

May 20 11:51:26 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=3981 PROTO=UDP SPT=137
DPT=137 LEN=58
May 20 11:51:28 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=10381 PROTO=UDP SPT=137
DPT=137 LEN=58
May 21 12:39:24 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=38375 PROTO=UDP SPT=137
DPT=137 LEN=58
May 21 12:39:26 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=45287 PROTO=UDP SPT=137
DPT=137 LEN=58
May 22 13:40:34 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=11946 PROTO=UDP SPT=137
DPT=137 LEN=58
May 25 19:29:13 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=30730 PROTO=UDP SPT=137
DPT=137 LEN=58
May 15 04:54:06 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=110 ID=15511 PROTO=UDP SPT=137
DPT=137 LEN=58
May 15 04:54:09 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=110 ID=38039 PROTO=UDP SPT=137
DPT=137 LEN=58
May 16 06:32:21 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=65464 PROTO=UDP SPT=137
DPT=137 LEN=58
May 16 06:32:24 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=16057 PROTO=UDP SPT=137
DPT=137 LEN=58
May 19 10:22:44 myhost kernel: IN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:00:20:da:ec:c6:b9:08:00 SRC=208.50.149.200
DST=x.x.x.x LEN=78 TOS=0x00 PREC=0x00 TTL=109 ID=56924 PROTO=UDP SPT=137
DPT=137 LEN=58

I would not be worried about it if www.rs88.net did not have the text of
"permission-based marketing on the Internet, sending personalized messages
from companies to their customers".

I sent them an e-mail to their "abuse" e-mail account but did not receive
an explanation (over a week ago).

simos

Next message: Jason Lewis: "RE: Scanning from a "intruder.rs88.net"?"
Previous message: Golden_Eternity: "RE: SYN/ACK to port 53"
Reply: Jason Lewis: "RE: Scanning from a "intruder.rs88.net"?"
Reply: Matthew Jonkman: "Re: Scanning from a "intruder.rs88.net"?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat May 26 2001 - 23:44:37 PDT