My list of default.ida connection attempts

From: Sean Kelly (listsat_private)
Date: Sat Jul 21 2001 - 14:57:46 PDT

  • Next message: Powers, James L.: "RE: ANOTHER possible Windows problem?"

    Hi,
    
    	Listed below are the 256 unique hosts who have so far apparently
    attempted to use default.ida to compromise my systems:
    
    06-064.008.popsite.net
    141.31.147.21
    143.107.77.6
    154.11.201.8
    165.112.74.7
    165.254.113.251
    166.142.182.155
    167-zara-x13.libre.retevision.es
    192.58.248.133
    193.105.52.7
    193.122.42.130
    193.127.39.202
    193.159.182.67
    193.165.173.83
    193.251.156.122
    193.72.209.131
    194.123.64.93
    194.158.29.148
    194.219.244.188
    194.52.62.45
    194.79.169.7
    194.79.198.121
    199.103.239.219
    200.24.4.229
    200.255.249.225
    202.101.100.208
    202.133.134.225
    202.156.0.10
    202.212.96.139
    202.234.61.221
    202.64.221.210
    202.76.88.130
    203.227.204.203
    206.107.98.66
    206.233.202.90
    206.234.124.19
    207.137.149.152
    207.68.188.26
    207.68.190.207
    208.132.198.200
    208.62.21.114
    209-63-189-128.sea.jps.net
    209.104.180.155
    209.171.214.100
    209.236.171.42
    209.241.255.18
    209.250.20.70
    209.98.92.1
    210.103.159.4
    210.103.161.143
    210.111.5.75
    210.116.116.144
    210.122.82.33
    210.126.141.232
    210.129.168.15
    210.15.13.252
    210.176.42.145
    210.184.40.49
    210.201.73.170
    210.242.157.253
    210.242.180.76
    210.52.222.248
    210.52.252.109
    211.163.53.18
    211.193.49.89
    211.21.250.210
    211.42.183.123
    211.57.110.13
    211.72.72.144
    212.154.23.98
    212.234.28.25
    212.58.14.190
    212.62.14.172
    213-99-120-81.uc.nombres.ttd.es
    213.188.95.37
    213.219.48.181
    213.238.130.210
    213.69.108.242
    213.82.131.140
    217.58.179.166
    38.138.109.183
    38.139.17.31
    38.144.193.39
    38.150.127.225
    38.161.199.157
    38.164.93.49
    38.170.183.226
    38.193.198.66
    38.196.141.213
    38.232.214.200
    38.240.119.21
    61-216-24-230.hinet-ip.hinet.net
    61-216-26-74.hinet-ip.hinet.net
    61-216-5-17.hinet-ip.hinet.net
    61-216-91-233.hinet-ip.hinet.net
    61-217-108-91.hinet-ip.hinet.net
    61-217-212-215.hinet-ip.hinet.net
    61-218-112-116.hinet-ip.hinet.net
    61.120.66.245
    61.129.112.62
    61.133.78.103
    61.140.118.193
    61.140.71.101
    61.140.90.95
    61.141.gd.cn
    61.142.132.132
    61.158.61.212
    61.164.230.194
    61.170.138.142
    61.182.69.223
    61.216.125.164
    61.32.250.98
    62-50-1-127.adam.psi.com
    62.110.67.10
    62.40.13.49
    62.46.249.221
    62.46.254.176
    62.47.12.130
    63.170.162.11
    63.171.233.17
    64.152.192.228
    64.159.92.145
    64.213.159.86
    65.169.208.15
    65.194.146.14
    66-42-92-33.stkn.dialup.shasta.com
    98warp110.newtel.com
    a165-173.netpoly.net
    a213-84-34-220.adsl.xs4all.nl
    adsl-138-89-91-11.nnj.adsl.bellatlantic.net
    adsl-63-203-40-5.dsl.snfc21.pacbell.net
    adsl-65-64-192-245.dsl.rcsntx.swbell.net
    adsl-65-67-190-90.dsl.rcsntx.swbell.net
    adsl-66-120-176-78.dsl.sntc01.pacbell.net
    adsl-stati-rmki-27.globetrotter.net
    afontenayssb-103-1-3-206.abo.wanadoo.fr
    alille-201-1-1-118.abo.wanadoo.fr
    alille-203-1-1-216.abo.wanadoo.fr
    arc10x119.kcnet.com
    ast-lambert-101-1-4-87.abo.wanadoo.fr
    astrasbourg-201-1-5-164.abo.wanadoo.fr
    barz98so239001.cip.sowi.uni-bamberg.de
    c224137.ap.plala.or.jp
    ca10040870-f.toro1.na.psigh.com
    cajun02-port01.cajunnet.com
    carriker57-51.qni.com
    cleartrac1.xs4all.nl
    clt56-120-034.carolina.rr.com
    cp48024-a.mill1.lb.nl.home.com
    cpfcu.com
    cs2416760-125.houston.rr.com
    cs6625141-225.austin.rr.com
    cs6668144-51.austin.rr.com
    cs6668160-198.austin.rr.com
    cstrike.kdupg.edu.my
    cx1205316-d.cv1.sdca.home.com
    dial-218.211.denco.rmi.net
    dial-90.90.cosco.rmi.net
    dial-c1-access-161.dockpoint.net
    dialup-64.156.152.91.dial1.losangeles1.level3.net
    dialup16-11.telenet.net
    dyn-078.loisirquebec.qc.ca
    ed111.eastnet.ecu.edu
    emscoet.apk.net
    esk-exch.eskandar.com
    exchange.intelli.no
    formazione.irsa.net
    ftp.firstebusiness.co.uk
    h16-210-64-128.greatweb.net.tw
    h66-59-186-161.gtconnect.net
    host-209-214-53-134.mgm.bellsouth.net
    host-209-214-53-90.mgm.bellsouth.net
    host-209-214-68-97.atl.bellsouth.net
    host197.pcplus.com
    host217-32-135-66.hg.mdip.bt.net
    host217-32-148-19.hg.mdip.bt.net
    host217-32-158-230.hg.mdip.bt.net
    host217-34-91-96.btopenworld.com
    host62-6-122-81.host.btclick.com
    hse-toronto-ppp3487556.sympatico.ca
    integrityds.com
    ip25.selena.kherson.ua
    ip623.boanxx6.adsl.tele.dk
    ip73.indianapolis14.in.pub-ip.psi.net
    joyce.apis.com.tw
    kelkoo4.zoomit.com
    kim-bs.de
    kor051.kohrman.wmich.edu
    m283p010.dipool.highway.telekom.at
    marlboro.digitinc.co.jp
    n005.bellac.co.jp
    n354p021.adsl.highway.telekom.at
    neon1.vb.cbs.nl
    node-64-249-79-104.dslspeed.zyan.com
    ool-18bada5b.dyn.optonline.net
    p0096.spl.euronet.nl
    p3e9ba7a6.dip.t-dialin.net
    p3e9bf45c.dip.t-dialin.net
    p3e9d557b.dip.t-dialin.net
    p3e9e1111.dip.t-dialin.net
    p3e9ec375.dip.t-dialin.net
    p3ee03e5a.dip.t-dialin.net
    p3ee04537.dip.t-dialin.net
    p3ee24e24.dip.t-dialin.net
    p3ee29c1a.dip.t-dialin.net
    pandora-qe0.wits.ac.za
    pd900217a.dip.t-dialin.net
    pd90055af.dip.t-dialin.net
    pd900c742.dip.t-dialin.net
    pd900f195.dip.t-dialin.net
    pd9028127.dip.t-dialin.net
    pd902a53a.dip.t-dialin.net
    pd9501f38.dip.t-dialin.net
    pd9502576.dip.t-dialin.net
    pd9510dbd.dip.t-dialin.net
    pd95153f6.dip.t-dialin.net
    pd9519318.dip.t-dialin.net
    pd9525961.dip.t-dialin.net
    pd9525ad9.dip.t-dialin.net
    pd955c387.dip.t-dialin.net
    pd95876c6.dip.t-dialin.net
    pd9e20897.dip.t-dialin.net
    pd9e48f3c.dip.t-dialin.net
    pd9e60e79.dip.t-dialin.net
    pm4-36.cyg.net
    pool0739.cvx20-bradley.dialup.earthlink.net
    ppp009.ts.co.nz
    pubs.cals.arizona.edu
    puser409.hn.ah163.net
    qdialup103.phnx.uswest.net
    qtweb.financialtec.com
    quickmail.luxmodernis.com
    r209-47-dsl.sea.lightrealm.net
    ras5-p145.jlm.netvision.net.il
    roanoke1-ubr2-4-hfc-0251-d1da5c67.rdc1.va.coxatwork.com
    server1.moneypros.com
    smtp.medfoci.com
    spadenet8.spade.net
    swentapp002.swchsc.on.ca
    sys55.jobsite.co.uk
    toulouse-1-a7-41-20.dial.proxad.net
    user-1120jdo.dsl.mindspring.com
    user-2ivf8nu.dialup.mindspring.com
    user-38ldmgi.dialup.mindspring.com
    useraf95.uk.uudial.com
    va-charlottesville3a-849.chr.adelphia.net
    wbkfs.wbk.uni-karlsruhe.de
    www.guycarp.com
    www.integratedvisions.com
    www.ouchi.ne.jp
    www.recoveryplanner.com
    www.sepak-bola.cache.twimm.net
    www.stfrancissd.com
    www.valry.fi
    zaphod.joe.de
    zlatoust.ijs.si
    
    	Thanks,
    
    --
    Sean Kelly
    
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 13:00:58 PDT