Over the last 24 hours my Windows 98 Home PC has been repeatedly scanned from a single IP address. The IP address is registed to an IP Block that belongs to the brother of SEC33's Kelvin. I wonder if they are looking for my family vacation pictures? Maybe I am running the spider on my Win 98 Box? Maybe they are trying to break into my 98 box to try and VPN back into my employers network? I am an employee of a company that Kelvin seems to have a large amount of hate for. I am not sure what they are doing but I will contact their upstream provider on Monday and produce my logs. Kelvin is an ex employee of the company that he is consistantly spewing trash about and he has some very big personal problems. The question is, why is he so mad at his former employer? Why do any of the real security people on this web site listen and respond to his trash? Why do they quote him in articles on this site? He's a script kiddie that is mad at his ex employer. Here is a cut of the log for anyone who cares: FWIN,2001/07/28,12:06:22 -5:00 GMT,209.198.133.194:3007,66.68.168.38:876,TCP (flags:S) FWIN,2001/07/28,12:06:22 -5:00 GMT,209.198.133.194:3008,66.68.168.38:2020,TCP (flags:S) FWIN,2001/07/28,12:06:22 -5:00 GMT,209.198.133.194:3009,66.68.168.38:1433,TCP (flags:S) FWIN,2001/07/28,12:06:22 -5:00 GMT,209.198.133.194:3010,66.68.168.38:334,TCP (flags:S) FWIN,2001/07/28,12:06:22 -5:00 GMT,209.198.133.194:3011,66.68.168.38:241,TCP (flags:S) FWIN,2001/07/28,12:06:27 -5:00 GMT,209.198.133.194:3012,66.68.168.38:909,TCP (flags:S) FWIN,2001/07/28,12:06:27 -5:00 GMT,209.198.133.194:3013,66.68.168.38:406,TCP (flags:S) FWIN,2001/07/28,12:06:27 -5:00 GMT,209.198.133.194:3014,66.68.168.38:315,TCP (flags:S) FWIN,2001/07/28,12:06:27 -5:00 GMT,209.198.133.194:3015,66.68.168.38:2111,TCP (flags:S) FWIN,2001/07/28,12:06:27 -5:00 GMT,209.198.133.194:3016,66.68.168.38:5011,TCP (flags:S) FWIN,2001/07/28,12:06:27 -5:00 GMT,209.198.133.194:3017,66.68.168.38:828,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3018,66.68.168.38:1355,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3019,66.68.168.38:895,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3020,66.68.168.38:766,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3021,66.68.168.38:332,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3022,66.68.168.38:363,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3023,66.68.168.38:882,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3024,66.68.168.38:1537,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3025,66.68.168.38:1022,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3026,66.68.168.38:581,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3027,66.68.168.38:470,TCP (flags:S) FWIN,2001/07/28,12:06:28 -5:00 GMT,209.198.133.194:3028,66.68.168.38:593,TCP (flags:S) P.S. Loyal, remember this line: "The prosecution would like to enter into evidence logs from an employees home pc" You will have a chance to hear it. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:27:17 PDT