Re: Everything and the kitchen sink.

From: Hugo van der Kooij (hvdkooijat_private)
Date: Mon Aug 27 2001 - 14:22:53 PDT

Next message: Michael J. Cannon: "Re: Code Red - A Possible Origin?"

Previous message: Hugo van der Kooij: "Re: Weird Incoming IP's and port numbers."
In reply to: Sebastian Ip: "Everything and the kitchen sink."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 25 Aug 2001, Sebastian Ip wrote:

> Eh yeah I have no idea why this is happening. I don't go on IRC and all i did
> today was play Day of Defeat online. I didn't think i pissed anyone off cause
> i haven't port scanned anyone.
>
> But here's a short cut from my dshield report it's all from the same ip.
>
>
> Aug 25 22:39:09 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
> SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
> ID=22132 PROTO=TCP SPT=1080 DPT=4239 WINDOW=0 RES=0x00 ACK RST URGP=0
> Aug 25 22:39:11 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
> SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
> ID=22285 PROTO=TCP SPT=1080 DPT=4236 WINDOW=0 RES=0x00 ACK RST URGP=0
> Aug 25 22:39:11 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
> SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
> ID=22287 PROTO=TCP SPT=1080 DPT=4237 WINDOW=0 RES=0x00 ACK RST URGP=0
> Aug 25 22:39:11 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
> SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
> ID=22316 PROTO=TCP SPT=1080 DPT=4126 WINDOW=0 RES=0x00 ACK RST URGP=0
> Aug 25 22:39:12 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
> SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
> ID=22355 PROTO=TCP SPT=1080 DPT=4239 WINDOW=0 RES=0x00 ACK RST URGP=0
> Aug 25 22:39:12 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
> SRC=212.117.195.110D ST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
> ID=22382 PROTO=TCP SPT=1080 DPT=4240 WINDOW=0 RES=0x00 ACK RST URGP=0
> Aug 25 22:39:14 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
> SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
> ID=22501 PROTO=TCP SPT=1080 DPT=4238 WINDOW=0 RES=0x00 ACK RST URGP=0
> Aug 25 22:39:15 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
> SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
> ID=22581 PROTO=TCP SPT=1080 DPT=4240 WINDOW=0 RES=0x00 ACK RST URGP=0

I guess you see a noisy nmap scan. The DNS info is quite funny:
110.195.117.212.IN-ADDR.ARPA is a nickname for
110.96/27.195.117.212.IN-ADDR.ARPA

I suggest you send a complaint with full log to:

inetnum:      212.117.195.96 - 212.117.195.128
netname:      SYNECTA-CH
descr:        SYNECTA
country:      CH
admin-c:      CB14336-RIPE
tech-c:       MK10485-RIPE
status:       ASSIGNED PA
notify:       mkellerat_private
mnt-by:       BACKBONE-CH-MNT
changed:      mkellerat_private 20010515
source:       RIPE

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooijat_private		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Michael J. Cannon: "Re: Code Red - A Possible Origin?"
Previous message: Hugo van der Kooij: "Re: Weird Incoming IP's and port numbers."
In reply to: Sebastian Ip: "Everything and the kitchen sink."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 08:11:03 PDT