Alan, Not many, but enough to rise concern. Not to say these organizations are malicious, but they may be compromised. I usually make contact with the people and work through it with them. Often, if it's an ISP, you have script kiddies or bored computer science students messing around. However, there is always this sort of traffic before a major worm or virus, so we have to be careful these days. Rob -----Original Message----- From: Alan Wright [mailto:AlanJWrightat_private] Sent: Wednesday, October 17, 2001 1:28 PM To: robert.woods@percepta-crm.com Cc: incidentsat_private Subject: RE: Scans from Moscow I am going to snip most of my stuff out of this email and just leave yours in, I would think that incidents here is the best place for input. How many hits are you getting from each address? At 19:21 16/10/2001 -0400, you wrote: >Alan, > A little messy, but this is a list of my problems over the last week or >so, nothing from Russia though.. Do you know of a good site to enter in IP >addresses then receive a list of reports from other Administrators? Might >be a help to both of us and others. > > >28-Aug-01 Wiznet Inc. Toronto Ontario >Canada 216.129.216.36 http port scans >28-Aug-01 Wiznet Inc. Toronto Ontario >Canada 216.129.213.43.stott.wiznet.ca >http port scans >15-Oct-01 Wiznet Inc. Toronto Ontario >Canada 216.129.217.9 http port scans >15-Oct-01 Business Internet Inc. Tampa Florida United >States 216.0.151.158 >port 27374 scan >15-Oct-01 Kersur >Technologies Manchaug Massachusetes United States >216.129.158.18 http port scans >16-Oct-01 One Care New York New Yorl United >States 216.213.85.230 http port >scans >11-Oct-01 Taiwan Network Information >Centre Taipei Taiwan 202.39.29.198 >port 1080 scan >13-Oct-01 Acer Internet Services >Inc. Taipei Taiwan 210.67.84.6 printer >port scan >14-Oct-01 Korea Telecom Seoul Korea 211.220.193.214 >port 22452 scan >14-Oct-01 Korea Network Information >Centre Seocho-Dong Seocho-ku Korea >211.196.153.182 printer port scan >9-Oct-01 Korea Network Information >Centre Seocho-Dong Seocho-ku Korea >211.46.246.194 Exchange_ports_1 scan >9-Oct-01 Korea Network Information >Centre Seocho-Dong Seocho-ku Korea >211.196.153.182 printer port scan >10-Oct-01 Xi'an High Tech Development Xi'an City Shaanxi China >202.100.26.185 printer port scan >4-Oct-01 Shandong Qingdao Furuitai Chenxi Business >Co. Jinan Shandong China >202.110.195.88 printer port scan >10-Oct-01 DigiTel Communications Asia Ltd. Hong >Kong Hong Kong >202.122.224.234 Exchange_ports_1 scan >7-Oct-01 HanseNet Telefongesellschaft mbH & Co. >KG Hamburg Germany >213.191.86.21 printer port scan >7-Oct-01 HanseNet Telefongesellschaft mbH & Co. >KG Hamburg Germany >213.191.86.21 ftp port scan >7-Oct-01 HanseNet Telefongesellschaft mbH & Co. >KG Hamburg Germany >213.191.86.21 port 54681 scan >11-Oct-01 Apple Online London United >Kingdom 213.219.19.162 port 22 scan >(SSH) >5-Oct-01 BT ADSL Sandridge Hertfordshire United >Kingdom 213.123.146.178 port >1080 scan >5-Oct-01 BT ADSL Sandridge Hertfordshire United >Kingdom 213.123.146.178 ftp >port scan > > > > > >-----Original Message----- > >From: Alan Wright [mailto:AlanJWrightat_private] > >Sent: Sunday, October 14, 2001 3:11 PM > >To: security-basicsat_private > >Subject: Scans from Moscow > > > > > >Anyone else getting http probes out of Moscow College of Business > >Administration ? > >Second time this week from Moscow , both from 'organisations' > > > >All the best > > > >Alan > > > > > > > >Alan J Wright B.Sc(Hons)(Open) > >SMS +47624462772. > >Email AlanJWrightat_private > > foll478trapat_private > > > > > >'You're a feisty little one but you'll soon learn respect' > > > >Return of the Jedi > >All the best > >Alan > > > >Alan J Wright B.Sc(Hons)(Open) >SMS +47624462772. >Email AlanJWrightat_private > foll478trapat_private > > >'You're a feisty little one but you'll soon learn respect' > >Return of the Jedi All the best Alan Alan J Wright B.Sc(Hons)(Open) SMS +47624462772. Email AlanJWrightat_private foll478trapat_private 'You're a feisty little one but you'll soon learn respect' Return of the Jedi ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 11:14:10 PDT