RE: Scans from Moscow

From: Robert Woods (robert.woods@percepta-crm.com)
Date: Wed Oct 17 2001 - 10:51:12 PDT

  • Next message: Peter Kruse: "SV: More info on DarkMachine"

    Alan,
      Not many, but enough to rise concern.  Not to say these organizations are
    malicious, but they may be compromised.  I usually make contact with the
    people and work through it with them.  Often, if it's an ISP, you have
    script kiddies or bored computer science students messing around.  However,
    there is always this sort of traffic before a major worm or virus, so we
    have to be careful these days.
    
    Rob
    
    
    -----Original Message-----
    From: Alan Wright [mailto:AlanJWrightat_private]
    Sent: Wednesday, October 17, 2001 1:28 PM
    To: robert.woods@percepta-crm.com
    Cc: incidentsat_private
    Subject: RE: Scans from Moscow
    
    
    I am going to snip most of my stuff out of this email and just leave yours
    in,
    I would think that incidents here is the best place for input.
    How many hits are you getting from each address?
    
    
    
    
    
    
    
    
    At 19:21 16/10/2001 -0400, you wrote:
    >Alan,
    >   A little messy, but this is a list of my problems over the last week or
    >so, nothing from Russia though..  Do you know of a good site to enter in IP
    >addresses then receive a list of reports from other Administrators?  Might
    >be a help to both of us and others.
    >
    >
    >28-Aug-01       Wiznet Inc.     Toronto Ontario
    >Canada  216.129.216.36  http port scans
    >28-Aug-01       Wiznet Inc.     Toronto Ontario
    >Canada  216.129.213.43.stott.wiznet.ca
    >http port scans
    >15-Oct-01       Wiznet Inc.     Toronto Ontario
    >Canada  216.129.217.9   http port scans
    >15-Oct-01       Business Internet Inc.  Tampa   Florida United
    >States   216.0.151.158
    >port 27374 scan
    >15-Oct-01       Kersur
    >Technologies     Manchaug        Massachusetes   United States
    >216.129.158.18  http port scans
    >16-Oct-01       One Care        New York        New Yorl        United
    >States   216.213.85.230  http port
    >scans
    >11-Oct-01       Taiwan Network Information
    >Centre       Taipei          Taiwan  202.39.29.198
    >port 1080 scan
    >13-Oct-01       Acer Internet Services
    >Inc.     Taipei          Taiwan  210.67.84.6     printer
    >port scan
    >14-Oct-01       Korea Telecom   Seoul           Korea   211.220.193.214
    >port 22452 scan
    >14-Oct-01       Korea Network Information
    >Centre        Seocho-Dong     Seocho-ku       Korea
    >211.196.153.182 printer port scan
    >9-Oct-01        Korea Network Information
    >Centre        Seocho-Dong     Seocho-ku       Korea
    >211.46.246.194  Exchange_ports_1 scan
    >9-Oct-01        Korea Network Information
    >Centre        Seocho-Dong     Seocho-ku       Korea
    >211.196.153.182 printer port scan
    >10-Oct-01       Xi'an High Tech Development     Xi'an City      Shaanxi
    China
    >202.100.26.185  printer port scan
    >4-Oct-01        Shandong Qingdao Furuitai Chenxi Business
    >Co.   Jinan   Shandong        China
    >202.110.195.88  printer port scan
    >10-Oct-01       DigiTel Communications Asia Ltd.        Hong
    >Kong               Hong Kong
    >202.122.224.234 Exchange_ports_1 scan
    >7-Oct-01        HanseNet Telefongesellschaft mbH & Co.
    >KG       Hamburg         Germany
    >213.191.86.21   printer port scan
    >7-Oct-01        HanseNet Telefongesellschaft mbH & Co.
    >KG       Hamburg         Germany
    >213.191.86.21   ftp port scan
    >7-Oct-01        HanseNet Telefongesellschaft mbH & Co.
    >KG       Hamburg         Germany
    >213.191.86.21   port 54681 scan
    >11-Oct-01       Apple Online    London          United
    >Kingdom  213.219.19.162  port 22 scan
    >(SSH)
    >5-Oct-01        BT ADSL Sandridge       Hertfordshire   United
    >Kingdom  213.123.146.178 port
    >1080 scan
    >5-Oct-01        BT ADSL Sandridge       Hertfordshire   United
    >Kingdom  213.123.146.178 ftp
    >port scan
    >
    >
    > >
    > >-----Original Message-----
    > >From: Alan Wright [mailto:AlanJWrightat_private]
    > >Sent: Sunday, October 14, 2001 3:11 PM
    > >To: security-basicsat_private
    > >Subject: Scans from Moscow
    > >
    > >
    > >Anyone else getting http probes out of Moscow College of Business
    > >Administration ?
    > >Second time this week from Moscow , both from 'organisations'
    > >
    > >All the best
    > >
    > >Alan
    > >
    > >
    > >
    > >Alan J Wright B.Sc(Hons)(Open)
    > >SMS +47624462772.
    > >Email AlanJWrightat_private
    > >          foll478trapat_private
    > >
    > >
    > >'You're a feisty little one but you'll soon learn respect'
    > >
    > >Return of the Jedi
    >
    >All the best
    >
    >Alan
    >
    >
    >
    >Alan J Wright B.Sc(Hons)(Open)
    >SMS +47624462772.
    >Email AlanJWrightat_private
    >          foll478trapat_private
    >
    >
    >'You're a feisty little one but you'll soon learn respect'
    >
    >Return of the Jedi
    
    All the best
    
    Alan
    
    
    
    Alan J Wright B.Sc(Hons)(Open)
    SMS +47624462772.
    Email AlanJWrightat_private
             foll478trapat_private
    
    
    'You're a feisty little one but you'll soon learn respect'
    
    Return of the Jedi
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 11:14:10 PDT