Here are the associated companies that belong to the IP's. You could contact
them and find out why they are probing. Hope this helps.
Nov 29 20:52:34 204.89.181.4
Exchange Network Services, Inc. (NET-NET-EN)
25931 Euclid Ave. #145
Euclid, OH 44132
US
Netname: NET-EN
Netblock: 204.89.181.0 - 204.89.181.255
Coordinator:
Master, Host (HM283-ARIN) HostMaster@Voyager.net
(517)324-8940
Domain System inverse mapping provided by:
E0.NS.VOYAGER.NET 169.207.2.72
E1.NS.VOYAGER.NET 207.89.128.13
E2.NS.VOYAGER.NET 207.0.229.252
Record last updated on 01-Nov-2000.
Database last updated on 3-Dec-2001 19:56:03 EDT.
-------------------------
130.88.1.135
University of Manchester (NET-MANNET)
Manchester
GB
Netname: MANLAN
Netblock: 130.88.0.0 - 130.88.255.255
Coordinator:
Myers, Patrick (PM115-ARIN) myers@mcc.ac.uk
+44 61 275 6016
Domain System inverse mapping provided by:
DIR.MCC.AC.UK 130.88.200.4
URSA.CNS.UMIST.AC.UK 130.88.210.1
UTSERV.MCC.AC.UK 130.88.200.6
Record last updated on 26-Oct-1993.
Database last updated on 3-Dec-2001 19:56:03 EDT.
--------------------------------
200.176.47.199
Comite Gestor da Internet no Brasil (NETBLK-BRAZIL-BLK2)
R. Pio XI, 1500
Sao Paulo, SP 05468-901
BR
Netname: BRAZIL-BLK2
Netblock: 200.128.0.0 - 200.255.255.255
Maintainer: BR
Coordinator:
Registro.br (NF-ORG-ARIN) blkadm@nic.br
+55 19 9119-0304
Domain System inverse mapping provided by:
NS.DNS.BR 143.108.23.2
NS1.DNS.BR 200.255.253.234
NS2.DNS.BR 200.19.119.99
These addresses have been further assigned to Brazilian users.
Contact information can be found at the WHOIS server located
at whois.registro.br and at http://whois.nic.br
Record last updated on 30-Aug-2001.
Database last updated on 3-Dec-2001 19:56:03 EDT.
-----------------------------
64.45.60.239
NETlimited (NETBLK-NETLIMITED-3)
3250 Wilshire Blvd #707
Los Angeles, CA 90010
US
Netname: NETLIMITED-3
Netblock: 64.45.0.0 - 64.45.63.255
Maintainer: NELI
Coordinator:
Webmaster, NETLimited (LE242-ARIN) domainreg@NETLIMITED.NET
+1-213-252-9779 (FAX) +1-213-368-2341
Domain System inverse mapping provided by:
DNS1.NETSERVERS.NET 209.196.128.21
DNS2.NETSERVERS.NET 209.196.128.22
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 06-Jun-2001.
Database last updated on 3-Dec-2001 19:56:03 EDT.
-----------------------
62.2.203.210
inetnum: 62.2.200.0 - 62.2.212.255
netname: CABLECOM-MAIN-NET
descr: Cablecom GmbH
descr: Zuerich
country: CH
remarks: ************************************************************
remarks: For spam/abuse, please contact abuse@cablecom.ch
remarks: ************************************************************
admin-c: WM5132-RIPE
admin-c: WM5132-RIPE
tech-c: CAN6-RIPE
tech-c: CAN6-RIPE
status: ASSIGNED PA
notify: lir-mnt@cablecom.ch
mnt-by: AS8404-MNT
changed: wilson.mehringer@cablecom.ch 20011018
changed: wilson.mehringer@cablecom.ch 20011022
source: RIPE
Geno
-----Original Message-----
From: Steven S [mailto:stevensl@corp.earthlink.net]
Sent: Monday, December 03, 2001 3:07 PM
To: incidents@securityfocus.com
Subject: Re: Attacks against SSH?
I've seen to following ip's try connecting to my home box. My fw drops the
connection attempts.
Nov 29 20:52:34 204.89.181.4
Nov 30 20:19:59 130.88.1.135
Dec 1 16:12:16 200.176.47.199
Dec 3 06:30:15 64.45.60.239
Dec 3 16:01:51 62.2.203.210
obviously not anything "widespread", i get many times that many port 139
and 80 scans in a single day.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 09:26:36 PST