Strange connection attempts

From: Andrea Efstathiou (aefstathiouat_private)
Date: Mon Jan 07 2002 - 08:48:41 PST
Next message: Will Aoki: "Re: Spoofed scans"
Previous message: Crist J. Clark: "Re: Spoofed scans"
Next in thread: Cloppert, Michael: "RE: Strange connection attempts"
Reply: Cloppert, Michael: "RE: Strange connection attempts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi All,

I was wondering if anyone else was seeing, or has seen attempts like this
before and/or could tell me what mite be causing them.

Jan  2 13:42:13 my.domain.com41479: %SEC-6-IPACCESSLOGP: list inbound denied
udp 62.106.18.248(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:44:53 my.domain.com41482: %SEC-6-IPACCESSLOGP: list inbound denied
udp 208.58.230.212(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:45:08 my.domain.com41484: %SEC-6-IPACCESSLOGP: list inbound denied
udp 80.116.251.123(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:46:47 my.domain.com41485: %SEC-6-IPACCESSLOGP: list inbound denied
udp 195.176.180.174(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:46:58 my.domain.com41487: %SEC-6-IPACCESSLOGP: list inbound denied
udp 213.37.60.15(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:47:58 my.domain.com41502: %SEC-6-IPACCESSLOGP: list inbound denied
udp 141.217.10.169(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:48:56 my.domain.com41504: %SEC-6-IPACCESSLOGP: list inbound denied
udp 65.103.119.138(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:50:08 my.domain.com41506: %SEC-6-IPACCESSLOGP: list inbound denied
udp 62.56.168.38(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:51:52 my.domain.com41509: %SEC-6-IPACCESSLOGP: list inbound denied
udp 216.191.217.66(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:52:14 my.domain.com41510: %SEC-6-IPACCESSLOGP: list inbound denied
udp 204.210.232.253(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:56:01 my.domain.com41516: %SEC-6-IPACCESSLOGP: list inbound denied
udp 203.247.220.183(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:56:39 my.domain.com41517: %SEC-6-IPACCESSLOGP: list inbound denied
udp 209.107.57.252(137) -> my.border.router.ip(36), 1 packet
Jan  2 13:56:56 my.domain.com41518: %SEC-6-IPACCESSLOGP: list inbound denied
udp 216.191.217.66(137) -> my.border.router.ip(36), 2 packets
Jan  2 13:57:56 my.domain.com41519: %SEC-6-IPACCESSLOGP: list inbound denied
udp 204.210.232.253(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:00:58 my.domain.com41527: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.65.246.247(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:01:27 my.domain.com41528: %SEC-6-IPACCESSLOGP: list inbound denied
udp 212.131.230.179(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:01:57 my.domain.com41529: %SEC-6-IPACCESSLOGP: list inbound denied
udp 203.247.220.183(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:05:38 my.domain.com41534: %SEC-6-IPACCESSLOGP: list inbound denied
udp 207.173.208.254(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:06:00 my.domain.com41536: %SEC-6-IPACCESSLOGP: list inbound denied
udp 202.8.234.234(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:06:57 my.domain.com41539: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.65.246.247(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:07:39 my.domain.com41540: %SEC-6-IPACCESSLOGP: list inbound denied
udp 213.37.60.15(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:09:25 my.domain.com41544: %SEC-6-IPACCESSLOGP: list inbound denied
udp 203.247.220.183(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:13:53 my.domain.com41559: %SEC-6-IPACCESSLOGP: list inbound denied
udp 203.247.220.183(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:17:19 my.domain.com41565: %SEC-6-IPACCESSLOGP: list inbound denied
udp 66.168.212.107(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:19:50 my.domain.com41568: %SEC-6-IPACCESSLOGP: list inbound denied
udp 207.40.241.184(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:20:59 my.domain.com41569: %SEC-6-IPACCESSLOGP: list inbound denied
udp 65.81.200.98(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:22:59 my.domain.com41573: %SEC-6-IPACCESSLOGP: list inbound denied
udp 66.168.212.107(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:23:59 my.domain.com41576: %SEC-6-IPACCESSLOGP: list inbound denied
udp 203.247.220.183(137) -> my.border.router.ip(36), 3 packets
Jan  2 14:24:29 my.domain.com41578: %SEC-6-IPACCESSLOGP: list inbound denied
udp 158.194.80.59(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:24:59 my.domain.com41579: %SEC-6-IPACCESSLOGP: list inbound denied
udp 207.40.241.184(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:25:59 my.domain.com41581: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.95.243.199(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:27:28 my.domain.com41585: %SEC-6-IPACCESSLOGP: list inbound denied
udp 65.204.206.98(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:27:48 my.domain.com41586: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.197.234.119(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:30:00 my.domain.com41589: %SEC-6-IPACCESSLOGP: list inbound denied
udp 158.194.80.59(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:30:54 my.domain.com41592: %SEC-6-IPACCESSLOGP: list inbound denied
udp 216.191.217.66(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:32:02 my.domain.com41596: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.159.100.37(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:33:00 my.domain.com41599: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.197.234.119(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:34:38 my.domain.com41600: %SEC-6-IPACCESSLOGP: list inbound denied
udp 213.221.145.131(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:36:00 my.domain.com41602: %SEC-6-IPACCESSLOGP: list inbound denied
udp 144.92.175.159(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:40:01 my.domain.com41610: %SEC-6-IPACCESSLOGP: list inbound denied
udp 213.221.145.131(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:40:56 my.domain.com41612: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.65.246.247(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:41:02 my.domain.com41614: %SEC-6-IPACCESSLOGP: list inbound denied
udp 128.163.94.92(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:41:35 my.domain.com41615: %SEC-6-IPACCESSLOGP: list inbound denied
udp 168.131.57.87(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:41:53 my.domain.com41616: %SEC-6-IPACCESSLOGP: list inbound denied
udp 80.83.39.140(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:42:23 my.domain.com41618: %SEC-6-IPACCESSLOGP: list inbound denied
udp 62.149.128.36(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:44:21 my.domain.com41623: %SEC-6-IPACCESSLOGP: list inbound denied
udp 213.45.107.130(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:46:01 my.domain.com41627: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.65.246.247(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:47:01 my.domain.com41629: %SEC-6-IPACCESSLOGP: list inbound denied
udp 80.83.39.140(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:50:11 my.domain.com41632: %SEC-6-IPACCESSLOGP: list inbound denied
udp 142.103.165.51(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:51:03 my.domain.com41637: %SEC-6-IPACCESSLOGP: list inbound denied
udp 208.20.105.233(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:51:40 my.domain.com41638: %SEC-6-IPACCESSLOGP: list inbound denied
udp 65.33.170.194(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:54:02 my.domain.com41642: %SEC-6-IPACCESSLOGP: list inbound denied
udp 62.149.128.36(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:54:57 my.domain.com41644: %SEC-6-IPACCESSLOGP: list inbound denied
udp 211.171.214.131(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:55:18 my.domain.com41646: %SEC-6-IPACCESSLOGP: list inbound denied
udp 212.125.225.165(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:55:47 my.domain.com41647: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.198.44.4(137) -> my.border.router.ip(36), 1 packet
Jan  2 14:57:03 my.domain.com41652: %SEC-6-IPACCESSLOGP: list inbound denied
udp 208.20.105.233(137) -> my.border.router.ip(36), 2 packets
Jan  2 14:58:56 my.domain.com41654: %SEC-6-IPACCESSLOGP: list inbound denied
udp 202.180.172.8(137) -> my.border.router.ip(36), 1 packet
Jan  2 15:00:03 my.domain.com41659: %SEC-6-IPACCESSLOGP: list inbound denied
udp 211.171.214.131(137) -> my.border.router.ip(36), 2 packets
Jan  2 15:01:48 my.domain.com41663: %SEC-6-IPACCESSLOGP: list inbound denied
udp 211.219.43.175(137) -> my.border.router.ip(36), 1 packet
Jan  2 15:04:03 my.domain.com41667: %SEC-6-IPACCESSLOGP: list inbound denied
udp 202.180.172.8(137) -> my.border.router.ip(36), 2 packets
Jan  2 15:07:04 my.domain.com41672: %SEC-6-IPACCESSLOGP: list inbound denied
udp 211.219.43.175(137) -> my.border.router.ip(36), 2 packets

Jan  3 09:04:37 my.domain.com41870: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.196.28.67(137) -> my.border.router.ip(37), 1 packet
Jan  3 09:05:48 my.domain.com41871: %SEC-6-IPACCESSLOGP: list inbound denied
udp 209.91.178.156(137) -> my.border.router.ip(37), 1 packet
Jan  3 09:07:04 my.domain.com41873: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.207.157.172(137) -> my.border.router.ip(37), 1 packet
Jan  3 09:09:43 my.domain.com41875: %SEC-6-IPACCESSLOGP: list inbound denied
udp 65.212.205.68(137) -> my.border.router.ip(37), 1 packet
Jan  3 09:10:11 my.domain.com41876: %SEC-6-IPACCESSLOGP: list inbound denied
udp 208.63.88.86(137) -> my.border.router.ip(37), 1 packet
Jan  3 09:10:28 my.domain.com41877: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.196.28.67(137) -> my.border.router.ip(37), 2 packets
Jan  3 09:10:45 my.domain.com41878: %SEC-6-IPACCESSLOGP: list inbound denied
udp 144.92.175.27(137) -> my.border.router.ip(37), 1 packet
Jan  3 09:12:04 my.domain.com41880: %SEC-6-IPACCESSLOGP: list inbound denied
udp 156.3.31.177(137) -> my.border.router.ip(37), 1 packet
Jan  3 09:12:13 my.domain.com41881: %SEC-6-IPACCESSLOGP: list inbound denied
udp 4.3.205.254(137) -> my.border.router.ip(37), 1 packet
Jan  3 09:12:29 my.domain.com41882: %SEC-6-IPACCESSLOGP: list inbound denied
udp 24.207.157.172(137) -> my.border.router.ip(37), 2 packets
Jan  3 09:12:33 my.domain.com41883: %SEC-6-IPACCESSLOGP: list inbound denied
udp 62.107.131.247(137) -> my.border.router.ip(37), 1 packet
Jan  3 09:15:29 my.domain.com41885: %SEC-6-IPACCESSLOGP: list inbound denied
udp 208.63.88.86(137) -> my.border.router.ip(37), 2 packets
Jan  3 09:16:29 my.domain.com41886: %SEC-6-IPACCESSLOGP: list inbound denied
udp 144.92.175.27(137) -> my.border.router.ip(37), 2 packets
Jan  3 09:17:29 my.domain.com41887: %SEC-6-IPACCESSLOGP: list inbound denied
udp 156.3.31.177(137) -> my.border.router.ip(37), 2 packets
Jan  3 09:18:29 my.domain.com41888: %SEC-6-IPACCESSLOGP: list inbound denied
udp 62.107.131.247(137) -> my.border.router.ip(37), 2 packets

Jan  4 17:42:43 my.domain.com42179: %SEC-6-IPACCESSLOGP: list inbound denied
udp 208.63.124.173(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:43:33 my.domain.com42181: %SEC-6-IPACCESSLOGP: list inbound denied
udp 206.142.24.160(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:44:12 my.domain.com42183: %SEC-6-IPACCESSLOGP: list inbound denied
udp 65.198.243.40(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:44:33 my.domain.com42184: %SEC-6-IPACCESSLOGP: list inbound denied
udp 80.89.162.78(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:44:44 my.domain.com42185: %SEC-6-IPACCESSLOGP: list inbound denied
udp 80.116.246.179(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:45:51 my.domain.com42187: %SEC-6-IPACCESSLOGP: list inbound denied
udp 209.251.16.2(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:46:45 my.domain.com42188: %SEC-6-IPACCESSLOGP: list inbound denied
udp 206.69.196.90(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:47:04 my.domain.com42189: %SEC-6-IPACCESSLOGP: list inbound denied
udp 62.142.203.158(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:47:33 my.domain.com42190: %SEC-6-IPACCESSLOGP: list inbound denied
udp 66.169.232.55(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:49:51 my.domain.com42193: %SEC-6-IPACCESSLOGP: list inbound denied
udp 65.198.243.40(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:50:51 my.domain.com42194: %SEC-6-IPACCESSLOGP: list inbound denied
udp 209.251.16.2(137) -> my.border.router.ip(40), 2 packets
Jan  4 17:51:21 my.domain.com42195: %SEC-6-IPACCESSLOGP: list inbound denied
udp 134.102.68.26(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:52:30 my.domain.com42196: %SEC-6-IPACCESSLOGP: list inbound denied
udp 130.184.111.212(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:52:51 my.domain.com42197: %SEC-6-IPACCESSLOGP: list inbound denied
udp 80.89.162.78(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:53:22 my.domain.com42198: %SEC-6-IPACCESSLOGP: list inbound denied
udp 137.204.133.109(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:54:51 my.domain.com42200: %SEC-6-IPACCESSLOGP: list inbound denied
udp 80.116.246.179(137) -> my.border.router.ip(40), 3 packets
Jan  4 17:56:24 my.domain.com42201: %SEC-6-IPACCESSLOGP: list inbound denied
udp 66.169.149.134(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:56:28 my.domain.com42202: %SEC-6-IPACCESSLOGP: list inbound denied
udp 80.116.86.119(137) -> my.border.router.ip(40), 1 packet
Jan  4 17:56:52 my.domain.com42204: %SEC-6-IPACCESSLOGP: list inbound denied
udp 134.102.68.26(137) -> my.border.router.ip(40), 2 packets
Jan  4 17:57:52 my.domain.com42205: %SEC-6-IPACCESSLOGP: list inbound denied
udp 130.184.111.212(137) -> my.border.router.ip(40), 2 packets
Jan  4 17:58:52 my.domain.com42206: %SEC-6-IPACCESSLOGP: list inbound denied
udp 137.204.133.109(137) -> my.border.router.ip(40), 2 packets
Jan  4 18:01:52 my.domain.com42209: %SEC-6-IPACCESSLOGP: list inbound denied
udp 66.169.149.134(137) -> my.border.router.ip(40), 1 packet

Regards,

Andrea Efstathiou


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Next message: Will Aoki: "Re: Spoofed scans"
Previous message: Crist J. Clark: "Re: Spoofed scans"
Next in thread: Cloppert, Michael: "RE: Strange connection attempts"
Reply: Cloppert, Michael: "RE: Strange connection attempts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Mon Jan 07 2002 - 11:44:42 PST