Hi all, we've gotten a lot of attempted attacks from 195.86.128.45, which maps to kes.wirehub.nl. I've already notified abuseat_private, but have anybode else seen attacks from this ip ? From our log: 05/06/2003 12:29:53.048 Sub Seven Attack Dropped 195.86.128.45, 4341, WAN 195.119.0.181, 6776, DMZ 05/06/2003 12:35:54.624 Ripper Attack Dropped 195.86.128.45, 3230, WAN 195.119.0.181, 2023, DMZ 05/06/2003 12:36:18.736 Sub Seven Attack Dropped 195.86.128.45, 1780, WAN 195.119.0.181, 1243, DMZ 05/06/2003 12:43:28.928 Sub Seven Attack Dropped 195.86.128.45, 1627, WAN 195.119.0.181, 6711, DMZ 05/06/2003 12:52:30.176 Ini Killer Attack Dropped 195.86.128.45, 4690, WAN 195.119.0.181, 9989, DMZ 05/06/2003 12:54:06.592 Striker Attack Dropped 195.86.128.45, 1327, WAN 195.119.0.181, 2565, DMZ 05/06/2003 12:59:22.640 Net Spy Attack Dropped 195.86.128.45, 2570, WAN 195.119.0.181, 1024, DMZ 05/06/2003 13:25:08.352 Net Spy Attack Dropped 195.86.128.45, 3754, WAN 195.119.0.181, 1024, DMZ 05/06/2003 13:32:18.144 Striker Attack Dropped 195.86.128.45, 2661, WAN 195.119.0.181, 2565, DMZ 05/06/2003 13:34:10.352 Ini Killer Attack Dropped 195.86.128.45, 2307, WAN 195.119.0.181, 9989, DMZ 05/06/2003 13:42:59.320 Sub Seven Attack Dropped 195.86.128.45, 2832, WAN 195.119.0.181, 6711, DMZ 05/06/2003 13:48:29.528 Sub Seven Attack Dropped 195.86.128.45, 1863, WAN 195.119.0.181, 1243, DMZ 05/06/2003 13:48:41.544 Ripper Attack Dropped 195.86.128.45, 4230, WAN 195.119.0.181, 2023, DMZ 05/06/2003 13:52:18.416 Sub Seven Attack Dropped 195.86.128.45, 3498, WAN 195.119.0.181, 6776, DMZ 05/06/2003 14:12:09.240 NetBus Attack Dropped 195.86.128.45, 3677, WAN 195.119.0.181, 12345, DMZ 05/06/2003 14:36:07.608 Priority Attack Dropped 195.86.128.45, 2045, WAN 195.119.0.181, 16969, DMZ 05/06/2003 15:08:06.576 Priority Attack Dropped 195.86.128.45, 3927, WAN 195.119.0.181, 16969, DMZ 05/06/2003 15:11:52.048 NetBus Attack Dropped 195.86.128.45, 1756, WAN 195.119.0.181, 12345, DMZ 05/06/2003 15:14:22.032 NetBus Attack Dropped 195.86.128.45, 3133, WAN 195.119.0.181, 12345, DMZ 05/06/2003 15:17:39.560 Priority Attack Dropped 195.86.128.45, 2129, WAN 195.119.0.181, 16969, DMZ 05/06/2003 15:47:12.224 NetBus Attack Dropped 195.86.128.45, 3450, WAN 195.119.0.181, 20034, DMZ 05/06/2003 15:51:43.192 NetBus Attack Dropped 195.86.128.45, 4064, WAN 195.119.0.181, 20034, DMZ 05/06/2003 16:38:27.816 Back Orifice Attack Dropped 195.86.128.45, 2249, WAN 195.119.0.181, 31337, DMZ [...] Plus numerous portscans. What should I do next, besides wait for a reply? -- Christian Stigen Larsen -- http://sublevel3.org/~csl/ -- mob: +47 98 22 02 15 ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 06 2003 - 20:22:53 PDT