Security Incidents mailing list archives

!! IS SOMEBODY KNOW ABOUT PORT 149 ATTACK ?

From: Pavel Lozhkin <pauel () BALAKOVO RU>
Date: Tue, 8 Aug 2000 17:21:08 +0400
Recently at night my net was scanned from sovam.com Dialup IPs. Were
tried the 149 port of
my computers. Is somebody know something about exploit,which exploit
used 149 port ?

Time in this log is GMT+4 (MSK)

Aug-7-00:13:07 TCP from 195.239.3.73:1749 to 195.161.130.50:149
Aug-7-00:13:19 TCP from 195.239.3.73:1749 to 195.161.130.50:149
Aug-7-00:13:19 TCP from 195.239.3.73:1751 to 195.161.130.49:149
Aug-7-00:13:19 TCP from 195.239.3.73:1749 to 195.161.130.50:149
Aug-7-00:13:19 TCP from 195.239.3.73:1751 to 195.161.130.49:149
Aug-7-00:13:19 TCP from 195.239.3.73:1753 to 195.161.131.210:149
Aug-7-00:13:22 TCP from 195.239.3.73:1753 to 195.161.131.210:149
Aug-7-00:13:22 TCP from 195.239.3.73:1751 to 195.161.130.49:149
Aug-7-00:13:28 TCP from 195.239.3.73:1753 to 195.161.131.210:149
Aug-7-00:13:28 TCP from 195.239.3.73:1749 to 195.161.130.50:149
Aug-7-00:13:32 TCP from 195.239.3.73:1757 to 195.161.130.51:149
Aug-7-00:13:34 TCP from 195.239.3.73:1751 to 195.161.130.49:149
Aug-7-00:13:35 TCP from 195.239.3.73:1757 to 195.161.130.51:149
Aug-7-00:13:38 TCP from 195.239.3.73:1759 to 195.161.130.57:149
Aug-7-00:13:42 TCP from 195.239.3.73:1753 to 195.161.131.210:149
Aug-7-00:13:43 TCP from 195.239.3.73:1759 to 195.161.130.57:149
Aug-7-00:13:43 TCP from 195.239.3.73:1757 to 195.161.130.51:149
Aug-7-00:13:56 TCP from 195.239.3.73:1759 to 195.161.130.57:149
Aug-7-00:13:56 TCP from 195.239.3.73:1763 to 195.161.130.54:149
Aug-7-00:13:56 TCP from 195.239.3.73:1757 to 195.161.130.51:149
Aug-7-00:13:56 TCP from 195.239.3.73:1763 to 195.161.130.54:149
Aug-7-00:13:58 TCP from 195.239.3.73:1765 to 195.161.130.53:149
Aug-7-00:14:01 TCP from 195.239.3.73:1759 to 195.161.130.57:149
Aug-7-00:14:01 TCP from 195.239.3.73:1765 to 195.161.130.53:149
Aug-7-00:14:01 TCP from 195.239.3.73:1763 to 195.161.130.54:149
Aug-7-00:14:04 TCP from 195.239.3.73:1767 to 195.161.130.52:149
Aug-7-00:14:07 TCP from 195.239.3.73:1767 to 195.161.130.52:149
Aug-7-00:14:07 TCP from 195.239.3.73:1765 to 195.161.130.53:149
Aug-7-00:14:10 TCP from 195.239.3.73:1769 to 195.42.138.241:149
Aug-7-00:14:13 TCP from 195.239.3.73:1767 to 195.161.130.52:149
Aug-7-00:14:13 TCP from 195.239.3.73:1763 to 195.161.130.54:149
Aug-7-00:14:13 TCP from 195.239.3.73:1769 to 195.42.138.241:149
Aug-7-00:14:19 TCP from 195.239.3.73:1765 to 195.161.130.53:149
Aug-7-00:14:25 TCP from 195.239.3.73:1767 to 195.161.130.52:149
Aug-7-00:18:46 TCP from 195.239.3.73:1859 to 195.161.130.229:149
Aug-7-00:19:07 TCP from 195.239.3.73:1859 to 195.161.130.229:149
Aug-7-00:19:10 TCP from 195.239.3.73:1867 to 195.161.130.241:149
Aug-7-00:19:13 TCP from 195.239.3.73:1867 to 195.161.130.241:149
Aug-7-00:19:16 TCP from 195.239.3.73:1869 to 195.161.130.244:149
Aug-7-00:19:19 TCP from 195.239.3.73:1869 to 195.161.130.244:149
Aug-7-00:19:19 TCP from 195.239.3.73:1867 to 195.161.130.241:149
Aug-7-00:19:22 TCP from 195.239.3.73:1871 to 195.161.130.242:149
Aug-7-00:19:25 TCP from 195.239.3.73:1871 to 195.161.130.242:149
Aug-7-00:19:25 TCP from 195.239.3.73:1869 to 195.161.130.244:149
Aug-7-00:19:28 TCP from 195.239.3.73:1873 to 195.161.130.243:149
Aug-7-00:19:31 TCP from 195.239.3.73:1871 to 195.161.130.242:149
Aug-7-00:19:31 TCP from 195.239.3.73:1873 to 195.161.130.243:149
Aug-7-00:19:31 TCP from 195.239.3.73:1867 to 195.161.130.241:149
Aug-7-00:19:34 TCP from 195.239.3.73:1875 to 195.161.130.240:149
Aug-7-00:19:37 TCP from 195.239.3.73:1875 to 195.161.130.240:149
Aug-7-00:19:37 TCP from 195.239.3.73:1869 to 195.161.130.244:149
Aug-7-00:19:37 TCP from 195.239.3.73:1873 to 195.161.130.243:149
Aug-7-00:19:40 TCP from 195.239.3.73:1877 to 195.161.130.245:149
Aug-7-00:19:43 TCP from 195.239.3.73:1871 to 195.161.130.242:149
Aug-7-00:19:43 TCP from 195.239.3.73:1875 to 195.161.130.240:149
Aug-7-00:19:43 TCP from 195.239.3.73:1877 to 195.161.130.245:149
Aug-7-00:19:49 TCP from 195.239.3.73:1877 to 195.161.130.245:149
Aug-7-00:19:49 TCP from 195.239.3.73:1873 to 195.161.130.243:149
Aug-7-00:19:55 TCP from 195.239.3.73:1875 to 195.161.130.240:149
Aug-7-00:20:01 TCP from 195.239.3.73:1877 to 195.161.130.245:149
--
** The hedgehog is a proud bird, he does not fly without kick **

Pauel
System administrator
ICQ UIN 39596913 8990192
Phone (7-84570)-52525
      (7-84570)-40658

Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
Attachment: smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:

!! IS SOMEBODY KNOW ABOUT PORT 149 ATTACK ? Pavel Lozhkin (Aug 08)