Security Incidents mailing list archives
!! IS SOMEBODY KNOW ABOUT PORT 149 ATTACK ?
From: Pavel Lozhkin <pauel () BALAKOVO RU>
Date: Tue, 8 Aug 2000 17:21:08 +0400
Recently at night my net was scanned from sovam.com Dialup IPs. Were tried the 149 port of my computers. Is somebody know something about exploit,which exploit used 149 port ? Time in this log is GMT+4 (MSK) Aug-7-00:13:07 TCP from 195.239.3.73:1749 to 195.161.130.50:149 Aug-7-00:13:19 TCP from 195.239.3.73:1749 to 195.161.130.50:149 Aug-7-00:13:19 TCP from 195.239.3.73:1751 to 195.161.130.49:149 Aug-7-00:13:19 TCP from 195.239.3.73:1749 to 195.161.130.50:149 Aug-7-00:13:19 TCP from 195.239.3.73:1751 to 195.161.130.49:149 Aug-7-00:13:19 TCP from 195.239.3.73:1753 to 195.161.131.210:149 Aug-7-00:13:22 TCP from 195.239.3.73:1753 to 195.161.131.210:149 Aug-7-00:13:22 TCP from 195.239.3.73:1751 to 195.161.130.49:149 Aug-7-00:13:28 TCP from 195.239.3.73:1753 to 195.161.131.210:149 Aug-7-00:13:28 TCP from 195.239.3.73:1749 to 195.161.130.50:149 Aug-7-00:13:32 TCP from 195.239.3.73:1757 to 195.161.130.51:149 Aug-7-00:13:34 TCP from 195.239.3.73:1751 to 195.161.130.49:149 Aug-7-00:13:35 TCP from 195.239.3.73:1757 to 195.161.130.51:149 Aug-7-00:13:38 TCP from 195.239.3.73:1759 to 195.161.130.57:149 Aug-7-00:13:42 TCP from 195.239.3.73:1753 to 195.161.131.210:149 Aug-7-00:13:43 TCP from 195.239.3.73:1759 to 195.161.130.57:149 Aug-7-00:13:43 TCP from 195.239.3.73:1757 to 195.161.130.51:149 Aug-7-00:13:56 TCP from 195.239.3.73:1759 to 195.161.130.57:149 Aug-7-00:13:56 TCP from 195.239.3.73:1763 to 195.161.130.54:149 Aug-7-00:13:56 TCP from 195.239.3.73:1757 to 195.161.130.51:149 Aug-7-00:13:56 TCP from 195.239.3.73:1763 to 195.161.130.54:149 Aug-7-00:13:58 TCP from 195.239.3.73:1765 to 195.161.130.53:149 Aug-7-00:14:01 TCP from 195.239.3.73:1759 to 195.161.130.57:149 Aug-7-00:14:01 TCP from 195.239.3.73:1765 to 195.161.130.53:149 Aug-7-00:14:01 TCP from 195.239.3.73:1763 to 195.161.130.54:149 Aug-7-00:14:04 TCP from 195.239.3.73:1767 to 195.161.130.52:149 Aug-7-00:14:07 TCP from 195.239.3.73:1767 to 195.161.130.52:149 Aug-7-00:14:07 TCP from 195.239.3.73:1765 to 195.161.130.53:149 Aug-7-00:14:10 TCP from 195.239.3.73:1769 to 195.42.138.241:149 Aug-7-00:14:13 TCP from 195.239.3.73:1767 to 195.161.130.52:149 Aug-7-00:14:13 TCP from 195.239.3.73:1763 to 195.161.130.54:149 Aug-7-00:14:13 TCP from 195.239.3.73:1769 to 195.42.138.241:149 Aug-7-00:14:19 TCP from 195.239.3.73:1765 to 195.161.130.53:149 Aug-7-00:14:25 TCP from 195.239.3.73:1767 to 195.161.130.52:149 Aug-7-00:18:46 TCP from 195.239.3.73:1859 to 195.161.130.229:149 Aug-7-00:19:07 TCP from 195.239.3.73:1859 to 195.161.130.229:149 Aug-7-00:19:10 TCP from 195.239.3.73:1867 to 195.161.130.241:149 Aug-7-00:19:13 TCP from 195.239.3.73:1867 to 195.161.130.241:149 Aug-7-00:19:16 TCP from 195.239.3.73:1869 to 195.161.130.244:149 Aug-7-00:19:19 TCP from 195.239.3.73:1869 to 195.161.130.244:149 Aug-7-00:19:19 TCP from 195.239.3.73:1867 to 195.161.130.241:149 Aug-7-00:19:22 TCP from 195.239.3.73:1871 to 195.161.130.242:149 Aug-7-00:19:25 TCP from 195.239.3.73:1871 to 195.161.130.242:149 Aug-7-00:19:25 TCP from 195.239.3.73:1869 to 195.161.130.244:149 Aug-7-00:19:28 TCP from 195.239.3.73:1873 to 195.161.130.243:149 Aug-7-00:19:31 TCP from 195.239.3.73:1871 to 195.161.130.242:149 Aug-7-00:19:31 TCP from 195.239.3.73:1873 to 195.161.130.243:149 Aug-7-00:19:31 TCP from 195.239.3.73:1867 to 195.161.130.241:149 Aug-7-00:19:34 TCP from 195.239.3.73:1875 to 195.161.130.240:149 Aug-7-00:19:37 TCP from 195.239.3.73:1875 to 195.161.130.240:149 Aug-7-00:19:37 TCP from 195.239.3.73:1869 to 195.161.130.244:149 Aug-7-00:19:37 TCP from 195.239.3.73:1873 to 195.161.130.243:149 Aug-7-00:19:40 TCP from 195.239.3.73:1877 to 195.161.130.245:149 Aug-7-00:19:43 TCP from 195.239.3.73:1871 to 195.161.130.242:149 Aug-7-00:19:43 TCP from 195.239.3.73:1875 to 195.161.130.240:149 Aug-7-00:19:43 TCP from 195.239.3.73:1877 to 195.161.130.245:149 Aug-7-00:19:49 TCP from 195.239.3.73:1877 to 195.161.130.245:149 Aug-7-00:19:49 TCP from 195.239.3.73:1873 to 195.161.130.243:149 Aug-7-00:19:55 TCP from 195.239.3.73:1875 to 195.161.130.240:149 Aug-7-00:20:01 TCP from 195.239.3.73:1877 to 195.161.130.245:149 -- ** The hedgehog is a proud bird, he does not fly without kick ** Pauel System administrator ICQ UIN 39596913 8990192 Phone (7-84570)-52525 (7-84570)-40658 Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- !! IS SOMEBODY KNOW ABOUT PORT 149 ATTACK ? Pavel Lozhkin (Aug 08)