Security Incidents mailing list archives
Port Scan from Argentina
From: root () RGFSPARC CR USGS GOV (Robert G. Ferrell)
Date: Wed, 16 Feb 2000 12:06:42 -0600
Hi folks, Thought I'd share this little port scan with you. I've already attempted to contact the apparent originating network's admin. =============================================================================== Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: klogin connection attempt from RCH2ppp-59.uc.infovia.com.ar:4254 Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 1080 connection attempt from RCH2ppp-59.uc.infovia.com.ar:4255 Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: ftp connection attempt from RCH2ppp-59.uc.infovia.com.ar:4256 Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: imap connection attempt from RCH2ppp-59.uc.infovia.com.ar:4257 Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: pop3 connection attempt from RCH2ppp-59.uc.infovia.com.ar:4258 Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 6000 connection attempt from RCH2ppp-59.uc.infovia.com.ar:4259 Feb 16 03:08:24 rgfsparc.cr.usgs.gov inetd[130]: ftp[3369] from 209.13.233.59 4256 Feb 16 03:08:25 rgfsparc.cr.usgs.gov inetd[130]: telnet[3370] from 209.13.233.59 4260 Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 1080 Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host 209.13.233.59 has been blocked via wrappers with string: "ALL: 209.13.233.59" Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host 209.13.233.59 has been blocked via dropped route using command: "/usr/sbin/route add 209.13.233.59 136.177.164.253 1" Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 109 Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host: 209.13.233.59 is already blocked. Ignoring Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 110 Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host: 209.13.233.59 is already blocked. Ignoring Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 143 Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host: 209.13.233.59 is already blocked. Ignoring Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 6667 Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host: 209.13.233.59 is already blocked. Ignoring Feb 16 03:08:26 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 139 Feb 16 03:08:26 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host: 209.13.233.59 is already blocked. Ignoring Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: telnet connection attempt from RCH2ppp-59.uc.infovia.com.ar:4260 Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 80 connection attempt from RCH2ppp-59.uc.infovia.com.ar:4261 Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: pop2 connection attempt from RCH2ppp-59.uc.infovia.com.ar:4262 Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 8080 connection attempt from RCH2ppp-59.uc.infovia.com.ar:4263 Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 22 connection attempt from RCH2ppp-59.uc.infovia.com.ar:4264 Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 544 connection attempt from RCH2ppp-59.uc.infovia.com.ar:4265 Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 6667 connection attempt from RCH2ppp-59.uc.infovia.com.ar:4267 Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: finger connection attempt from RCH2ppp-59.uc.infovia.com.ar:4266 Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port scan detected from RCH2ppp-59.uc.infovia.com.ar Feb 16 03:09:18 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port scan mode expired for RCH2ppp-59.uc.infovia.com.ar - received a total of 17 packets (680 bytes). ============================================================================= Cheers, RGF Robert G. Ferrell Information Security Officer National Business Center, US DoI Robert_G_Ferrell () nbc gov ---------------------------------------------------------------------------- Nothing I have ever said should be construed as even vaguely representing an official statement by the NBC or DoI. ----------------------------------------------------------------------------
Current thread:
- Port Scan from Argentina Robert G. Ferrell (Feb 16)