Security Incidents mailing list archives
Widespread Named Scans From 202.63.218.1
From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Sun, 5 Nov 2000 13:07:28 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I just notice another HUGE (216.X.X.X+) scan for vulnerable versions of BIND: 2000-11-05 01:05:57 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.3.228.X:53 [3] (ttl 28 len 40) 2000-11-05 10:35:32 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40) 2000-11-05 10:35:32 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40) 2000-11-05 10:35:33 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40) 2000-11-05 10:35:33 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40) 2000-11-05 10:35:33 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40) 2000-11-05 10:35:34 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40) 2000-11-05 10:35:36 NAMED Iquery Probe UDP 202.63.218.1:2079 > 216.30.16.X:53 [udp len 35] (ttl 54 len 55) 2000-11-05 10:35:36 NAMED Iquery Probe UDP 202.63.218.1:2078 > 216.30.16.X:53 [udp len 35] (ttl 54 len 55) 2000-11-05 10:35:36 NAMED Iquery Probe UDP 202.63.218.1:2077 > 216.30.16.X:53 [udp len 35] (ttl 54 len 55) 2000-11-05 10:35:37 NAMED Iquery Probe UDP 202.63.218.1:2082 > 216.30.16.X:53 [udp len 35] (ttl 54 len 55) 2000-11-05 10:35:37 SCAN NAMED Version probe UDP 202.63.218.1:2079 > 216.30.16.X:53 [udp len 38] (ttl 54 len 58) 2000-11-05 10:35:37 SCAN NAMED Version probe UDP 202.63.218.1:2078 > 216.30.16.X:53 [udp len 38] (ttl 54 len 58) 2000-11-05 10:35:37 SCAN NAMED Version probe UDP 202.63.218.1:2077 > 216.30.16.X:53 [udp len 38] (ttl 54 len 58) 2000-11-05 10:35:38 SCAN NAMED Version probe UDP 202.63.218.1:2082 > 216.30.16.X:53 [udp len 38] (ttl 54 len 58) 2000-11-05 10:35:39 NAMED Iquery Probe UDP 202.63.218.1:2084 > 216.30.16.X:53 [udp len 35] (ttl 54 len 55) 2000-11-05 10:35:40 SCAN NAMED Version probe UDP 202.63.218.1:2084 > 216.30.16.X:53 [udp len 38] (ttl 54 len 58) 2000-11-05 10:37:24 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.38.X:53 [3] (ttl 32 len 40) 2000-11-05 10:37:24 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.38.X:53 [3] (ttl 32 len 40) 2000-11-05 10:37:39 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.41.X:53 [3] (ttl 32 len 40) 2000-11-05 10:37:39 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.41.X:53 [3] (ttl 32 len 40) 2000-11-05 10:37:41 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.41.X:53 [3] (ttl 32 len 40) 2000-11-05 10:37:41 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.41.X:53 [3] (ttl 32 len 40) All times are CST. - ---[ whois from apnic results inetnum: 202.63.192.0 - 202.63.223.255 netname: CUBEXS descr: CubeXS Private Lmited descr: Internet Service Provider descr: Data Entry descr: Software House descr: 310-311 Kassam Court descr: B.C. 9, Block 5, Clifton descr: Karachi, Pakistan country: PK admin-c: AR22-AP tech-c: AR22-AP remarks: aly () cubexs net pk mnt-by: MAINT-PK-CUBEXS changed: hostamster () apnic net 20000306 source: APNIC person: Aly Ramzan address: CubeXS Private Limited address: 310-311, Kassam Court, B.C.9, address: Block 5, Clifton, address: Karachi, Pakistan phone: +9221-5877946 fax-no: +9221-5877950 country: PK e-mail: aly () cubexs net pk nic-hdl: AR22-AP mnt-by: MAINT-NEW changed: aly () cubexs net pk 20000105 source: APNIC - -HD - -- http://www.DigitalDefense.net (work) http://www.DigitalOffense.net (play) -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBOgWv+jwRvqMPEDLhEQJ0XgCglnFQ8acD2wobfMKzYM9Du36I+28AnAoF obpzCkyMXLrfLG5U3qKEZwDg =CJ3/ -----END PGP SIGNATURE-----
Current thread:
- Widespread Named Scans From 202.63.218.1 H D Moore (Nov 06)