Security Incidents mailing list archives
Widespread Named Scans From 202.63.218.1
From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Sun, 5 Nov 2000 13:07:28 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I just notice another HUGE (216.X.X.X+) scan for vulnerable versions of BIND:
2000-11-05 01:05:57 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.3.228.X:53 [3] (ttl 28 len 40)
2000-11-05 10:35:32 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40)
2000-11-05 10:35:32 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40)
2000-11-05 10:35:33 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40)
2000-11-05 10:35:33 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40)
2000-11-05 10:35:33 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40)
2000-11-05 10:35:34 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.16.X:53 [3] (ttl 32 len 40)
2000-11-05 10:35:36 NAMED Iquery Probe UDP 202.63.218.1:2079 > 216.30.16.X:53 [udp len 35] (ttl 54 len 55)
2000-11-05 10:35:36 NAMED Iquery Probe UDP 202.63.218.1:2078 > 216.30.16.X:53 [udp len 35] (ttl 54 len 55)
2000-11-05 10:35:36 NAMED Iquery Probe UDP 202.63.218.1:2077 > 216.30.16.X:53 [udp len 35] (ttl 54 len 55)
2000-11-05 10:35:37 NAMED Iquery Probe UDP 202.63.218.1:2082 > 216.30.16.X:53 [udp len 35] (ttl 54 len 55)
2000-11-05 10:35:37 SCAN NAMED Version probe UDP 202.63.218.1:2079 > 216.30.16.X:53 [udp len 38] (ttl 54 len 58)
2000-11-05 10:35:37 SCAN NAMED Version probe UDP 202.63.218.1:2078 > 216.30.16.X:53 [udp len 38] (ttl 54 len 58)
2000-11-05 10:35:37 SCAN NAMED Version probe UDP 202.63.218.1:2077 > 216.30.16.X:53 [udp len 38] (ttl 54 len 58)
2000-11-05 10:35:38 SCAN NAMED Version probe UDP 202.63.218.1:2082 > 216.30.16.X:53 [udp len 38] (ttl 54 len 58)
2000-11-05 10:35:39 NAMED Iquery Probe UDP 202.63.218.1:2084 > 216.30.16.X:53 [udp len 35] (ttl 54 len 55)
2000-11-05 10:35:40 SCAN NAMED Version probe UDP 202.63.218.1:2084 > 216.30.16.X:53 [udp len 38] (ttl 54 len 58)
2000-11-05 10:37:24 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.38.X:53 [3] (ttl 32 len 40)
2000-11-05 10:37:24 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.38.X:53 [3] (ttl 32 len 40)
2000-11-05 10:37:39 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.41.X:53 [3] (ttl 32 len 40)
2000-11-05 10:37:39 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.41.X:53 [3] (ttl 32 len 40)
2000-11-05 10:37:41 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.41.X:53 [3] (ttl 32 len 40)
2000-11-05 10:37:41 SCAN-SYN FIN TCP 202.63.218.1:53 > 216.30.41.X:53 [3] (ttl 32 len 40)
All times are CST.
- ---[ whois from apnic results
inetnum: 202.63.192.0 - 202.63.223.255
netname: CUBEXS
descr: CubeXS Private Lmited
descr: Internet Service Provider
descr: Data Entry
descr: Software House
descr: 310-311 Kassam Court
descr: B.C. 9, Block 5, Clifton
descr: Karachi, Pakistan
country: PK
admin-c: AR22-AP
tech-c: AR22-AP
remarks: aly () cubexs net pk
mnt-by: MAINT-PK-CUBEXS
changed: hostamster () apnic net 20000306
source: APNIC
person: Aly Ramzan
address: CubeXS Private Limited
address: 310-311, Kassam Court, B.C.9,
address: Block 5, Clifton,
address: Karachi, Pakistan
phone: +9221-5877946
fax-no: +9221-5877950
country: PK
e-mail: aly () cubexs net pk
nic-hdl: AR22-AP
mnt-by: MAINT-NEW
changed: aly () cubexs net pk 20000105
source: APNIC
- -HD
- --
http://www.DigitalDefense.net (work)
http://www.DigitalOffense.net (play)
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBOgWv+jwRvqMPEDLhEQJ0XgCglnFQ8acD2wobfMKzYM9Du36I+28AnAoF
obpzCkyMXLrfLG5U3qKEZwDg
=CJ3/
-----END PGP SIGNATURE-----
Current thread:
- Widespread Named Scans From 202.63.218.1 H D Moore (Nov 06)