Security Incidents mailing list archives
Re: Scans from Russia
From: Vitaly Osipov <vos () TELENOR CZ>
Date: Fri, 22 Sep 2000 10:14:51 +0200
I hope now nobody is going to cry that you are attacked from Russian ministry of roads and transportation... (because MRT means exactly this :) ) if you read russian, try http://www.css-mps.ru/ (though I guess you do not) but actually this was done from a dialup in some _very_ small city in Russia (they say on their site www.szr.net.ru that they have only 25 dialup users, so you can try to contact them at laz () szr net ru to find the cause) dialup9.szr.net.ru (213.156.132.118) regards, W. ----- Original Message ----- From: "Infrastructure Dept." <infrastructure () narellan net> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Wednesday, September 20, 2000 2:57 PM Subject: Scans from Russia
I check my logs more than daily so I usually catch stuff soon after the occurrence. Here's something I saw this morning. Can someone tell me what the flags mean or where I can find a list of 'flags' Sep 20 00:27:21 ns1 scanlogd: From 213.156.132.118 to x.x.x.x ports 1999, 745, 602, 6003, 144, 3333, 32771, 53, 2049, ..., flags fSrpau, TOS 00, TTL 42, started at 00:27:19 And here's the Whois data inetnum: 213.156.130.0 - 213.156.136.255 netname: CSSMPSNET descr: Central Switching Station of MRT RF descr: Russia country: RU admin-c: KD544-RIPE tech-c: KD544-RIPE status: ASSIGNED PA notify: netadmin () css-mps ru mnt-by: TRANSINFORM-MNT changed: netadmin () css-mps ru 20000214 changed: alex () tsi ru 20000223 source: RIPE route: 213.156.128.0/19 descr: Company Transinform origin: AS12979 notify: noc () tsi ru mnt-by: TRANSINFORM-MNT changed: sergey () tsi ru 20000223 source: RIPE person: Dmitry V Kirosov address: 2/1 Kalanchovskaya street address: Moscow address: RU-107174 phone: +7 095 262-2620 fax-no: +7 095 262-1531 e-mail: dvk () css-mps ru nic-hdl: KD544-RIPE changed: pasha () glasnet ru 19980917 source: RIPE Mr. I. Network Engineer / Ops Manager Narellan (NorthEast) Inc.
Current thread:
- Scans from Russia Infrastructure Dept. (Sep 20)
- Re: Scans from Russia Vitaly Osipov (Sep 22)
- <Possible follow-ups>
- Re: Scans from Russia Adam Pendleton (Sep 21)