Security Incidents mailing list archives
Portscanning from 211.42.135.14
From: Ben Ostrowsky <ostrowb () TBLC ORG>
Date: Mon, 14 Aug 2000 09:51:25 -0400
The following attempts appeared in our syslog recently:
Aug 12 04:00:25 snoopy sshd[25585]: log: Connection from 211.42.135.14 port 1339 Aug 12 04:00:25 snoopy sshd[25585]: log: Could not reverse map address 211.42.135.14. Aug 12 04:00:25 snoopy sshd[25585]: fatal: Did not receive ident string. Aug 12 04:00:36 snoopy sshd[25592]: log: Connection from 211.42.135.14 port 1349 Aug 12 04:00:36 snoopy sshd[25592]: log: Could not reverse map address 211.42.135.14. Aug 12 04:01:48 snoopy ftpd[25598]: lost connection to 211.42.135.14 [211.42.135.14] Aug 12 04:01:48 snoopy sshd[25592]: fatal: Did not receive ident string. Aug 12 04:00:19 snoopy imapd[25582]: connect from 211.42.135.14 Aug 12 04:00:25 snoopy imapd[25586]: connect from 211.42.135.14 Aug 12 04:00:25 snoopy in.ftpd[25588]: connect from 211.42.135.14 Aug 12 04:00:27 snoopy in.telnetd[25591]: warning: can't get client address: Connection reset by peer Aug 12 04:01:01 snoopy in.ftpd[25598]: connect from 211.42.135.14 Aug 12 04:01:52 snoopy in.telnetd[25711]: warning: can't get client address: Connection reset by peer Aug 12 04:00:21 snoopy imapd[25582]: command stream end of file, while reading line user=??? host=[211.42.135.14] Aug 12 04:00:24 snoopy ipop3d[25583]: Command stream end of file while reading line user=??? host=[211.42.135.14] Aug 12 04:00:25 snoopy imapd[25586]: command stream end of file, while reading line user=??? host=[211.42.135.14]
I tried 'dig -x 211.42.135.14 soa' but got no useful information. I'm curious: does anyone know who just portscanned us? Does the pattern look familiar? -- Ben Ostrowsky, Automation Services Technologist Tampa Bay Library Consortium - http://www.tblc.org/
Current thread:
- Portscanning from 211.42.135.14 Ben Ostrowsky (Aug 14)
- Re: Portscanning from 211.42.135.14 Max Gribov (Aug 15)
- Re: Portscanning from 211.42.135.14 Patrick Oonk (Aug 15)
- <Possible follow-ups>
- Re: Portscanning from 211.42.135.14 玉造 光緒 (Aug 15)
- Re: Portscanning from 211.42.135.14 Bill Hayes (Aug 15)
- Re: Portscanning from 211.42.135.14 Bill Royds (Aug 18)