Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Portscanning from 211.42.135.14

From: Ben Ostrowsky <ostrowb () TBLC ORG>
Date: Mon, 14 Aug 2000 09:51:25 -0400
The following attempts appeared in our syslog recently:


Aug 12 04:00:25 snoopy sshd[25585]: log: Connection from 211.42.135.14
port 1339
Aug 12 04:00:25 snoopy sshd[25585]: log: Could not reverse map address
211.42.135.14.
Aug 12 04:00:25 snoopy sshd[25585]: fatal: Did not receive ident string.
Aug 12 04:00:36 snoopy sshd[25592]: log: Connection from 211.42.135.14
port 1349
Aug 12 04:00:36 snoopy sshd[25592]: log: Could not reverse map address
211.42.135.14.
Aug 12 04:01:48 snoopy ftpd[25598]: lost connection to 211.42.135.14
[211.42.135.14]
Aug 12 04:01:48 snoopy sshd[25592]: fatal: Did not receive ident string.
Aug 12 04:00:19 snoopy imapd[25582]: connect from 211.42.135.14
Aug 12 04:00:25 snoopy imapd[25586]: connect from 211.42.135.14
Aug 12 04:00:25 snoopy in.ftpd[25588]: connect from 211.42.135.14
Aug 12 04:00:27 snoopy in.telnetd[25591]: warning: can't get client
address: Connection reset by peer
Aug 12 04:01:01 snoopy in.ftpd[25598]: connect from 211.42.135.14
Aug 12 04:01:52 snoopy in.telnetd[25711]: warning: can't get client
address: Connection reset by peer
Aug 12 04:00:21 snoopy imapd[25582]: command stream end of file, while
reading line user=??? host=[211.42.135.14]
Aug 12 04:00:24 snoopy ipop3d[25583]: Command stream end of file while
reading line user=??? host=[211.42.135.14]
Aug 12 04:00:25 snoopy imapd[25586]: command stream end of file, while
reading line user=??? host=[211.42.135.14]


I tried 'dig -x 211.42.135.14 soa' but got no useful information.  I'm
curious: does anyone know who just portscanned us?  Does the pattern look
familiar?

--
Ben Ostrowsky, Automation Services Technologist
Tampa Bay Library Consortium - http://www.tblc.org/
Previous By Date Next
Previous By Thread Next

Current thread: