Security Incidents mailing list archives
Re: Portscanning from 211.42.135.14
From: Patrick Oonk <patrick () pine nl>
Date: Mon, 14 Aug 2000 19:47:12 +0200
On Mon, Aug 14, 2000 at 09:51:25AM -0400, Ben Ostrowsky wrote:
The following attempts appeared in our syslog recently:Aug 12 04:00:25 snoopy sshd[25585]: log: Connection from 211.42.135.14 port 1339 Aug 12 04:00:25 snoopy sshd[25585]: log: Could not reverse map address 211.42.135.14. Aug 12 04:00:25 snoopy sshd[25585]: fatal: Did not receive ident string. Aug 12 04:00:36 snoopy sshd[25592]: log: Connection from 211.42.135.14 port 1349 Aug 12 04:00:36 snoopy sshd[25592]: log: Could not reverse map address 211.42.135.14. Aug 12 04:01:48 snoopy ftpd[25598]: lost connection to 211.42.135.14 [211.42.135.14] Aug 12 04:01:48 snoopy sshd[25592]: fatal: Did not receive ident string. Aug 12 04:00:19 snoopy imapd[25582]: connect from 211.42.135.14 Aug 12 04:00:25 snoopy imapd[25586]: connect from 211.42.135.14 Aug 12 04:00:25 snoopy in.ftpd[25588]: connect from 211.42.135.14 Aug 12 04:00:27 snoopy in.telnetd[25591]: warning: can't get client address: Connection reset by peer Aug 12 04:01:01 snoopy in.ftpd[25598]: connect from 211.42.135.14 Aug 12 04:01:52 snoopy in.telnetd[25711]: warning: can't get client address: Connection reset by peer Aug 12 04:00:21 snoopy imapd[25582]: command stream end of file, while reading line user=??? host=[211.42.135.14] Aug 12 04:00:24 snoopy ipop3d[25583]: Command stream end of file while reading line user=??? host=[211.42.135.14] Aug 12 04:00:25 snoopy imapd[25586]: command stream end of file, while reading line user=??? host=[211.42.135.14]I tried 'dig -x 211.42.135.14 soa' but got no useful information. I'm curious: does anyone know who just portscanned us? Does the pattern look familiar? -- Ben Ostrowsky, Automation Services Technologist Tampa Bay Library Consortium - http://www.tblc.org/
(patrick@atro /~) whois 211.42.135.14 % Rights restricted by copyright. See % http://www.apnic.net/db/dbcopyright.html inetnum: 211.42.0.0 - 211.51.255.255 netname: KRNIC-KR-23 descr: KRNIC descr: Korea Network Information Center country: KR admin-c: WK1-AP tech-c: SL119-AP remarks: KRNIC Allocation Block remarks: Authoritative Information regarding assignments and remarks: allocations made from within this block can also be remarks: queried at whois.nic.or.kr mnt-by: APNIC-HM mnt-lower: MNT-KRNIC-AP changed: hostmaster () apnic net 19991118 source: APNIC person: Weon Kim address: Korea Network Information Center (KRNIC) address: Narajongkeum B/D 14F, 1328-3, Seocho-dong, Seocho-Ku address: Seoul, 137-070, Republic of Korea address: **************** Important Notice ********************** address: KRNIC is the National Internet Registry. address: If you want to find detail assignment information address: about above IP address, please use http://ipwhois.nic.or.kr address: or "whois -h whois.nic.or.kr <ip address>" address: ***************************************************** phone: +82-2-2186-4502 fax-no: +82-2-2186-4496 country: KR e-mail: wkim () nic or kr nic-hdl: WK1-AP mnt-by: MNT-KRNIC-AP changed: seungmin () nic or kr 20000222 source: APNIC person: Seung-Min Lee address: Korea Network Information Center (KRNIC) address: Narajongkeum B/D 14F, 1328-3, Seocho-dong, Seocho-Ku address: Seoul, 137-070, Republic of Korea address: **************** Important Notice ********************** address: KRNIC is the National Internet Registry address: If you want to find detail assignment information address: about above IP address, please use http://ipwhois.nic.or.kr address: or "whois -h whois.nic.or.kr <ip address>" address: ***************************************************** phone: +82-2-2186-4506 fax-no: +82-2-2186-4496 country: KR e-mail: seungmin () krnic net nic-hdl: SL119-AP mnt-by: MNT-KRNIC-AP changed: seungmin () nic or kr 20000222 source: APNIC -- Patrick Oonk - PO1-6BONE - patrick () pine nl - www.pine.nl/~patrick Pine Internet - PAT31337-RIPE - PGPkeyID BE7497F1 - XOIP+31208723350 Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://security.nl PGP fingerprint A6 12 66 7F 22 84 1B E5 73 8C 99 F7 17 7B A3 98 Excuse of the day: Route flapping at the NAP.
Current thread:
- Portscanning from 211.42.135.14 Ben Ostrowsky (Aug 14)
- Re: Portscanning from 211.42.135.14 Max Gribov (Aug 15)
- Re: Portscanning from 211.42.135.14 Patrick Oonk (Aug 15)
- <Possible follow-ups>
- Re: Portscanning from 211.42.135.14 玉造 光緒 (Aug 15)
- Re: Portscanning from 211.42.135.14 Bill Hayes (Aug 15)
- Re: Portscanning from 211.42.135.14 Bill Royds (Aug 18)