Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Port Scan from Argentina

From: root () RGFSPARC CR USGS GOV (Robert G. Ferrell)
Date: Wed, 16 Feb 2000 12:06:42 -0600

Hi folks,

Thought I'd share this little port scan with you.  I've already attempted to
contact the apparent originating network's admin.

===============================================================================

Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: klogin connection
attempt from RCH2ppp-59.uc.infovia.com.ar:4254
Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 1080 connection
attempt from RCH2ppp-59.uc.infovia.com.ar:4255
Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: ftp connection attempt
from RCH2ppp-59.uc.infovia.com.ar:4256
Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: imap connection attempt
from RCH2ppp-59.uc.infovia.com.ar:4257
Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: pop3 connection attempt
from RCH2ppp-59.uc.infovia.com.ar:4258
Feb 16 03:08:24 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 6000 connection
attempt from RCH2ppp-59.uc.infovia.com.ar:4259
Feb 16 03:08:24 rgfsparc.cr.usgs.gov inetd[130]: ftp[3369] from 209.13.233.59
4256
Feb 16 03:08:25 rgfsparc.cr.usgs.gov inetd[130]: telnet[3370] from 209.13.233.59
4260
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from
host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 1080
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host
209.13.233.59 has been blocked via wrappers with string: "ALL: 209.13.233.59"
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host
209.13.233.59 has been blocked via dropped route using command: "/usr/sbin/route
add 209.13.233.59 136.177.164.253 1"
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from
host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 109
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host:
209.13.233.59 is already blocked. Ignoring
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from
host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 110
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host:
209.13.233.59 is already blocked. Ignoring
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from
host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 143
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host:
209.13.233.59 is already blocked. Ignoring
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from
host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 6667
Feb 16 03:08:25 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host:
209.13.233.59 is already blocked. Ignoring
Feb 16 03:08:26 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Connect from
host: RCH2ppp-59.uc.infovia.com.ar/209.13.233.59 to TCP port: 139
Feb 16 03:08:26 rgfsparc.cr.usgs.gov portsentry[235]: attackalert: Host:
209.13.233.59 is already blocked. Ignoring
Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: telnet connection
attempt from RCH2ppp-59.uc.infovia.com.ar:4260
Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 80 connection
attempt from RCH2ppp-59.uc.infovia.com.ar:4261
Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: pop2 connection attempt
from RCH2ppp-59.uc.infovia.com.ar:4262
Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 8080 connection
attempt from RCH2ppp-59.uc.infovia.com.ar:4263
Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 22 connection
attempt from RCH2ppp-59.uc.infovia.com.ar:4264
Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 544 connection
attempt from RCH2ppp-59.uc.infovia.com.ar:4265
Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port 6667 connection
attempt from RCH2ppp-59.uc.infovia.com.ar:4267
Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: finger connection
attempt from RCH2ppp-59.uc.infovia.com.ar:4266
Feb 16 03:08:28 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port scan detected from
RCH2ppp-59.uc.infovia.com.ar
Feb 16 03:09:18 rgfsparc.cr.usgs.gov iplog[18074]: TCP: port scan mode expired
for RCH2ppp-59.uc.infovia.com.ar - received a total of 17 packets (680 bytes).

=============================================================================

Cheers,

RGF

Robert G. Ferrell
Information Security Officer
National Business Center, US DoI
Robert_G_Ferrell () nbc gov
----------------------------------------------------------------------------
Nothing I have ever said should be construed as even vaguely
representing an official statement by the NBC or DoI.
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: