Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Some stats of events

From: henris () BGA COM (Henri J. Schlereth)
Date: Mon, 10 Jul 2000 06:52:04 -0500

While I am a aware that people have differing criteria on what
constitutes an "intrusion", here's mine:

I have a 4 hour IP (dynamic dial-up, 56K modem), I provide
no external services, and only two people I know ever
connect to me from the outside on rare occassions. Any
thing else can be considered accidents, probes, intrusions
but they will be logged.

Really, I am just a nobody on a modem line, this is way
too persistent behavior to just be "accidents", especially
since last year I had only 4.

The listing for portmap reflects rpcinfo -p dumps.

All errors are mine, of course. Enjoy.

Henri

Intrusion Log Book

Date         Time        IP                CC  US type      port
**-**-****   23:59:59    XXX.XXX.XXX.XXX   br  ca *******   XXX

10-15-1999   08:35:22    192.45.82.251         ca login     513
11-06-1999   12:30:01    204.29.160.17         fl portmap   111 
11-17-1999   01:16:39    195.210.100.199   it     portmap   111 
11-19-1999   04:43:00    131.123.98.92         oh portmap   111 

Total: 4 (YTD)

01-04-2000  17:27:02     210.105.42.91     kr    portmap    111
01-04-2000  17:27:05     210.105.42.91     kr    telnet     23
01-05-2000  19:28:45     210.105.42.91     kr    portmap    111
01-05-2000  19:28:46     210.105.42.91     kr    telnet     23
01-13-2000  21:40:38     210.104.236.196   kr    telnet     23
01-13-2000  21:40:39     210.104.236.196   kr    portmap    111
01-14-2000  19:36:06     206.107.248.20       az portmap    111
01-19-2000  06:47:45     210.91.106.220    kr    portmap    111
01-26-2000  07:52:24     149.170.199.144   uk    portmap    111

Total: 9

02-10-2000  22:46:12     24.30.24.207         mi imap       143
02-13-2000  12:53:55     205.238.142.59       tx portmap    111
02-13-2000  18:28:24     209.41.91.18         tx portmap    111
02-25-2000  03:18:02     194.77.138.18     de    portmap    111
02-28-2000  19:56:15     212.36.1.178      bg    ftp        21

Total: 5

03-04-2000  05:46:52     130.118.46.74         ca portmap   111
03-05-2000  05:07:24     207.246.86.18         ky telnet    23
03-06-2000  06:20:20     129.11.69.109     uk     pop2      109
03-19-2000  12:50:55     200.196.82.234    br     portmap   111
03-22-2000  17:02:45     207.172.211.45        va imap      143

Total: 5

04-03-2000  01:38:46     200.47.62.41      ar     portmap   111
04-16-2000  07:24:28     209.86.158.8          ga ftp       21
04-14-2000  14:05:46     194.168.237.218   uk     nntp      119
04-19-2000  00:54:02     205.244.34.51     do     BO        31337
04-20-2000  15:32:36     194.168.63.54     uk     nntp      119
04-23-2000  11:14:15     194.168.59.119    uk     nntp      119
04-28-2000  21:10:16     209.203.228.237       wa portmap   111

Total: 7

05-05-2000  19:12:33     192.231.29.12         ms portmap   111
05-05-2000  19:12:42     192.231.29.12         ms telnet    23
05-13-2000  13:18:21     195.217.161.181   uk     nntp      119
05-13-2000  20:06:49     210.216.154.135   kr     imap      143
05-21-2000  21:36:04     210.220.201.100   kr     portmap   111
05-21-2000  21:36:06     210.220.201.100   kr     ftp       21
05-30-2000  08:54:21     210.112.192.74    kr     sp        98
(sp= syn probe)

Total: 7

06-03-2000 10:11:50      62.155.162.143    de     nntp      119
06-03-2000 17:01:25      212.41.49.63      uk     nntp      119
06-06-2000 01:23:12      205.178.30.17        ca  socks     1080
06-09-2000 16:31:28      216.87.144.2         tx  sp        98
06-11-2000 02:18:00      172.163.135.37(AOL)  va  sp        139
06-11-2000 11:37:54      172.165.94.219(AOL)  va  sp        139
06-11-2000 11:43:45      172.165.94.219(AOL)  va  sp        139
06-11-2000 12:02:08      172.163.98.77(AOL)   va  sp        139
06-11-2000 12:34:11      172.163.98.77(AOL)   va  sp        139
06-13-2000 04:01:43      206.54.51.20         ca  ftp       21
06-15-2000 04:12:33      207.218.207.86       tx  nntp      119
06-18-2000 21:17:39      200.243.205.3     br     sp        2583
06-18-2000 21:17:39      200.243.205.3     br     NetBus    12345
06-18-2000 21:17:39      200.243.205.3     br     NetBus    123466
06-18-2000 20:07:38      210.217.24.1      kr   sp-ingreslock 4851
06-24-2000 22:45:58      193.145.133.202   es     imap      143
06-25-2000 20:05:08      210.99.142.122    kr     sp        98
06-28-2000 03:09:59      207.218.220.54       tx  nntp      119
06-28-2000 15:50:27      210.99.142.122    kr     sp        4706

Total: 19

07-02-2000 04:51:36      212.65.5.143      nl     nntp      119
07-04-2000 16:35:32      64.7.7.222        ny     telnet    23
07-04-2000 17:30:35      210.225.130.135   jp     ftp       21
07-04-2000 18:39:57      63.216.196.88        ca  domain    53
07-05-2000 04:27:52      209.55.69.98         ca  portmap   111
07-05-2000 20:56:51      210.225.135.222   jp     ftp       21
07-06-2000 11:23:06      212.41.222.118    it     FakeBO    80
07-07-2000 16:34:08      208.58.215.121       va  asp       27374
07-08-2000 04:09:06      62.158.195.2      de     nntp      119
07-09-2000 20:12:24      211.36.42.222     kr     portmap   111

Total: 10
YTD: 52
Previous By Date Next
Previous By Thread Next

Current thread: