Security Incidents mailing list archives

Re: Scans from Russia

From: Vitaly Osipov <vos () TELENOR CZ>
Date: Fri, 22 Sep 2000 10:14:51 +0200

I hope now nobody is going to cry that you are attacked from Russian
ministry of roads and transportation... (because MRT means exactly this :) )

if you read russian, try http://www.css-mps.ru/ (though I guess you do not)

but actually this was done from a dialup in some _very_ small city in Russia
(they say on their site www.szr.net.ru that they have only 25 dialup users,
so you can try to contact them at laz () szr net ru to find the cause)

dialup9.szr.net.ru (213.156.132.118)

regards,
W.


----- Original Message -----
From: "Infrastructure Dept." <infrastructure () narellan net>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Wednesday, September 20, 2000 2:57 PM
Subject: Scans from Russia

I check my logs more than daily so I usually catch stuff soon after the
occurrence. Here's something I saw this morning. Can someone tell me what
the flags mean or where I can find a list of 'flags'

Sep 20 00:27:21 ns1 scanlogd: From 213.156.132.118 to x.x.x.x ports 1999,
745, 602, 6003, 144, 3333, 32771, 53, 2049, ..., flags fSrpau, TOS 00, TTL
42, started at 00:27:19

And here's the Whois data

inetnum:     213.156.130.0 - 213.156.136.255
netname:     CSSMPSNET
descr:       Central Switching Station of MRT RF
descr:       Russia
country:     RU
admin-c:     KD544-RIPE
tech-c:      KD544-RIPE
status:      ASSIGNED PA
notify:      netadmin () css-mps ru
mnt-by:      TRANSINFORM-MNT
changed:     netadmin () css-mps ru 20000214
changed:     alex () tsi ru 20000223
source:      RIPE

route:       213.156.128.0/19
descr:       Company Transinform
origin:      AS12979
notify:      noc () tsi ru
mnt-by:      TRANSINFORM-MNT
changed:     sergey () tsi ru 20000223
source:      RIPE

person:      Dmitry V Kirosov
address:     2/1 Kalanchovskaya street
address:     Moscow
address:     RU-107174
phone:       +7 095 262-2620
fax-no:      +7 095 262-1531
e-mail:      dvk () css-mps ru
nic-hdl:     KD544-RIPE
changed:     pasha () glasnet ru 19980917
source:      RIPE



Mr. I.
Network Engineer / Ops Manager
Narellan (NorthEast) Inc.

Current thread:

Scans from Russia Infrastructure Dept. (Sep 20)
- Re: Scans from Russia Vitaly Osipov (Sep 22)
- <Possible follow-ups>
- Re: Scans from Russia Adam Pendleton (Sep 21)