Subject: [LOGS] Summary of large-scale portscanning detects - msg#00045

Previous Message by Date: click to view message preview

RE:strange mail connections

Most of the addresses that are attacking the mail server resolve to some domain.yahoo.com. I am aware of the WALLON worm but how does that tie up with the attack targeting the mail server? http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WALLON.A An example of the addresses that are recieved would be: Name: web25101.mail.ukl.yahoo.com Address: 217.12.10.49 Name: smtp003.mail.ukl.yahoo.com Address: 217.12.11.34 I ran the captured tcpdump file thru snort and it produced the following alert: In this case the remote host resolves as follows: Name: orleans-1-62-147-93-158.dial.proxad.net Address: 62.147.93.158 SID 1549 Message SMTP HELO overflow attempt Signature alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"SMTP HELO overflow attempt"; flow:to_server,established; content:"HELO"; isdataat:500,relative; pcre:"/^HELO\s[^\n]{500}/smi"; reference:bugtraq,895; reference:cve,CVE-2000-0042; reference:nessus,10324; reference:bugtraq,7726; reference:nessus,11674; classtype:attempted-admin; sid:1549; rev:13;) [**] SMTP HELO overflow attempt [**] 05/13-18:47:03.956782 62.147.93.158:4252 -> mail.server:25 TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:72 ***AP*** Seq: 0xE03CB4E1 Ack: 0x94E1AC64 Win: 0x2238 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Frame 33475 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497813109, Ack: 0, Len: 0 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497813109 Header length: 28 bytes Flags: 0x0002 (SYN) Window size: 8760 Checksum: 0xdcc9 (correct) Options: (8 bytes) 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 00 30 5c b4 40 00 71 06 69 02 3e 93 5d 9e 9e a9 .0\.@.q.i.>.]... 0020 09 37 10 9c 00 19 94 e1 9a 75 00 00 00 00 70 02 .7.......u....p. 0030 22 38 dc c9 00 00 02 04 05 b4 01 01 04 02 "8............ Frame 33476 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074460, Ack: 2497813110, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074460 Acknowledgement number: 2497813110 Header length: 24 bytes Flags: 0x0012 (SYN, ACK) Window size: 8760 Checksum: 0x5e26 (correct) Options: (4 bytes) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 2c 71 8b 40 00 7f 06 46 2f 9e a9 09 37 3e 93 .,q.@...F/...7>. 0020 5d 9e 00 19 10 9c e0 3c b3 5c 94 e1 9a 76 60 12 ]......<.\...v`. 0030 22 38 5e 26 00 00 02 04 05 b4 00 00 "8^&........ Frame 33523 (80 bytes on wire, 80 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497813127, Ack: 3762074736, Len: 26 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497813127 Next sequence number: 2497813153 Acknowledgement number: 3762074736 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8485 Checksum: 0x598d (correct) Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 00 42 5c cb 40 00 71 06 68 d9 3e 93 5d 9e 9e a9 .B\.@.q.h.>.]... 0020 09 37 10 9c 00 19 94 e1 9a 87 e0 3c b4 70 50 18 .7.........<.pP. 0030 21 25 59 8d 00 00 4d 41 49 4c 20 46 52 4f 4d 3a !%Y...MAIL FROM: 0040 20 3c 31 32 30 30 34 40 31 2e 6a 70 67 3e 0d 0a <12004@xxxxx>.. Frame 33524 (88 bytes on wire, 88 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074736, Ack: 2497813153, Len: 34 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074736 Next sequence number: 3762074770 Acknowledgement number: 2497813153 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8717 Checksum: 0x193c (correct) Simple Mail Transfer Protocol 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 4a 5e 8c 40 00 7f 06 59 10 9e a9 09 37 3e 93 .J^.@...Y....7>. 0020 5d 9e 00 19 10 9c e0 3c b4 70 94 e1 9a a1 50 18 ]......<.p....P. 0030 22 0d 19 3c 00 00 32 35 30 20 4f 4b 20 2d 20 6d "..<..250 OK - m 0040 61 69 6c 20 66 72 6f 6d 20 3c 31 32 30 30 34 40 ail from <12004@ 0050 31 2e 6a 70 67 3e 0d 0a 1.jpg>.. Frame 33579 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497813186, Ack: 3762074813, Len: 6 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497813186 Next sequence number: 2497813192 Acknowledgement number: 3762074813 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8408 Checksum: 0xcffc (correct) Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 00 2e 5c e8 40 00 71 06 68 d0 3e 93 5d 9e 9e a9 ..\.@.q.h.>.]... 0020 09 37 10 9c 00 19 94 e1 9a c2 e0 3c b4 bd 50 18 .7.........<..P. 0030 20 d8 cf fc 00 00 44 41 54 41 0d 0a .....DATA.. Frame 33580 (90 bytes on wire, 90 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074813, Ack: 2497813192, Len: 36 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074813 Next sequence number: 3762074849 Acknowledgement number: 2497813192 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8678 Checksum: 0x5d50 (correct) Simple Mail Transfer Protocol 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 4c 39 8d 40 00 7f 06 7e 0d 9e a9 09 37 3e 93 .L9.@...~....7>. 0020 5d 9e 00 19 10 9c e0 3c b4 bd 94 e1 9a c8 50 18 ]......<......P. 0030 21 e6 5d 50 00 00 33 35 34 20 53 65 6e 64 20 64 !.]P..354 Send d 0040 61 74 61 2e 20 20 45 6e 64 20 77 69 74 68 20 43 ata. End with C 0050 52 4c 46 2e 43 52 4c 46 0d 0a RLF.CRLF.. Frame 33635 (1514 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497813320, Ack: 3762074849, Len: 1460 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497813320 Next sequence number: 2497814780 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0xd643 Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 05 dc 5c ec 40 00 71 06 63 1e 3e 93 5d 9e 9e a9 ..\.@.q.c.>.]... 0020 09 37 10 9c 00 19 94 e1 9b 48 e0 3c b4 e1 50 18 .7.......H.<..P. 0030 20 b4 d6 43 00 00 43 6f 6e 74 65 6e 74 2d 54 79 ..C..Content-Ty 0040 70 65 3a 20 6d 75 6c 74 69 70 61 72 74 2f 6d 69 pe: multipart/mi 0050 78 65 64 3b 0d 0a 09 62 6f 75 6e 64 61 72 79 3d xed;...boundary= Frame 33851 (1514 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497816240, Ack: 3762074849, Len: 1460 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497816240 Next sequence number: 2497817700 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0x60d4 Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 05 dc 5c f1 40 00 71 06 63 19 3e 93 5d 9e 9e a9 ..\.@.q.c.>.]... 0020 09 37 10 9c 00 19 94 e1 a6 b0 e0 3c b4 e1 50 18 .7.........<..P. 0030 20 b4 60 d4 00 00 41 41 45 31 6c 63 33 4e 68 5a .`...AAE1lc3NhZ 0040 32 56 43 62 33 68 42 41 41 41 41 64 33 4e 77 63 2VCb3hBAAAAd3Nwc 0050 6d 6c 75 64 47 5a 42 41 41 41 41 52 58 68 70 64 mludGZBAAAARXhpd Frame 33942 (819 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497820620, Ack: 3762074849, Len: 765 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497820620 Next sequence number: 2497821385 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0x95b2 Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 03 25 5c fc 40 00 71 06 65 c5 3e 93 5d 9e 9e a9 .%\.@.q.e.>.]... 0020 09 37 10 9c 00 19 94 e1 b7 cc e0 3c b4 e1 50 18 .7.........<..P. 0030 20 b4 95 b2 00 00 49 58 77 30 49 4f 4c 36 4d 6c .....IXw0IOL6Ml 0040 6a 32 38 6a 4b 67 50 68 74 6b 52 54 72 6e 4f 75 j28jKgPhtkRTrnOu 0050 6e 30 2b 49 62 65 62 43 2b 52 7a 4d 79 30 43 4d n0+IbebC+RzMy0CM Frame 33943 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497817700, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497817700 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x6271 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 60 92 40 00 7f 06 57 2c 9e a9 09 37 3e 93 .(`.@...W,...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 ac 64 50 10 ]......<.....dP. 0030 22 38 62 71 00 00 00 00 00 00 00 00 "8bq........ Frame 33944 (182 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497821385, Ack: 3762074849, Len: 128 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497821385 Next sequence number: 2497821513 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0x59bd Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 00 a8 5c ff 40 00 71 06 68 3f 3e 93 5d 9e 9e a9 ..\.@.q.h?>.]... 0020 09 37 10 9c 00 19 94 e1 ba c9 e0 3c b4 e1 50 18 .7.........<..P. 0030 20 b4 59 bd 00 00 68 55 4e 49 65 6f 6d 7a 70 4f .Y...hUNIeomzpO 0040 6b 65 76 33 6f 38 74 66 4c 55 37 52 0d 0a 32 4a kev3o8tfLU7R..2J 0050 6a 65 30 43 79 74 34 72 37 64 73 78 54 4e 36 75 je0Cyt4r7dsxTN6u Frame 33945 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497817700, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497817700 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x6271 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 69 92 40 00 7f 06 4e 2c 9e a9 09 37 3e 93 .(i.@...N,...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 ac 64 50 10 ]......<.....dP. 0030 22 38 62 71 00 00 00 00 00 00 00 00 "8bq........ Frame 33999 (1514 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497817700, Ack: 3762074849, Len: 1460 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497817700 Next sequence number: 2497819160 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0xd673 Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 05 dc 5c f7 40 00 71 06 63 13 3e 93 5d 9e 9e a9 ..\.@.q.c.>.]... 0020 09 37 10 9c 00 19 94 e1 ac 64 e0 3c b4 e1 50 18 .7.......d.<..P. 0030 20 b4 d6 73 00 00 70 31 75 44 2f 6f 78 0d 0a 57 ..s..p1uD/ox..W 0040 65 4f 30 30 41 43 42 41 6f 33 36 5a 66 73 42 46 eO00ACBAo36ZfsBF 0050 62 72 4b 51 6f 36 2b 44 38 53 48 46 48 45 6f 62 brKQo6+D8SHFHEob Frame 34002 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497819160, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497819160 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x5cbd (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 61 93 40 00 7f 06 56 2b 9e a9 09 37 3e 93 .(a.@...V+...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 b2 18 50 10 ]......<......P. 0030 22 38 5c bd 00 00 00 00 00 00 00 00 "8\......... Frame 34015 (1514 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497819160, Ack: 3762074849, Len: 1460 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497819160 Next sequence number: 2497820620 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0xa0bb Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 05 dc 5c f9 40 00 71 06 63 11 3e 93 5d 9e 9e a9 ..\.@.q.c.>.]... 0020 09 37 10 9c 00 19 94 e1 b2 18 e0 3c b4 e1 50 18 .7.........<..P. 0030 20 b4 a0 bb 00 00 77 4e 7a 47 50 47 6b 6e 53 4e .....wNzGPGknSN 0040 57 43 41 51 54 6a 72 78 4d 70 50 51 39 4a 58 4f WCAQTjrxMpPQ9JXO 0050 6d 0d 0a 67 42 36 42 44 45 70 4f 4f 77 77 44 63 m..gB6BDEpOOwwDc Frame 34016 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497824433, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497824433 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x4824 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 d8 93 40 00 7f 06 df 2a 9e a9 09 37 3e 93 .(..@....*...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 c6 b1 50 10 ]......<......P. 0030 22 38 48 24 00 00 00 00 00 00 00 00 "8H$........ Frame 34251 (1514 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497825893, Ack: 3762074849, Len: 1460 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497825893 Next sequence number: 2497827353 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0x832f Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 05 dc 5d 97 40 00 71 06 62 73 3e 93 5d 9e 9e a9 ..].@.q.bs>.]... 0020 09 37 10 9c 00 19 94 e1 cc 65 e0 3c b4 e1 50 18 .7.......e.<..P. 0030 20 b4 83 2f 00 00 31 33 6d 62 47 42 58 55 6a 56 ../..13mbGBXUjV 0040 53 57 69 33 56 6d 4b 30 44 72 44 69 6d 50 52 2f SWi3VmK0DrDimPR/ 0050 62 74 0d 0a 56 62 58 6c 61 59 57 5a 77 6f 2f 71 bt..VbXlaYWZwo/q Frame 34252 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497828813, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497828813 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x3708 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 b2 98 40 00 7f 06 05 26 9e a9 09 37 3e 93 .(..@....&...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 d7 cd 50 10 ]......<......P. 0030 22 38 37 08 00 00 00 00 00 00 00 00 "87......... Frame 34273 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497828814, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497828814 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8759 Checksum: 0x3708 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 31 9a 40 00 7f 06 86 24 9e a9 09 37 3e 93 .(1.@....$...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 d7 ce 50 10 ]......<......P. 0030 22 37 37 08 00 00 00 00 00 00 00 00 "77......... Frame 34368 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497837797, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497837797 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x13f0 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 05 a0 40 00 7f 06 b2 1e 9e a9 09 37 3e 93 .(..@........7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 fa e5 50 10 ]......<......P. 0030 22 38 13 f0 00 00 00 00 00 00 00 00 "8.......... _________________________________________________________________ Get MSN Hotmail Extra Storage - storage that grows with your needs! http://join.msn.com/?pgmarket=en-xe _______________________________________________ Intrusions mailing list Intrusions@xxxxxxxxxxxxxx http://www.dshield.org/mailman/listinfo/intrusions

Next Message by Date: click to view message preview

RE: RE:strange mail connections

I believe what your seeing is netsky not wallon. This is from the diary http://isc.sans.org/diary.php?date=2004-05-12 Mailbag - Netsky We received a report from a user who had been seeing a large number of DNS queries from a small set of his high speed customers. The answer, as pointed by Rick Wanner, was that it was caused by NetSky. From his words: "...I didn't realize that the deciding factor for what is an email address is anything with an "@" sign in the name, or contents would be tried as an email address. So people with big Internet caches, and who don't clean up their cookies were generating thousands of MX requests per minute to their default DNS server." Donald.Smith@xxxxxxxxx GCIA http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC //Please replytoall so that all the Handlers can stay in the loop -----Original Message----- From: intrusions-bounces@xxxxxxxxxxxxxx [mailto:intrusions-bounces@xxxxxxxxxxxxxx] On Behalf Of lola marais Sent: Friday, May 14, 2004 8:10 PM To: intrusions@xxxxxxxxxxxxxx Subject: [Intrusions] RE:strange mail connections Most of the addresses that are attacking the mail server resolve to some domain.yahoo.com. I am aware of the WALLON worm but how does that tie up with the attack targeting the mail server? http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WAL LON.A An example of the addresses that are recieved would be: Name: web25101.mail.ukl.yahoo.com Address: 217.12.10.49 Name: smtp003.mail.ukl.yahoo.com Address: 217.12.11.34 I ran the captured tcpdump file thru snort and it produced the following alert: In this case the remote host resolves as follows: Name: orleans-1-62-147-93-158.dial.proxad.net Address: 62.147.93.158 SID 1549 Message SMTP HELO overflow attempt Signature alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"SMTP HELO overflow attempt"; flow:to_server,established; content:"HELO"; isdataat:500,relative; pcre:"/^HELO\s[^\n]{500}/smi"; reference:bugtraq,895; reference:cve,CVE-2000-0042; reference:nessus,10324; reference:bugtraq,7726; reference:nessus,11674; classtype:attempted-admin; sid:1549; rev:13;) [**] SMTP HELO overflow attempt [**] 05/13-18:47:03.956782 62.147.93.158:4252 -> mail.server:25 TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:72 ***AP*** Seq: 0xE03CB4E1 Ack: 0x94E1AC64 Win: 0x2238 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Frame 33475 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497813109, Ack: 0, Len: 0 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497813109 Header length: 28 bytes Flags: 0x0002 (SYN) Window size: 8760 Checksum: 0xdcc9 (correct) Options: (8 bytes) 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 00 30 5c b4 40 00 71 06 69 02 3e 93 5d 9e 9e a9 .0\.@.q.i.>.]... 0020 09 37 10 9c 00 19 94 e1 9a 75 00 00 00 00 70 02 .7.......u....p. 0030 22 38 dc c9 00 00 02 04 05 b4 01 01 04 02 "8............ Frame 33476 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074460, Ack: 2497813110, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074460 Acknowledgement number: 2497813110 Header length: 24 bytes Flags: 0x0012 (SYN, ACK) Window size: 8760 Checksum: 0x5e26 (correct) Options: (4 bytes) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 2c 71 8b 40 00 7f 06 46 2f 9e a9 09 37 3e 93 .,q.@...F/...7>. 0020 5d 9e 00 19 10 9c e0 3c b3 5c 94 e1 9a 76 60 12 ]......<.\...v`. 0030 22 38 5e 26 00 00 02 04 05 b4 00 00 "8^&........ Frame 33523 (80 bytes on wire, 80 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497813127, Ack: 3762074736, Len: 26 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497813127 Next sequence number: 2497813153 Acknowledgement number: 3762074736 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8485 Checksum: 0x598d (correct) Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 00 42 5c cb 40 00 71 06 68 d9 3e 93 5d 9e 9e a9 .B\.@.q.h.>.]... 0020 09 37 10 9c 00 19 94 e1 9a 87 e0 3c b4 70 50 18 .7.........<.pP. 0030 21 25 59 8d 00 00 4d 41 49 4c 20 46 52 4f 4d 3a !%Y...MAIL FROM: 0040 20 3c 31 32 30 30 34 40 31 2e 6a 70 67 3e 0d 0a <12004@xxxxx>.. Frame 33524 (88 bytes on wire, 88 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074736, Ack: 2497813153, Len: 34 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074736 Next sequence number: 3762074770 Acknowledgement number: 2497813153 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8717 Checksum: 0x193c (correct) Simple Mail Transfer Protocol 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 4a 5e 8c 40 00 7f 06 59 10 9e a9 09 37 3e 93 .J^.@...Y....7>. 0020 5d 9e 00 19 10 9c e0 3c b4 70 94 e1 9a a1 50 18 ]......<.p....P. 0030 22 0d 19 3c 00 00 32 35 30 20 4f 4b 20 2d 20 6d "..<..250 OK - m 0040 61 69 6c 20 66 72 6f 6d 20 3c 31 32 30 30 34 40 ail from <12004@ 0050 31 2e 6a 70 67 3e 0d 0a 1.jpg>.. Frame 33579 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497813186, Ack: 3762074813, Len: 6 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497813186 Next sequence number: 2497813192 Acknowledgement number: 3762074813 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8408 Checksum: 0xcffc (correct) Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 00 2e 5c e8 40 00 71 06 68 d0 3e 93 5d 9e 9e a9 ..\.@.q.h.>.]... 0020 09 37 10 9c 00 19 94 e1 9a c2 e0 3c b4 bd 50 18 .7.........<..P. 0030 20 d8 cf fc 00 00 44 41 54 41 0d 0a .....DATA.. Frame 33580 (90 bytes on wire, 90 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074813, Ack: 2497813192, Len: 36 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074813 Next sequence number: 3762074849 Acknowledgement number: 2497813192 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8678 Checksum: 0x5d50 (correct) Simple Mail Transfer Protocol 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 4c 39 8d 40 00 7f 06 7e 0d 9e a9 09 37 3e 93 .L9.@...~....7>. 0020 5d 9e 00 19 10 9c e0 3c b4 bd 94 e1 9a c8 50 18 ]......<......P. 0030 21 e6 5d 50 00 00 33 35 34 20 53 65 6e 64 20 64 !.]P..354 Send d 0040 61 74 61 2e 20 20 45 6e 64 20 77 69 74 68 20 43 ata. End with C 0050 52 4c 46 2e 43 52 4c 46 0d 0a RLF.CRLF.. Frame 33635 (1514 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497813320, Ack: 3762074849, Len: 1460 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497813320 Next sequence number: 2497814780 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0xd643 Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 05 dc 5c ec 40 00 71 06 63 1e 3e 93 5d 9e 9e a9 ..\.@.q.c.>.]... 0020 09 37 10 9c 00 19 94 e1 9b 48 e0 3c b4 e1 50 18 .7.......H.<..P. 0030 20 b4 d6 43 00 00 43 6f 6e 74 65 6e 74 2d 54 79 ..C..Content-Ty 0040 70 65 3a 20 6d 75 6c 74 69 70 61 72 74 2f 6d 69 pe: multipart/mi 0050 78 65 64 3b 0d 0a 09 62 6f 75 6e 64 61 72 79 3d xed;...boundary= Frame 33851 (1514 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497816240, Ack: 3762074849, Len: 1460 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497816240 Next sequence number: 2497817700 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0x60d4 Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 05 dc 5c f1 40 00 71 06 63 19 3e 93 5d 9e 9e a9 ..\.@.q.c.>.]... 0020 09 37 10 9c 00 19 94 e1 a6 b0 e0 3c b4 e1 50 18 .7.........<..P. 0030 20 b4 60 d4 00 00 41 41 45 31 6c 63 33 4e 68 5a .`...AAE1lc3NhZ 0040 32 56 43 62 33 68 42 41 41 41 41 64 33 4e 77 63 2VCb3hBAAAAd3Nwc 0050 6d 6c 75 64 47 5a 42 41 41 41 41 52 58 68 70 64 mludGZBAAAARXhpd Frame 33942 (819 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497820620, Ack: 3762074849, Len: 765 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497820620 Next sequence number: 2497821385 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0x95b2 Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 03 25 5c fc 40 00 71 06 65 c5 3e 93 5d 9e 9e a9 .%\.@.q.e.>.]... 0020 09 37 10 9c 00 19 94 e1 b7 cc e0 3c b4 e1 50 18 .7.........<..P. 0030 20 b4 95 b2 00 00 49 58 77 30 49 4f 4c 36 4d 6c .....IXw0IOL6Ml 0040 6a 32 38 6a 4b 67 50 68 74 6b 52 54 72 6e 4f 75 j28jKgPhtkRTrnOu 0050 6e 30 2b 49 62 65 62 43 2b 52 7a 4d 79 30 43 4d n0+IbebC+RzMy0CM Frame 33943 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497817700, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497817700 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x6271 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 60 92 40 00 7f 06 57 2c 9e a9 09 37 3e 93 .(`.@...W,...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 ac 64 50 10 ]......<.....dP. 0030 22 38 62 71 00 00 00 00 00 00 00 00 "8bq........ Frame 33944 (182 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497821385, Ack: 3762074849, Len: 128 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497821385 Next sequence number: 2497821513 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0x59bd Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 00 a8 5c ff 40 00 71 06 68 3f 3e 93 5d 9e 9e a9 ..\.@.q.h?>.]... 0020 09 37 10 9c 00 19 94 e1 ba c9 e0 3c b4 e1 50 18 .7.........<..P. 0030 20 b4 59 bd 00 00 68 55 4e 49 65 6f 6d 7a 70 4f .Y...hUNIeomzpO 0040 6b 65 76 33 6f 38 74 66 4c 55 37 52 0d 0a 32 4a kev3o8tfLU7R..2J 0050 6a 65 30 43 79 74 34 72 37 64 73 78 54 4e 36 75 je0Cyt4r7dsxTN6u Frame 33945 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497817700, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497817700 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x6271 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 69 92 40 00 7f 06 4e 2c 9e a9 09 37 3e 93 .(i.@...N,...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 ac 64 50 10 ]......<.....dP. 0030 22 38 62 71 00 00 00 00 00 00 00 00 "8bq........ Frame 33999 (1514 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497817700, Ack: 3762074849, Len: 1460 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497817700 Next sequence number: 2497819160 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0xd673 Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 05 dc 5c f7 40 00 71 06 63 13 3e 93 5d 9e 9e a9 ..\.@.q.c.>.]... 0020 09 37 10 9c 00 19 94 e1 ac 64 e0 3c b4 e1 50 18 .7.......d.<..P. 0030 20 b4 d6 73 00 00 70 31 75 44 2f 6f 78 0d 0a 57 ..s..p1uD/ox..W 0040 65 4f 30 30 41 43 42 41 6f 33 36 5a 66 73 42 46 eO00ACBAo36ZfsBF 0050 62 72 4b 51 6f 36 2b 44 38 53 48 46 48 45 6f 62 brKQo6+D8SHFHEob Frame 34002 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497819160, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497819160 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x5cbd (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 61 93 40 00 7f 06 56 2b 9e a9 09 37 3e 93 .(a.@...V+...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 b2 18 50 10 ]......<......P. 0030 22 38 5c bd 00 00 00 00 00 00 00 00 "8\......... Frame 34015 (1514 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497819160, Ack: 3762074849, Len: 1460 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497819160 Next sequence number: 2497820620 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0xa0bb Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 05 dc 5c f9 40 00 71 06 63 11 3e 93 5d 9e 9e a9 ..\.@.q.c.>.]... 0020 09 37 10 9c 00 19 94 e1 b2 18 e0 3c b4 e1 50 18 .7.........<..P. 0030 20 b4 a0 bb 00 00 77 4e 7a 47 50 47 6b 6e 53 4e .....wNzGPGknSN 0040 57 43 41 51 54 6a 72 78 4d 70 50 51 39 4a 58 4f WCAQTjrxMpPQ9JXO 0050 6d 0d 0a 67 42 36 42 44 45 70 4f 4f 77 77 44 63 m..gB6BDEpOOwwDc Frame 34016 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497824433, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497824433 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x4824 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 d8 93 40 00 7f 06 df 2a 9e a9 09 37 3e 93 .(..@....*...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 c6 b1 50 10 ]......<......P. 0030 22 38 48 24 00 00 00 00 00 00 00 00 "8H$........ Frame 34251 (1514 bytes on wire, 96 bytes captured) Ethernet II, Src: 00:10:db:yyy, Dst: 00:08:e2:xxx Internet Protocol, Src Addr: 62.147.93.158 (62.147.93.158), Dst Addr: mail.server (mail.server) Transmission Control Protocol, Src Port: 4252 (4252), Dst Port: smtp (25), Seq: 2497825893, Ack: 3762074849, Len: 1460 Source port: 4252 (4252) Destination port: smtp (25) Sequence number: 2497825893 Next sequence number: 2497827353 Acknowledgement number: 3762074849 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 8372 Checksum: 0x832f Simple Mail Transfer Protocol 0000 00 08 e2 46 b6 4a 00 10 db ff 0a 00 08 00 45 00 ...F.J........E. 0010 05 dc 5d 97 40 00 71 06 62 73 3e 93 5d 9e 9e a9 ..].@.q.bs>.]... 0020 09 37 10 9c 00 19 94 e1 cc 65 e0 3c b4 e1 50 18 .7.......e.<..P. 0030 20 b4 83 2f 00 00 31 33 6d 62 47 42 58 55 6a 56 ../..13mbGBXUjV 0040 53 57 69 33 56 6d 4b 30 44 72 44 69 6d 50 52 2f SWi3VmK0DrDimPR/ 0050 62 74 0d 0a 56 62 58 6c 61 59 57 5a 77 6f 2f 71 bt..VbXlaYWZwo/q Frame 34252 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497828813, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497828813 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x3708 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 b2 98 40 00 7f 06 05 26 9e a9 09 37 3e 93 .(..@....&...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 d7 cd 50 10 ]......<......P. 0030 22 38 37 08 00 00 00 00 00 00 00 00 "87......... Frame 34273 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497828814, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497828814 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8759 Checksum: 0x3708 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 31 9a 40 00 7f 06 86 24 9e a9 09 37 3e 93 .(1.@....$...7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 d7 ce 50 10 ]......<......P. 0030 22 37 37 08 00 00 00 00 00 00 00 00 "77......... Frame 34368 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:08:e2:xxx, Dst: 00:10:db:yyy Internet Protocol, Src Addr: mail.server (mail.server), Dst Addr: 62.147.93.158 (62.147.93.158) Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4252 (4252), Seq: 3762074849, Ack: 2497837797, Len: 0 Source port: smtp (25) Destination port: 4252 (4252) Sequence number: 3762074849 Acknowledgement number: 2497837797 Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 8760 Checksum: 0x13f0 (correct) 0000 00 10 db ff 0a 00 00 08 e2 46 b6 4a 08 00 45 00 .........F.J..E. 0010 00 28 05 a0 40 00 7f 06 b2 1e 9e a9 09 37 3e 93 .(..@........7>. 0020 5d 9e 00 19 10 9c e0 3c b4 e1 94 e1 fa e5 50 10 ]......<......P. 0030 22 38 13 f0 00 00 00 00 00 00 00 00 "8.......... _________________________________________________________________ Get MSN Hotmail Extra Storage - storage that grows with your needs! http://join.msn.com/?pgmarket=en-xe _______________________________________________ Intrusions mailing list Intrusions@xxxxxxxxxxxxxx http://www.dshield.org/mailman/listinfo/intrusions _______________________________________________ Intrusions mailing list Intrusions@xxxxxxxxxxxxxx http://www.dshield.org/mailman/listinfo/intrusions

Previous Message by Thread: click to view message preview

[LOGS] Summary of large-scale portscanning detects

The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of probes for that source. Timestamps are GMT-0500. May 13 01:48:54 80.160.1.146:3701 -> xxx.yyy.1.0:445 SYN ******S* May 13 01:48:54 80.160.1.146:3702 -> xxx.yyy.1.1:445 SYN ******S* May 13 01:48:54 80.160.1.146:3703 -> xxx.yyy.1.2:445 SYN ******S* May 13 01:48:56 80.160.1.146:3704 -> xxx.yyy.1.3:445 SYN ******S* May 13 01:48:56 80.160.1.146:3705 -> xxx.yyy.1.4:445 SYN ******S* May 13 01:48:56 80.160.1.146:3706 -> xxx.yyy.1.5:445 SYN ******S* May 13 01:48:56 80.160.1.146:3707 -> xxx.yyy.1.6:445 SYN ******S* May 13 01:48:56 80.160.1.146:3708 -> xxx.yyy.1.7:445 SYN ******S* [...] May 13 03:42:35 80.160.1.146:4305 -> xxx.yyy.198.194:445 SYN ******S* May 13 03:42:35 80.160.1.146:4306 -> xxx.yyy.198.195:445 SYN ******S* May 13 03:42:35 80.160.1.146:4307 -> xxx.yyy.198.196:445 SYN ******S* May 13 03:42:35 80.160.1.146:4308 -> xxx.yyy.198.197:445 SYN ******S* May 13 03:42:35 80.160.1.146:4309 -> xxx.yyy.198.198:445 SYN ******S* May 13 03:42:35 80.160.1.146:4310 -> xxx.yyy.198.199:445 SYN ******S* May 13 03:42:35 80.160.1.146:4311 -> xxx.yyy.198.200:445 SYN ******S* May 13 03:42:35 80.160.1.146:4312 -> xxx.yyy.198.201:445 SYN ******S* May 13 03:42:35 80.160.1.146:4313 -> xxx.yyy.198.202:445 SYN ******S* 83122 May 13 00:10:03 194.3.104.27:3110 -> xxx.yyy.1.1:445 SYN ******S* May 13 00:10:03 194.3.104.27:3111 -> xxx.yyy.1.2:445 SYN ******S* May 13 00:10:03 194.3.104.27:3112 -> xxx.yyy.1.3:445 SYN ******S* May 13 00:10:03 194.3.104.27:3113 -> xxx.yyy.1.4:445 SYN ******S* May 13 00:10:03 194.3.104.27:3114 -> xxx.yyy.1.5:445 SYN ******S* May 13 00:10:03 194.3.104.27:3115 -> xxx.yyy.1.6:445 SYN ******S* May 13 00:10:00 194.3.104.27:3116 -> xxx.yyy.1.7:445 SYN ******S* May 13 00:10:01 194.3.104.27:3117 -> xxx.yyy.1.8:445 SYN ******S* [...] May 13 00:21:17 194.3.104.27:2316 -> xxx.yyy.255.248:445 SYN ******S* May 13 00:21:17 194.3.104.27:2313 -> xxx.yyy.255.245:445 SYN ******S* May 13 00:21:17 194.3.104.27:2320 -> xxx.yyy.255.252:445 SYN ******S* May 13 00:21:17 194.3.104.27:2317 -> xxx.yyy.255.249:445 SYN ******S* May 13 00:21:17 194.3.104.27:2314 -> xxx.yyy.255.246:445 SYN ******S* May 13 00:21:17 194.3.104.27:2321 -> xxx.yyy.255.253:445 SYN ******S* May 13 00:21:17 194.3.104.27:2318 -> xxx.yyy.255.250:445 SYN ******S* May 13 00:21:17 194.3.104.27:2315 -> xxx.yyy.255.247:445 SYN ******S* May 13 00:21:17 194.3.104.27:2319 -> xxx.yyy.255.251:445 SYN ******S* 74594 May 13 08:26:41 137.132.114.113:3606 -> xxx.yyy.1.1:1433 SYN ******S* May 13 08:26:44 137.132.114.113:3607 -> xxx.yyy.1.2:1433 SYN ******S* May 13 08:26:44 137.132.114.113:3608 -> xxx.yyy.1.3:1433 SYN ******S* May 13 08:26:44 137.132.114.113:3609 -> xxx.yyy.1.4:1433 SYN ******S* May 13 08:26:44 137.132.114.113:3610 -> xxx.yyy.1.5:1433 SYN ******S* May 13 08:26:44 137.132.114.113:3611 -> xxx.yyy.1.6:1433 SYN ******S* May 13 08:26:44 137.132.114.113:3612 -> xxx.yyy.1.7:1433 SYN ******S* May 13 08:26:44 137.132.114.113:3613 -> xxx.yyy.1.8:1433 SYN ******S* [...] May 13 08:37:39 137.132.114.113:2517 -> xxx.yyy.255.244:1433 SYN ******S* May 13 08:37:39 137.132.114.113:2520 -> xxx.yyy.255.247:1433 SYN ******S* May 13 08:37:39 137.132.114.113:2519 -> xxx.yyy.255.246:1433 SYN ******S* May 13 08:37:39 137.132.114.113:2523 -> xxx.yyy.255.250:1433 SYN ******S* May 13 08:37:39 137.132.114.113:2522 -> xxx.yyy.255.249:1433 SYN ******S* May 13 08:37:39 137.132.114.113:2524 -> xxx.yyy.255.251:1433 SYN ******S* May 13 08:37:39 137.132.114.113:2526 -> xxx.yyy.255.253:1433 SYN ******S* May 13 08:37:39 137.132.114.113:2525 -> xxx.yyy.255.252:1433 SYN ******S* May 13 08:37:39 137.132.114.113:2527 -> xxx.yyy.255.254:1433 SYN ******S* 73453 May 13 07:36:43 206.75.46.39:2677 -> xxx.yyy.1.1:445 SYN ******S* May 13 07:36:43 206.75.46.39:2679 -> xxx.yyy.1.2:445 SYN ******S* May 13 07:36:43 206.75.46.39:2681 -> xxx.yyy.1.3:445 SYN ******S* May 13 07:36:43 206.75.46.39:2683 -> xxx.yyy.1.4:445 SYN ******S* May 13 07:36:43 206.75.46.39:2685 -> xxx.yyy.1.5:445 SYN ******S* May 13 07:36:43 206.75.46.39:2687 -> xxx.yyy.1.6:445 SYN ******S* May 13 07:36:43 206.75.46.39:2689 -> xxx.yyy.1.7:445 SYN ******S* May 13 07:36:43 206.75.46.39:2691 -> xxx.yyy.1.8:445 SYN ******S* [...] May 13 07:47:48 206.75.46.39:4105 -> xxx.yyy.255.225:445 SYN ******S* May 13 07:47:49 206.75.46.39:4140 -> xxx.yyy.255.240:445 SYN ******S* May 13 07:47:49 206.75.46.39:4164 -> xxx.yyy.255.250:445 SYN ******S* May 13 07:47:49 206.75.46.39:4158 -> xxx.yyy.255.248:445 SYN ******S* May 13 07:47:49 206.75.46.39:4160 -> xxx.yyy.255.249:445 SYN ******S* May 13 07:47:49 206.75.46.39:4166 -> xxx.yyy.255.251:445 SYN ******S* May 13 07:47:49 206.75.46.39:4170 -> xxx.yyy.255.253:445 SYN ******S* May 13 07:47:49 206.75.46.39:4168 -> xxx.yyy.255.252:445 SYN ******S* May 13 07:47:49 206.75.46.39:4172 -> xxx.yyy.255.254:445 SYN ******S* 72525 May 13 09:18:04 146.115.130.162:3553 -> xxx.yyy.1.1:139 SYN ******S* May 13 09:18:04 146.115.130.162:3554 -> xxx.yyy.1.2:139 SYN ******S* May 13 09:18:04 146.115.130.162:3555 -> xxx.yyy.1.3:139 SYN ******S* May 13 09:18:04 146.115.130.162:3556 -> xxx.yyy.1.4:139 SYN ******S* May 13 09:18:04 146.115.130.162:3557 -> xxx.yyy.1.5:139 SYN ******S* May 13 09:18:04 146.115.130.162:3558 -> xxx.yyy.1.6:139 SYN ******S* May 13 09:18:04 146.115.130.162:3559 -> xxx.yyy.1.7:139 SYN ******S* May 13 09:18:04 146.115.130.162:3560 -> xxx.yyy.1.8:139 SYN ******S* [...] May 13 09:28:57 146.115.130.162:2497 -> xxx.yyy.255.252:139 SYN ******S* May 13 09:28:57 146.115.130.162:2494 -> xxx.yyy.255.249:139 SYN ******S* May 13 09:28:57 146.115.130.162:2491 -> xxx.yyy.255.246:139 SYN ******S* May 13 09:28:57 146.115.130.162:2498 -> xxx.yyy.255.253:139 SYN ******S* May 13 09:28:57 146.115.130.162:2495 -> xxx.yyy.255.250:139 SYN ******S* May 13 09:28:57 146.115.130.162:2492 -> xxx.yyy.255.247:139 SYN ******S* May 13 09:28:57 146.115.130.162:2496 -> xxx.yyy.255.251:139 SYN ******S* May 13 09:28:57 146.115.130.162:2493 -> xxx.yyy.255.248:139 SYN ******S* 72070 May 13 06:32:16 66.134.34.235:4898 -> xxx.yyy.1.2:445 SYN ******S* May 13 06:32:19 66.134.34.235:4901 -> xxx.yyy.1.3:445 SYN ******S* May 13 06:32:19 66.134.34.235:4904 -> xxx.yyy.1.4:445 SYN ******S* May 13 06:32:19 66.134.34.235:4910 -> xxx.yyy.1.5:445 SYN ******S* May 13 06:32:16 66.134.34.235:4916 -> xxx.yyy.1.7:445 SYN ******S* May 13 06:32:19 66.134.34.235:4925 -> xxx.yyy.1.9:445 SYN ******S* May 13 06:32:16 66.134.34.235:4928 -> xxx.yyy.1.10:445 SYN ******S* May 13 06:32:16 66.134.34.235:4948 -> xxx.yyy.1.14:445 SYN ******S* [...] May 13 06:44:06 66.134.34.235:3227 -> xxx.yyy.255.246:445 SYN ******S* May 13 06:44:06 66.134.34.235:3224 -> xxx.yyy.255.243:445 SYN ******S* May 13 06:44:06 66.134.34.235:3231 -> xxx.yyy.255.250:445 SYN ******S* May 13 06:44:06 66.134.34.235:3228 -> xxx.yyy.255.247:445 SYN ******S* May 13 06:44:06 66.134.34.235:3225 -> xxx.yyy.255.244:445 SYN ******S* May 13 06:44:06 66.134.34.235:3233 -> xxx.yyy.255.252:445 SYN ******S* May 13 06:44:06 66.134.34.235:3234 -> xxx.yyy.255.253:445 SYN ******S* May 13 06:44:06 66.134.34.235:3235 -> xxx.yyy.255.254:445 SYN ******S* 65585 May 13 01:04:17 209.126.179.34:4040 -> xxx.yyy.1.1:4040 SYN ******S* May 13 01:04:17 209.126.179.34:4040 -> xxx.yyy.1.2:4040 SYN ******S* May 13 01:04:17 209.126.179.34:4040 -> xxx.yyy.1.3:4040 SYN ******S* May 13 01:04:17 209.126.179.34:4040 -> xxx.yyy.1.4:4040 SYN ******S* May 13 01:04:17 209.126.179.34:4040 -> xxx.yyy.1.5:4040 SYN ******S* May 13 01:04:17 209.126.179.34:4040 -> xxx.yyy.1.6:4040 SYN ******S* May 13 01:04:17 209.126.179.34:4040 -> xxx.yyy.1.7:4040 SYN ******S* May 13 01:04:17 209.126.179.34:4040 -> xxx.yyy.1.8:4040 SYN ******S* [...] May 13 01:07:17 209.126.179.34:4040 -> xxx.yyy.255.237:4040 SYN ******S* May 13 01:07:17 209.126.179.34:4040 -> xxx.yyy.255.239:4040 SYN ******S* May 13 01:07:17 209.126.179.34:4040 -> xxx.yyy.255.236:4040 SYN ******S* May 13 01:07:17 209.126.179.34:4040 -> xxx.yyy.255.238:4040 SYN ******S* May 13 01:07:17 209.126.179.34:4040 -> xxx.yyy.255.240:4040 SYN ******S* May 13 01:07:17 209.126.179.34:4040 -> xxx.yyy.255.242:4040 SYN ******S* May 13 01:07:17 209.126.179.34:4040 -> xxx.yyy.255.243:4040 SYN ******S* May 13 01:07:17 209.126.179.34:4040 -> xxx.yyy.255.244:4040 SYN ******S* 40920 May 13 06:25:46 203.195.216.122:1089 -> xxx.yyy.69.71:2745 SYN ******S* May 13 06:25:46 203.195.216.122:1092 -> xxx.yyy.69.71:3127 SYN ******S* May 13 06:25:46 203.195.216.122:1093 -> xxx.yyy.69.71:6129 SYN ******S* May 13 06:25:46 203.195.216.122:1215 -> xxx.yyy.166.218:2745 SYN ******S* May 13 06:25:46 203.195.216.122:1218 -> xxx.yyy.166.218:3127 SYN ******S* May 13 06:25:46 203.195.216.122:1219 -> xxx.yyy.166.218:6129 SYN ******S* May 13 06:25:43 203.195.216.122:1233 -> xxx.yyy.86.194:2745 SYN ******S* May 13 06:25:43 203.195.216.122:1236 -> xxx.yyy.86.194:3127 SYN ******S* [...] May 13 14:00:48 203.195.216.122:1745 -> xxx.yyy.218.157:6129 SYN ******S* May 13 14:00:48 203.195.216.122:1723 -> xxx.yyy.191.178:2745 SYN ******S* May 13 14:00:48 203.195.216.122:1055 -> xxx.yyy.194.109:2745 SYN ******S* May 13 14:00:48 203.195.216.122:1073 -> xxx.yyy.90.211:2745 SYN ******S* May 13 14:00:48 203.195.216.122:4809 -> xxx.yyy.13.37:2745 SYN ******S* May 13 14:00:49 203.195.216.122:1781 -> xxx.yyy.214.58:2745 SYN ******S* May 13 14:00:49 203.195.216.122:3191 -> xxx.yyy.151.121:2745 SYN ******S* May 13 14:00:49 203.195.216.122:4192 -> xxx.yyy.167.239:2745 SYN ******S* May 13 14:00:50 203.195.216.122:1644 -> xxx.yyy.77.38:2745 SYN ******S* 33609 May 13 06:25:48 203.195.201.130:3150 -> xxx.yyy.184.208:2745 SYN ******S* May 13 06:25:48 203.195.201.130:3153 -> xxx.yyy.184.208:3127 SYN ******S* May 13 06:25:48 203.195.201.130:3154 -> xxx.yyy.184.208:6129 SYN ******S* May 13 06:25:50 203.195.201.130:1650 -> xxx.yyy.212.100:2745 SYN ******S* May 13 06:25:49 203.195.201.130:1653 -> xxx.yyy.212.100:3127 SYN ******S* May 13 06:25:50 203.195.201.130:1654 -> xxx.yyy.212.100:6129 SYN ******S* May 13 06:25:53 203.195.201.130:2696 -> xxx.yyy.107.161:2745 SYN ******S* May 13 06:25:55 203.195.201.130:1653 -> xxx.yyy.212.100:3127 SYN ******S* [...] May 13 14:00:44 203.195.201.130:3674 -> xxx.yyy.71.32:2745 SYN ******S* May 13 14:00:45 203.195.201.130:3718 -> xxx.yyy.172.247:2745 SYN ******S* May 13 14:00:45 203.195.201.130:2554 -> xxx.yyy.212.125:2745 SYN ******S* May 13 14:00:45 203.195.201.130:3539 -> xxx.yyy.133.84:2745 SYN ******S* May 13 14:00:46 203.195.201.130:3747 -> xxx.yyy.111.176:2745 SYN ******S* May 13 14:00:46 203.195.201.130:2575 -> xxx.yyy.156.192:2745 SYN ******S* May 13 14:00:49 203.195.201.130:3905 -> xxx.yyy.212.34:2745 SYN ******S* May 13 14:00:50 203.195.201.130:3674 -> xxx.yyy.71.32:2745 SYN ******S* May 13 14:00:50 203.195.201.130:3944 -> xxx.yyy.180.69:2745 SYN ******S* 32488 May 13 00:00:07 209.63.202.201:4609 -> xxx.yyy.74.13:3127 SYN ******S* May 13 00:00:07 209.63.202.201:4593 -> xxx.yyy.74.13:2745 SYN ******S* May 13 00:00:07 209.63.202.201:4620 -> xxx.yyy.111.87:2745 SYN ******S* May 13 00:00:04 209.63.202.201:3781 -> xxx.yyy.186.22:2745 SYN ******S* May 13 00:00:04 209.63.202.201:4386 -> xxx.yyy.160.197:2745 SYN ******S* May 13 00:00:06 209.63.202.201:4509 -> xxx.yyy.92.204:2745 SYN ******S* May 13 00:00:08 209.63.202.201:1090 -> xxx.yyy.253.45:2745 SYN ******S* May 13 00:00:10 209.63.202.201:4386 -> xxx.yyy.160.197:2745 SYN ******S* [...] May 13 14:00:31 209.63.202.201:2624 -> xxx.yyy.255.236:2745 SYN ******S* May 13 14:00:31 209.63.202.201:2129 -> xxx.yyy.187.74:2745 SYN ******S* May 13 14:00:34 209.63.202.201:2354 -> xxx.yyy.165.158:2745 SYN ******S* May 13 14:00:34 209.63.202.201:2356 -> xxx.yyy.136.162:2745 SYN ******S* May 13 14:00:35 209.63.202.201:3214 -> xxx.yyy.201.177:3127 SYN ******S* May 13 14:00:37 209.63.202.201:2624 -> xxx.yyy.255.236:2745 SYN ******S* May 13 14:00:38 209.63.202.201:3208 -> xxx.yyy.201.177:2745 SYN ******S* May 13 14:00:38 209.63.202.201:3214 -> xxx.yyy.201.177:3127 SYN ******S* 26771 May 13 06:26:33 61.95.144.59:2206 -> xxx.yyy.229.133:2745 SYN ******S* May 13 06:26:33 61.95.144.59:1414 -> xxx.yyy.20.182:2745 SYN ******S* May 13 06:26:34 61.95.144.59:1417 -> xxx.yyy.20.182:3127 SYN ******S* May 13 06:26:37 61.95.144.59:2247 -> xxx.yyy.231.50:2745 SYN ******S* May 13 06:26:34 61.95.144.59:1448 -> xxx.yyy.209.168:6129 SYN ******S* May 13 06:26:39 61.95.144.59:1414 -> xxx.yyy.20.182:2745 SYN ******S* May 13 06:26:39 61.95.144.59:1417 -> xxx.yyy.20.182:3127 SYN ******S* May 13 06:26:39 61.95.144.59:1418 -> xxx.yyy.20.182:6129 SYN ******S* [...] May 13 14:00:41 61.95.144.59:4851 -> xxx.yyy.221.144:2745 SYN ******S* May 13 14:00:42 61.95.144.59:3479 -> xxx.yyy.144.45:2745 SYN ******S* May 13 14:00:43 61.95.144.59:3485 -> xxx.yyy.200.23:2745 SYN ******S* May 13 14:00:43 61.95.144.59:3466 -> xxx.yyy.215.73:2745 SYN ******S* May 13 14:00:44 61.95.144.59:3488 -> xxx.yyy.132.173:2745 SYN ******S* May 13 14:00:45 61.95.144.59:3517 -> xxx.yyy.173.151:2745 SYN ******S* May 13 14:00:46 61.95.144.59:4986 -> xxx.yyy.211.89:2745 SYN ******S* May 13 14:00:48 61.95.144.59:3530 -> xxx.yyy.85.2:2745 SYN ******S* 21659 May 13 06:25:59 82.67.187.115:3870 -> xxx.yyy.72.253:2745 SYN ******S* May 13 06:25:59 82.67.187.115:3873 -> xxx.yyy.72.253:3127 SYN ******S* May 13 06:25:59 82.67.187.115:3874 -> xxx.yyy.72.253:6129 SYN ******S* May 13 06:25:59 82.67.187.115:3875 -> xxx.yyy.72.253:139 SYN ******S* May 13 06:25:59 82.67.187.115:3888 -> xxx.yyy.203.15:2745 SYN ******S* May 13 06:25:59 82.67.187.115:3891 -> xxx.yyy.203.15:3127 SYN ******S* May 13 06:25:59 82.67.187.115:3892 -> xxx.yyy.203.15:6129 SYN ******S* May 13 06:25:59 82.67.187.115:3893 -> xxx.yyy.203.15:139 SYN ******S* [...] May 13 11:26:39 82.67.187.115:3050 -> xxx.yyy.136.197:6129 SYN ******S* May 13 11:26:39 82.67.187.115:3431 -> xxx.yyy.254.217:2745 SYN ******S* May 13 11:26:42 82.67.187.115:4108 -> xxx.yyy.64.178:2745 SYN ******S* May 13 11:26:45 82.67.187.115:4108 -> xxx.yyy.64.178:2745 SYN ******S* May 13 11:32:50 82.67.187.115:4108 -> xxx.yyy.197.25:2745 SYN ******S* May 13 11:32:50 82.67.187.115:4091 -> xxx.yyy.197.25:3127 SYN ******S* May 13 11:32:50 82.67.187.115:4610 -> xxx.yyy.197.25:6129 SYN ******S* May 13 11:32:44 82.67.187.115:4827 -> xxx.yyy.87.16:2745 SYN ******S* May 13 11:32:50 82.67.187.115:4007 -> xxx.yyy.73.62:2745 SYN ******S* 19258 May 13 06:25:51 203.195.149.131:3137 -> xxx.yyy.188.155:2745 SYN ******S* May 13 06:25:53 203.195.149.131:4795 -> xxx.yyy.162.91:2745 SYN ******S* May 13 06:25:52 203.195.149.131:3192 -> xxx.yyy.205.200:2745 SYN ******S* May 13 06:25:55 203.195.149.131:3195 -> xxx.yyy.205.200:3127 SYN ******S* May 13 06:25:55 203.195.149.131:3196 -> xxx.yyy.205.200:6129 SYN ******S* May 13 06:25:55 203.195.149.131:3240 -> xxx.yyy.160.191:2745 SYN ******S* May 13 06:25:55 203.195.149.131:3243 -> xxx.yyy.160.191:3127 SYN ******S* May 13 06:25:55 203.195.149.131:3244 -> xxx.yyy.160.191:6129 SYN ******S* [...] May 13 14:00:43 203.195.149.131:4924 -> xxx.yyy.160.187:2745 SYN ******S* May 13 14:00:41 203.195.149.131:4894 -> xxx.yyy.180.227:2745 SYN ******S* May 13 14:00:41 203.195.149.131:4898 -> xxx.yyy.107.138:2745 SYN ******S* May 13 14:00:43 203.195.149.131:4974 -> xxx.yyy.234.226:2745 SYN ******S* May 13 14:00:45 203.195.149.131:4974 -> xxx.yyy.234.226:2745 SYN ******S* May 13 14:00:44 203.195.149.131:4529 -> xxx.yyy.82.21:3127 SYN ******S* May 13 14:00:44 203.195.149.131:4530 -> xxx.yyy.82.21:6129 SYN ******S* May 13 14:00:44 203.195.149.131:4526 -> xxx.yyy.82.21:2745 SYN ******S* May 13 14:00:47 203.195.149.131:4894 -> xxx.yyy.180.227:2745 SYN ******S* 16560 May 13 06:26:49 61.95.184.101:3433 -> xxx.yyy.184.254:445 SYN ******S* May 13 06:26:49 61.95.184.101:3434 -> xxx.yyy.184.254:3127 SYN ******S* May 13 06:26:49 61.95.184.101:3435 -> xxx.yyy.184.254:6129 SYN ******S* May 13 06:26:49 61.95.184.101:3436 -> xxx.yyy.184.254:139 SYN ******S* May 13 06:26:49 61.95.184.101:3468 -> xxx.yyy.145.221:2745 SYN ******S* May 13 06:26:49 61.95.184.101:3470 -> xxx.yyy.145.221:445 SYN ******S* May 13 06:26:54 61.95.184.101:3633 -> xxx.yyy.234.128:3127 SYN ******S* May 13 06:26:54 61.95.184.101:3794 -> xxx.yyy.225.138:6129 SYN ******S* [...] May 13 12:45:16 61.95.184.101:3037 -> xxx.yyy.157.65:2745 SYN ******S* May 13 12:45:16 61.95.184.101:2836 -> xxx.yyy.223.193:2745 SYN ******S* May 13 12:45:17 61.95.184.101:2852 -> xxx.yyy.184.37:2745 SYN ******S* May 13 12:45:17 61.95.184.101:3146 -> xxx.yyy.214.133:2745 SYN ******S* May 13 12:45:17 61.95.184.101:2865 -> xxx.yyy.237.211:2745 SYN ******S* May 13 12:45:17 61.95.184.101:3156 -> xxx.yyy.179.175:2745 SYN ******S* May 13 12:45:18 61.95.184.101:3086 -> xxx.yyy.150.99:2745 SYN ******S* May 13 12:45:18 61.95.184.101:2894 -> xxx.yyy.157.153:2745 SYN ******S* May 13 12:45:19 61.95.184.101:2920 -> xxx.yyy.1.238:2745 SYN ******S* 15671 May 13 03:47:52 195.96.68.110:47181 -> xxx.yyy.1.12:21 SYN ******S* May 13 03:47:52 195.96.68.110:47182 -> xxx.yyy.1.13:21 SYN ******S* May 13 03:47:52 195.96.68.110:47186 -> xxx.yyy.1.17:21 SYN ******S* May 13 03:47:52 195.96.68.110:47193 -> xxx.yyy.1.24:21 SYN ******S* May 13 03:47:52 195.96.68.110:47196 -> xxx.yyy.1.27:21 SYN ******S* May 13 03:47:52 195.96.68.110:47200 -> xxx.yyy.1.31:21 SYN ******S* May 13 03:47:52 195.96.68.110:47234 -> xxx.yyy.1.64:21 SYN ******S* May 13 03:47:53 195.96.68.110:47489 -> xxx.yyy.1.78:21 SYN ******S* [...] May 13 03:58:44 195.96.68.110:34672 -> xxx.yyy.255.192:21 SYN ******S* May 13 03:58:45 195.96.68.110:34819 -> xxx.yyy.255.244:21 SYN ******S* May 13 03:58:45 195.96.68.110:34820 -> xxx.yyy.255.245:21 SYN ******S* May 13 03:58:45 195.96.68.110:34821 -> xxx.yyy.255.246:21 SYN ******S* May 13 03:58:45 195.96.68.110:34822 -> xxx.yyy.255.247:21 SYN ******S* May 13 03:58:45 195.96.68.110:34823 -> xxx.yyy.255.248:21 SYN ******S* May 13 03:58:45 195.96.68.110:34824 -> xxx.yyy.255.249:21 SYN ******S* May 13 03:58:45 195.96.68.110:34825 -> xxx.yyy.255.250:21 SYN ******S* 14697 May 13 06:25:45 61.95.154.8:64834 -> xxx.yyy.74.181:2745 SYN ******S* May 13 06:25:45 61.95.154.8:64834 -> xxx.yyy.74.181:3127 SYN ******S* May 13 06:25:45 61.95.154.8:64834 -> xxx.yyy.74.181:6129 SYN ******S* May 13 06:25:46 61.95.154.8:64836 -> xxx.yyy.198.214:2745 SYN ******S* May 13 06:25:46 61.95.154.8:64836 -> xxx.yyy.198.214:3127 SYN ******S* May 13 06:25:46 61.95.154.8:64836 -> xxx.yyy.198.214:6129 SYN ******S* May 13 06:25:44 61.95.154.8:64840 -> xxx.yyy.191.121:2745 SYN ******S* May 13 06:25:44 61.95.154.8:64840 -> xxx.yyy.191.121:3127 SYN ******S* [...] May 13 14:00:44 61.95.154.8:61737 -> xxx.yyy.147.215:2745 SYN ******S* May 13 14:00:45 61.95.154.8:61744 -> xxx.yyy.11.98:2745 SYN ******S* May 13 14:00:45 61.95.154.8:61722 -> xxx.yyy.16.233:2745 SYN ******S* May 13 14:00:48 61.95.154.8:61745 -> xxx.yyy.159.37:2745 SYN ******S* May 13 14:00:46 61.95.154.8:61743 -> xxx.yyy.208.137:2745 SYN ******S* May 13 14:00:46 61.95.154.8:61743 -> xxx.yyy.208.137:6129 SYN ******S* May 13 14:00:48 61.95.154.8:61744 -> xxx.yyy.11.98:2745 SYN ******S* May 13 14:00:48 61.95.154.8:61749 -> xxx.yyy.186.228:2745 SYN ******S* 14317 May 13 06:25:46 218.108.72.14:13216 -> xxx.yyy.207.8:2745 SYN ******S* May 13 06:25:46 218.108.72.14:13218 -> xxx.yyy.207.8:3127 SYN ******S* May 13 06:25:46 218.108.72.14:13219 -> xxx.yyy.207.8:6129 SYN ******S* May 13 06:25:46 218.108.72.14:13250 -> xxx.yyy.106.241:2745 SYN ******S* May 13 06:25:48 218.108.72.14:13387 -> xxx.yyy.215.95:2745 SYN ******S* May 13 06:25:48 218.108.72.14:13447 -> xxx.yyy.229.155:2745 SYN ******S* May 13 06:25:48 218.108.72.14:13451 -> xxx.yyy.229.155:3127 SYN ******S* May 13 06:25:48 218.108.72.14:13452 -> xxx.yyy.229.155:6129 SYN ******S* [...] May 13 08:54:25 218.108.72.14:31598 -> xxx.yyy.64.109:6129 SYN ******S* May 13 08:54:26 218.108.72.14:32347 -> xxx.yyy.91.132:2745 SYN ******S* May 13 08:54:28 218.108.72.14:32473 -> xxx.yyy.235.188:2745 SYN ******S* May 13 08:54:29 218.108.72.14:31826 -> xxx.yyy.131.203:2745 SYN ******S* May 13 08:54:29 218.108.72.14:32347 -> xxx.yyy.91.132:2745 SYN ******S* May 13 08:54:31 218.108.72.14:32473 -> xxx.yyy.235.188:2745 SYN ******S* May 13 08:54:36 218.108.72.14:32347 -> xxx.yyy.91.132:2745 SYN ******S* May 13 08:54:38 218.108.72.14:32473 -> xxx.yyy.235.188:2745 SYN ******S* 11911 May 13 08:49:42 128.146.51.107:22002 -> xxx.yyy.1.0:3127 SYN ******S* May 13 08:49:42 128.146.51.107:22002 -> xxx.yyy.1.0:1080 SYN ******S* May 13 08:49:42 128.146.51.107:22002 -> xxx.yyy.1.0:10080 SYN ******S* May 13 08:49:42 128.146.51.107:22002 -> xxx.yyy.1.0:3128 SYN ******S* May 13 08:49:42 128.146.51.107:22002 -> xxx.yyy.1.1:3127 SYN ******S* May 13 08:49:43 128.146.51.107:22002 -> xxx.yyy.1.1:1080 SYN ******S* May 13 08:49:43 128.146.51.107:22002 -> xxx.yyy.1.1:10080 SYN ******S* May 13 08:49:43 128.146.51.107:22002 -> xxx.yyy.1.1:3128 SYN ******S* [...] May 13 09:44:28 128.146.51.107:22002 -> xxx.yyy.32.253:3128 SYN ******S* May 13 09:44:28 128.146.51.107:22002 -> xxx.yyy.32.254:3127 SYN ******S* May 13 09:44:28 128.146.51.107:22002 -> xxx.yyy.32.254:1080 SYN ******S* May 13 09:44:28 128.146.51.107:22002 -> xxx.yyy.32.254:10080 SYN ******S* May 13 09:44:28 128.146.51.107:22002 -> xxx.yyy.32.254:3128 SYN ******S* May 13 09:44:28 128.146.51.107:22002 -> xxx.yyy.32.255:3127 SYN ******S* May 13 09:44:28 128.146.51.107:22002 -> xxx.yyy.32.255:1080 SYN ******S* May 13 09:44:28 128.146.51.107:22002 -> xxx.yyy.32.255:10080 SYN ******S* May 13 09:44:29 128.146.51.107:22002 -> xxx.yyy.32.255:3128 SYN ******S* 11879 May 13 06:26:09 62.42.20.48:3359 -> xxx.yyy.221.181:2745 SYN ******S* May 13 06:26:13 62.42.20.48:3453 -> xxx.yyy.141.2:2745 SYN ******S* May 13 06:26:11 62.42.20.48:3232 -> xxx.yyy.195.153:2745 SYN ******S* May 13 06:26:11 62.42.20.48:3234 -> xxx.yyy.246.13:2745 SYN ******S* May 13 06:26:15 62.42.20.48:3507 -> xxx.yyy.77.221:2745 SYN ******S* May 13 06:26:19 62.42.20.48:3632 -> xxx.yyy.17.194:2745 SYN ******S* May 13 06:26:19 62.42.20.48:3634 -> xxx.yyy.17.194:445 SYN ******S* May 13 06:26:21 62.42.20.48:3507 -> xxx.yyy.77.221:2745 SYN ******S* [...] May 13 08:56:05 62.42.20.48:1654 -> xxx.yyy.170.144:2745 SYN ******S* May 13 08:56:05 62.42.20.48:1484 -> xxx.yyy.186.57:2745 SYN ******S* May 13 08:56:05 62.42.20.48:1496 -> xxx.yyy.130.121:2745 SYN ******S* May 13 08:56:06 62.42.20.48:1322 -> xxx.yyy.66.78:2745 SYN ******S* May 13 08:56:07 62.42.20.48:1632 -> xxx.yyy.225.88:2745 SYN ******S* May 13 08:56:07 62.42.20.48:1341 -> xxx.yyy.162.91:2745 SYN ******S* May 13 08:56:07 62.42.20.48:1654 -> xxx.yyy.170.144:2745 SYN ******S* May 13 08:56:07 62.42.20.48:1740 -> xxx.yyy.104.85:2745 SYN ******S* May 13 08:56:08 62.42.20.48:1752 -> xxx.yyy.111.189:2745 SYN ******S* 11684 May 13 06:26:01 162.105.242.192:3871 -> xxx.yyy.144.173:2745 SYN ******S* May 13 06:26:05 162.105.242.192:3982 -> xxx.yyy.243.72:2745 SYN ******S* May 13 06:26:05 162.105.242.192:3988 -> xxx.yyy.243.72:3127 SYN ******S* May 13 06:26:05 162.105.242.192:3989 -> xxx.yyy.243.72:6129 SYN ******S* May 13 06:26:05 162.105.242.192:4104 -> xxx.yyy.72.157:2745 SYN ******S* May 13 06:26:05 162.105.242.192:4108 -> xxx.yyy.72.157:3127 SYN ******S* May 13 06:26:05 162.105.242.192:4109 -> xxx.yyy.72.157:6129 SYN ******S* May 13 06:26:10 162.105.242.192:3871 -> xxx.yyy.144.173:2745 SYN ******S* [...] May 13 14:00:33 162.105.242.192:3384 -> xxx.yyy.132.154:3127 SYN ******S* May 13 14:00:34 162.105.242.192:3399 -> xxx.yyy.222.198:2745 SYN ******S* May 13 14:00:45 162.105.242.192:3824 -> xxx.yyy.145.87:2745 SYN ******S* May 13 14:00:47 162.105.242.192:3863 -> xxx.yyy.163.38:2745 SYN ******S* May 13 14:00:49 162.105.242.192:3907 -> xxx.yyy.105.72:2745 SYN ******S* May 13 14:00:49 162.105.242.192:3911 -> xxx.yyy.105.72:6129 SYN ******S* May 13 14:00:49 162.105.242.192:3910 -> xxx.yyy.105.72:3127 SYN ******S* May 13 14:00:47 162.105.242.192:3867 -> xxx.yyy.160.239:2745 SYN ******S* May 13 14:00:48 162.105.242.192:3934 -> xxx.yyy.139.235:2745 SYN ******S* 10736 May 13 11:02:55 139.130.59.19:3699 -> xxx.yyy.1.35:1433 SYN ******S* May 13 11:02:55 139.130.59.19:3709 -> xxx.yyy.1.45:1433 SYN ******S* May 13 11:02:55 139.130.59.19:3710 -> xxx.yyy.1.46:1433 SYN ******S* May 13 11:02:55 139.130.59.19:3711 -> xxx.yyy.1.47:1433 SYN ******S* May 13 11:02:55 139.130.59.19:3719 -> xxx.yyy.1.55:1433 SYN ******S* May 13 11:02:55 139.130.59.19:3721 -> xxx.yyy.1.57:1433 SYN ******S* May 13 11:02:55 139.130.59.19:3720 -> xxx.yyy.1.56:1433 SYN ******S* May 13 11:02:55 139.130.59.19:3722 -> xxx.yyy.1.58:1433 SYN ******S* [...] May 13 11:04:18 139.130.59.19:3695 -> xxx.yyy.255.111:1433 SYN ******S* May 13 11:04:18 139.130.59.19:3725 -> xxx.yyy.255.191:1433 SYN ******S* May 13 11:04:18 139.130.59.19:3685 -> xxx.yyy.255.201:1433 SYN ******S* May 13 11:04:18 139.130.59.19:3696 -> xxx.yyy.255.112:1433 SYN ******S* May 13 11:04:18 139.130.59.19:3695 -> xxx.yyy.255.211:1433 SYN ******S* May 13 11:04:18 139.130.59.19:3686 -> xxx.yyy.255.202:1433 SYN ******S* May 13 11:04:18 139.130.59.19:3687 -> xxx.yyy.255.203:1433 SYN ******S* May 13 11:04:19 139.130.59.19:3696 -> xxx.yyy.255.212:1433 SYN ******S* May 13 11:04:19 139.130.59.19:3705 -> xxx.yyy.255.221:1433 SYN ******S* 10459 May 13 06:26:06 210.187.1.138:4971 -> xxx.yyy.86.193:2745 SYN ******S* May 13 06:26:06 210.187.1.138:4077 -> xxx.yyy.68.44:2745 SYN ******S* May 13 06:26:08 210.187.1.138:3540 -> xxx.yyy.190.230:2745 SYN ******S* May 13 06:26:09 210.187.1.138:3931 -> xxx.yyy.95.143:2745 SYN ******S* May 13 06:26:10 210.187.1.138:4031 -> xxx.yyy.188.15:2745 SYN ******S* May 13 06:26:10 210.187.1.138:4028 -> xxx.yyy.163.22:2745 SYN ******S* May 13 06:26:10 210.187.1.138:4196 -> xxx.yyy.1.69:2745 SYN ******S* May 13 06:26:11 210.187.1.138:1529 -> xxx.yyy.251.238:2745 SYN ******S* [...] May 13 14:00:36 210.187.1.138:2293 -> xxx.yyy.229.28:2745 SYN ******S* May 13 14:00:37 210.187.1.138:2457 -> xxx.yyy.12.197:2745 SYN ******S* May 13 14:00:43 210.187.1.138:2238 -> xxx.yyy.67.84:2745 SYN ******S* May 13 14:00:44 210.187.1.138:2278 -> xxx.yyy.196.47:2745 SYN ******S* May 13 14:00:48 210.187.1.138:2365 -> xxx.yyy.255.13:2745 SYN ******S* May 13 14:00:46 210.187.1.138:4695 -> xxx.yyy.95.67:2745 SYN ******S* May 13 14:00:48 210.187.1.138:4803 -> xxx.yyy.92.230:2745 SYN ******S* May 13 14:00:48 210.187.1.138:2457 -> xxx.yyy.12.197:2745 SYN ******S* May 13 14:00:48 210.187.1.138:2674 -> xxx.yyy.152.56:2745 SYN ******S* 9758 May 13 07:44:16 219.95.194.97:1146 -> xxx.yyy.219.168:2745 SYN ******S* May 13 07:44:14 219.95.194.97:1186 -> xxx.yyy.90.44:2745 SYN ******S* May 13 07:44:15 219.95.194.97:1269 -> xxx.yyy.228.199:2745 SYN ******S* May 13 07:44:18 219.95.194.97:1279 -> xxx.yyy.144.131:2745 SYN ******S* May 13 07:44:19 219.95.194.97:1376 -> xxx.yyy.245.237:2745 SYN ******S* May 13 07:44:17 219.95.194.97:1420 -> xxx.yyy.157.172:2745 SYN ******S* May 13 07:44:19 219.95.194.97:1477 -> xxx.yyy.252.182:2745 SYN ******S* May 13 07:44:22 219.95.194.97:1477 -> xxx.yyy.252.182:2745 SYN ******S* [...] May 13 14:00:41 219.95.194.97:3851 -> xxx.yyy.193.45:2745 SYN ******S* May 13 14:00:43 219.95.194.97:2722 -> xxx.yyy.224.112:2745 SYN ******S* May 13 14:00:43 219.95.194.97:4695 -> xxx.yyy.179.150:2745 SYN ******S* May 13 14:00:47 219.95.194.97:4760 -> xxx.yyy.240.162:2745 SYN ******S* May 13 14:00:45 219.95.194.97:4631 -> xxx.yyy.245.231:2745 SYN ******S* May 13 14:00:46 219.95.194.97:4159 -> xxx.yyy.160.120:2745 SYN ******S* May 13 14:00:46 219.95.194.97:2722 -> xxx.yyy.224.112:2745 SYN ******S* May 13 14:00:46 219.95.194.97:4981 -> xxx.yyy.200.39:2745 SYN ******S* May 13 14:00:47 219.95.194.97:4258 -> xxx.yyy.85.185:2745 SYN ******S* 9288 May 13 06:26:21 210.187.1.134:1652 -> xxx.yyy.172.185:2745 SYN ******S* May 13 06:26:24 210.187.1.134:1391 -> xxx.yyy.198.49:2745 SYN ******S* May 13 06:26:22 210.187.1.134:1415 -> xxx.yyy.239.28:2745 SYN ******S* May 13 06:26:22 210.187.1.134:1421 -> xxx.yyy.226.31:2745 SYN ******S* May 13 06:26:22 210.187.1.134:3841 -> xxx.yyy.216.128:2745 SYN ******S* May 13 06:26:23 210.187.1.134:2078 -> xxx.yyy.178.120:2745 SYN ******S* May 13 06:26:23 210.187.1.134:2230 -> xxx.yyy.14.225:2745 SYN ******S* May 13 06:26:28 210.187.1.134:1415 -> xxx.yyy.239.28:2745 SYN ******S* [...] May 13 13:48:09 210.187.1.134:3921 -> xxx.yyy.104.56:2745 SYN ******S* May 13 13:48:13 210.187.1.134:4015 -> xxx.yyy.224.141:2745 SYN ******S* May 13 13:48:14 210.187.1.134:3989 -> xxx.yyy.219.173:2745 SYN ******S* May 13 13:48:16 210.187.1.134:4005 -> xxx.yyy.188.26:2745 SYN ******S* May 13 14:00:27 210.187.1.134:3565 -> xxx.yyy.226.60:2745 SYN ******S* May 13 14:00:22 210.187.1.134:3599 -> xxx.yyy.166.30:2745 SYN ******S* May 13 14:00:23 210.187.1.134:3673 -> xxx.yyy.65.162:2745 SYN ******S* May 13 14:00:23 210.187.1.134:1947 -> xxx.yyy.253.33:2745 SYN ******S* May 13 14:00:26 210.187.1.134:2529 -> xxx.yyy.244.55:2745 SYN ******S* 9247 May 13 06:26:47 202.54.55.227:3977 -> xxx.yyy.188.179:2745 SYN ******S* May 13 06:26:49 202.54.55.227:3652 -> xxx.yyy.241.157:2745 SYN ******S* May 13 06:26:49 202.54.55.227:3656 -> xxx.yyy.241.157:6129 SYN ******S* May 13 06:26:50 202.54.55.227:3670 -> xxx.yyy.73.13:2745 SYN ******S* May 13 06:26:50 202.54.55.227:3674 -> xxx.yyy.73.13:6129 SYN ******S* May 13 06:26:53 202.54.55.227:3977 -> xxx.yyy.188.179:2745 SYN ******S* May 13 06:26:56 202.54.55.227:3674 -> xxx.yyy.73.13:6129 SYN ******S* May 13 06:26:56 202.54.55.227:3670 -> xxx.yyy.73.13:2745 SYN ******S* [...] May 13 13:43:01 202.54.55.227:3750 -> xxx.yyy.193.101:2745 SYN ******S* May 13 13:43:01 202.54.55.227:3896 -> xxx.yyy.178.50:2745 SYN ******S* May 13 13:43:03 202.54.55.227:3877 -> xxx.yyy.222.128:2745 SYN ******S* May 13 13:43:03 202.54.55.227:3880 -> xxx.yyy.131.44:2745 SYN ******S* May 13 13:43:06 202.54.55.227:3891 -> xxx.yyy.237.107:2745 SYN ******S* May 13 13:43:11 202.54.55.227:4005 -> xxx.yyy.181.123:6129 SYN ******S* May 13 13:43:11 202.54.55.227:4001 -> xxx.yyy.181.123:2745 SYN ******S* May 13 13:43:15 202.54.55.227:4093 -> xxx.yyy.189.15:2745 SYN ******S* May 13 13:43:15 202.54.55.227:4094 -> xxx.yyy.155.1:2745 SYN ******S* 9209 May 13 06:25:50 202.53.76.18:3845 -> xxx.yyy.184.11:2745 SYN ******S* May 13 06:25:51 202.53.76.18:3848 -> xxx.yyy.184.11:3127 SYN ******S* May 13 06:25:53 202.53.76.18:4258 -> xxx.yyy.245.207:2745 SYN ******S* May 13 06:25:53 202.53.76.18:4261 -> xxx.yyy.245.207:3127 SYN ******S* May 13 06:25:53 202.53.76.18:4262 -> xxx.yyy.245.207:6129 SYN ******S* May 13 06:25:50 202.53.76.18:4348 -> xxx.yyy.252.96:2745 SYN ******S* May 13 06:25:50 202.53.76.18:4351 -> xxx.yyy.252.96:3127 SYN ******S* May 13 06:25:50 202.53.76.18:4352 -> xxx.yyy.252.96:6129 SYN ******S* [...] May 13 12:43:14 202.53.76.18:4407 -> xxx.yyy.237.96:2745 SYN ******S* May 13 12:43:18 202.53.76.18:4438 -> xxx.yyy.80.118:2745 SYN ******S* May 13 12:43:17 202.53.76.18:4487 -> xxx.yyy.130.152:2745 SYN ******S* May 13 12:43:17 202.53.76.18:4252 -> xxx.yyy.32.60:2745 SYN ******S* May 13 12:43:18 202.53.76.18:4290 -> xxx.yyy.163.77:2745 SYN ******S* May 13 12:43:19 202.53.76.18:4308 -> xxx.yyy.185.172:2745 SYN ******S* May 13 12:43:20 202.53.76.18:4487 -> xxx.yyy.130.152:2745 SYN ******S* May 13 12:43:20 202.53.76.18:4492 -> xxx.yyy.217.232:2745 SYN ******S* 9069 -- - Ken =========================================================================== Ken Connelly (KC152) Systems and Operations Manager, ITS - Network Services University of Northern Iowa Cedar Falls, IA 50614-0121 email: Ken.Connelly@xxxxxxx phone: (319) 273-5850 fax: (319) 273-7373 _______________________________________________ Intrusions mailing list Intrusions@xxxxxxxxxxxxxx http://www.dshield.org/mailman/listinfo/intrusions

Next Message by Thread: click to view message preview

[LOGS] Summary of large-scale portscanning detects

The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of probes for that source. Timestamps are GMT-0500. May 15 15:10:34 67.21.232.34:22002 -> xxx.yyy.1.0:3127 SYN ******S* May 15 15:10:34 67.21.232.34:22002 -> xxx.yyy.1.0:1080 SYN ******S* May 15 15:10:34 67.21.232.34:22002 -> xxx.yyy.1.0:10080 SYN ******S* May 15 15:10:34 67.21.232.34:22002 -> xxx.yyy.1.0:3128 SYN ******S* May 15 15:10:34 67.21.232.34:22002 -> xxx.yyy.1.1:3127 SYN ******S* May 15 15:10:34 67.21.232.34:22002 -> xxx.yyy.1.1:1080 SYN ******S* May 15 15:10:34 67.21.232.34:22002 -> xxx.yyy.1.1:10080 SYN ******S* May 15 15:10:34 67.21.232.34:22002 -> xxx.yyy.1.1:3128 SYN ******S* [...] May 15 22:30:31 67.21.232.34:22002 -> xxx.yyy.255.254:3127 SYN ******S* May 15 22:30:31 67.21.232.34:22002 -> xxx.yyy.255.254:1080 SYN ******S* May 15 22:30:31 67.21.232.34:22002 -> xxx.yyy.255.254:10080 SYN ******S* May 15 22:30:31 67.21.232.34:22002 -> xxx.yyy.255.254:3128 SYN ******S* May 15 22:30:31 67.21.232.34:22002 -> xxx.yyy.255.255:3127 SYN ******S* May 15 22:30:32 67.21.232.34:22002 -> xxx.yyy.255.255:1080 SYN ******S* May 15 22:30:32 67.21.232.34:22002 -> xxx.yyy.255.255:10080 SYN ******S* May 15 22:30:32 67.21.232.34:22002 -> xxx.yyy.255.255:3128 SYN ******S* 179497 May 15 00:00:04 64.5.49.251:3847 -> xxx.yyy.153.19:2745 SYN ******S* May 15 00:00:06 64.5.49.251:3900 -> xxx.yyy.217.30:2745 SYN ******S* May 15 00:00:08 64.5.49.251:3965 -> xxx.yyy.192.75:2745 SYN ******S* May 15 00:00:05 64.5.49.251:3814 -> xxx.yyy.255.166:2745 SYN ******S* May 15 00:00:05 64.5.49.251:3832 -> xxx.yyy.234.11:2745 SYN ******S* May 15 00:00:06 64.5.49.251:3850 -> xxx.yyy.240.52:2745 SYN ******S* May 15 00:00:06 64.5.49.251:3854 -> xxx.yyy.240.52:1025 SYN ******S* May 15 00:00:08 64.5.49.251:4240 -> xxx.yyy.176.214:2745 SYN ******S* [...] May 15 23:59:55 64.5.49.251:1125 -> xxx.yyy.194.252:1025 SYN ******S* May 15 23:59:55 64.5.49.251:1126 -> xxx.yyy.194.252:445 SYN ******S* May 15 23:59:55 64.5.49.251:1119 -> xxx.yyy.194.252:2745 SYN ******S* May 15 23:59:55 64.5.49.251:1128 -> xxx.yyy.194.252:6129 SYN ******S* May 15 23:59:56 64.5.49.251:1191 -> xxx.yyy.239.141:2745 SYN ******S* May 15 23:59:57 64.5.49.251:1508 -> xxx.yyy.156.222:2745 SYN ******S* May 15 23:59:57 64.5.49.251:1254 -> xxx.yyy.231.255:2745 SYN ******S* May 16 00:00:00 64.5.49.251:1798 -> xxx.yyy.211.193:2745 SYN ******S* May 16 00:00:00 64.5.49.251:1353 -> xxx.yyy.77.250:2745 SYN ******S* 150354 May 15 07:37:23 220.65.55.71:4863 -> xxx.yyy.1.8:443 SYN ******S* May 15 07:37:23 220.65.55.71:4862 -> xxx.yyy.1.7:443 SYN ******S* May 15 07:37:20 220.65.55.71:4855 -> xxx.yyy.1.0:443 SYN ******S* May 15 07:37:20 220.65.55.71:4856 -> xxx.yyy.1.1:443 SYN ******S* May 15 07:37:23 220.65.55.71:4860 -> xxx.yyy.1.5:443 SYN ******S* May 15 07:37:20 220.65.55.71:4857 -> xxx.yyy.1.2:443 SYN ******S* May 15 07:37:23 220.65.55.71:4859 -> xxx.yyy.1.4:443 SYN ******S* May 15 07:37:23 220.65.55.71:4861 -> xxx.yyy.1.6:443 SYN ******S* [...] May 15 08:19:21 220.65.55.71:2515 -> xxx.yyy.255.231:443 SYN ******S* May 15 08:19:21 220.65.55.71:2474 -> xxx.yyy.255.190:443 SYN ******S* May 15 08:19:21 220.65.55.71:2479 -> xxx.yyy.255.195:443 SYN ******S* May 15 08:19:21 220.65.55.71:2512 -> xxx.yyy.255.228:443 SYN ******S* May 15 08:19:21 220.65.55.71:2531 -> xxx.yyy.255.247:443 SYN ******S* May 15 08:19:21 220.65.55.71:2537 -> xxx.yyy.255.253:443 SYN ******S* May 15 08:19:21 220.65.55.71:2524 -> xxx.yyy.255.240:443 SYN ******S* May 15 08:19:21 220.65.55.71:2475 -> xxx.yyy.255.191:443 SYN ******S* May 15 08:19:21 220.65.55.71:2466 -> xxx.yyy.255.182:443 SYN ******S* 79247 May 15 00:00:14 213.213.155.135:3913 -> xxx.yyy.193.10:2745 SYN ******S* May 15 00:00:12 213.213.155.135:4003 -> xxx.yyy.222.117:2745 SYN ******S* May 15 00:00:12 213.213.155.135:4007 -> xxx.yyy.222.117:1025 SYN ******S* May 15 00:00:12 213.213.155.135:4008 -> xxx.yyy.222.117:445 SYN ******S* May 15 00:00:11 213.213.155.135:3861 -> xxx.yyy.170.157:1025 SYN ******S* May 15 00:00:11 213.213.155.135:3856 -> xxx.yyy.170.157:2745 SYN ******S* May 15 00:00:15 213.213.155.135:4139 -> xxx.yyy.70.176:2745 SYN ******S* May 15 00:00:18 213.213.155.135:4007 -> xxx.yyy.222.117:1025 SYN ******S* [...] May 15 13:26:36 213.213.155.135:3419 -> xxx.yyy.93.95:2745 SYN ******S* May 15 13:26:36 213.213.155.135:3423 -> xxx.yyy.93.95:1025 SYN ******S* May 15 13:26:36 213.213.155.135:3554 -> xxx.yyy.213.34:2745 SYN ******S* May 15 13:26:37 213.213.155.135:3579 -> xxx.yyy.203.233:2745 SYN ******S* May 15 13:26:37 213.213.155.135:3584 -> xxx.yyy.203.233:1025 SYN ******S* May 15 13:26:38 213.213.155.135:3458 -> xxx.yyy.11.12:2745 SYN ******S* May 15 13:26:38 213.213.155.135:3460 -> xxx.yyy.11.12:1025 SYN ******S* May 15 13:26:40 213.213.155.135:3783 -> xxx.yyy.195.52:2745 SYN ******S* May 15 13:26:42 213.213.155.135:3554 -> xxx.yyy.213.34:2745 SYN ******S* 77943 May 15 18:22:44 62.97.90.73:1943 -> xxx.yyy.1.1:445 SYN ******S* May 15 18:22:44 62.97.90.73:1944 -> xxx.yyy.1.2:445 SYN ******S* May 15 18:22:44 62.97.90.73:1945 -> xxx.yyy.1.3:445 SYN ******S* May 15 18:22:44 62.97.90.73:1946 -> xxx.yyy.1.4:445 SYN ******S* May 15 18:22:44 62.97.90.73:1947 -> xxx.yyy.1.5:445 SYN ******S* May 15 18:22:44 62.97.90.73:1948 -> xxx.yyy.1.6:445 SYN ******S* May 15 18:22:42 62.97.90.73:1949 -> xxx.yyy.1.7:445 SYN ******S* May 15 18:22:42 62.97.90.73:1950 -> xxx.yyy.1.8:445 SYN ******S* [...] May 15 18:33:45 62.97.90.73:2870 -> xxx.yyy.255.211:445 SYN ******S* May 15 18:33:45 62.97.90.73:2872 -> xxx.yyy.255.213:445 SYN ******S* May 15 18:33:45 62.97.90.73:2876 -> xxx.yyy.255.217:445 SYN ******S* May 15 18:33:45 62.97.90.73:2873 -> xxx.yyy.255.214:445 SYN ******S* May 15 18:33:45 62.97.90.73:2877 -> xxx.yyy.255.218:445 SYN ******S* May 15 18:33:45 62.97.90.73:2874 -> xxx.yyy.255.215:445 SYN ******S* May 15 18:33:45 62.97.90.73:2878 -> xxx.yyy.255.219:445 SYN ******S* May 15 18:33:45 62.97.90.73:2875 -> xxx.yyy.255.216:445 SYN ******S* May 15 18:33:46 62.97.90.73:2882 -> xxx.yyy.255.223:445 SYN ******S* 74782 May 15 14:39:09 160.85.172.23:2118 -> xxx.yyy.1.1:8000 SYN ******S* May 15 14:39:09 160.85.172.23:2119 -> xxx.yyy.1.2:8000 SYN ******S* May 15 14:39:11 160.85.172.23:2120 -> xxx.yyy.1.3:8000 SYN ******S* May 15 14:39:11 160.85.172.23:2121 -> xxx.yyy.1.4:8000 SYN ******S* May 15 14:39:11 160.85.172.23:2122 -> xxx.yyy.1.5:8000 SYN ******S* May 15 14:39:11 160.85.172.23:2123 -> xxx.yyy.1.6:8000 SYN ******S* May 15 14:39:08 160.85.172.23:2124 -> xxx.yyy.1.7:8000 SYN ******S* May 15 14:39:11 160.85.172.23:2125 -> xxx.yyy.1.8:8000 SYN ******S* [...] May 15 14:50:06 160.85.172.23:4964 -> xxx.yyy.255.244:8000 SYN ******S* May 15 14:50:06 160.85.172.23:4966 -> xxx.yyy.255.246:8000 SYN ******S* May 15 14:50:06 160.85.172.23:4967 -> xxx.yyy.255.247:8000 SYN ******S* May 15 14:50:06 160.85.172.23:4968 -> xxx.yyy.255.248:8000 SYN ******S* May 15 14:50:06 160.85.172.23:4969 -> xxx.yyy.255.249:8000 SYN ******S* May 15 14:50:06 160.85.172.23:4970 -> xxx.yyy.255.250:8000 SYN ******S* May 15 14:50:06 160.85.172.23:4971 -> xxx.yyy.255.251:8000 SYN ******S* May 15 14:50:06 160.85.172.23:4972 -> xxx.yyy.255.252:8000 SYN ******S* May 15 14:50:06 160.85.172.23:4974 -> xxx.yyy.255.254:8000 SYN ******S* 73109 May 15 08:54:55 131.155.184.26:2379 -> xxx.yyy.1.1:4899 SYN ******S* May 15 08:54:55 131.155.184.26:2380 -> xxx.yyy.1.2:4899 SYN ******S* May 15 08:54:56 131.155.184.26:2381 -> xxx.yyy.1.3:4899 SYN ******S* May 15 08:54:56 131.155.184.26:2382 -> xxx.yyy.1.4:4899 SYN ******S* May 15 08:54:56 131.155.184.26:2383 -> xxx.yyy.1.5:4899 SYN ******S* May 15 08:54:54 131.155.184.26:2384 -> xxx.yyy.1.6:4899 SYN ******S* May 15 08:54:57 131.155.184.26:2385 -> xxx.yyy.1.7:4899 SYN ******S* May 15 08:54:57 131.155.184.26:2386 -> xxx.yyy.1.8:4899 SYN ******S* [...] May 15 09:05:49 131.155.184.26:1346 -> xxx.yyy.255.245:4899 SYN ******S* May 15 09:05:49 131.155.184.26:1343 -> xxx.yyy.255.242:4899 SYN ******S* May 15 09:05:49 131.155.184.26:1350 -> xxx.yyy.255.249:4899 SYN ******S* May 15 09:05:49 131.155.184.26:1347 -> xxx.yyy.255.246:4899 SYN ******S* May 15 09:05:49 131.155.184.26:1344 -> xxx.yyy.255.243:4899 SYN ******S* May 15 09:05:49 131.155.184.26:1348 -> xxx.yyy.255.247:4899 SYN ******S* May 15 09:05:49 131.155.184.26:1342 -> xxx.yyy.255.241:4899 SYN ******S* May 15 09:05:49 131.155.184.26:1349 -> xxx.yyy.255.248:4899 SYN ******S* 73014 May 15 17:48:35 217.57.226.156:4227 -> xxx.yyy.1.1:139 SYN ******S* May 15 17:48:35 217.57.226.156:4228 -> xxx.yyy.1.2:139 SYN ******S* May 15 17:48:35 217.57.226.156:4229 -> xxx.yyy.1.3:139 SYN ******S* May 15 17:48:32 217.57.226.156:4230 -> xxx.yyy.1.4:139 SYN ******S* May 15 17:48:35 217.57.226.156:4231 -> xxx.yyy.1.5:139 SYN ******S* May 15 17:48:36 217.57.226.156:4232 -> xxx.yyy.1.6:139 SYN ******S* May 15 17:48:35 217.57.226.156:4233 -> xxx.yyy.1.7:139 SYN ******S* May 15 17:48:35 217.57.226.156:4234 -> xxx.yyy.1.8:139 SYN ******S* [...] May 15 17:59:32 217.57.226.156:3213 -> xxx.yyy.255.245:139 SYN ******S* May 15 17:59:32 217.57.226.156:3217 -> xxx.yyy.255.249:139 SYN ******S* May 15 17:59:32 217.57.226.156:3214 -> xxx.yyy.255.246:139 SYN ******S* May 15 17:59:32 217.57.226.156:3211 -> xxx.yyy.255.243:139 SYN ******S* May 15 17:59:32 217.57.226.156:3218 -> xxx.yyy.255.250:139 SYN ******S* May 15 17:59:32 217.57.226.156:3215 -> xxx.yyy.255.247:139 SYN ******S* May 15 17:59:32 217.57.226.156:3212 -> xxx.yyy.255.244:139 SYN ******S* May 15 17:59:32 217.57.226.156:3222 -> xxx.yyy.255.254:139 SYN ******S* May 15 17:59:32 217.57.226.156:3221 -> xxx.yyy.255.253:139 SYN ******S* 72954 May 15 16:03:53 80.191.163.12:1568 -> xxx.yyy.1.1:6129 SYN ******S* May 15 16:03:53 80.191.163.12:1569 -> xxx.yyy.1.2:6129 SYN ******S* May 15 16:03:54 80.191.163.12:1570 -> xxx.yyy.1.3:6129 SYN ******S* May 15 16:03:54 80.191.163.12:1571 -> xxx.yyy.1.4:6129 SYN ******S* May 15 16:03:54 80.191.163.12:1572 -> xxx.yyy.1.5:6129 SYN ******S* May 15 16:03:54 80.191.163.12:1573 -> xxx.yyy.1.6:6129 SYN ******S* May 15 16:03:54 80.191.163.12:1574 -> xxx.yyy.1.7:6129 SYN ******S* May 15 16:03:54 80.191.163.12:1575 -> xxx.yyy.1.8:6129 SYN ******S* [...] May 15 16:14:49 80.191.163.12:4201 -> xxx.yyy.255.247:6129 SYN ******S* May 15 16:14:49 80.191.163.12:4198 -> xxx.yyy.255.244:6129 SYN ******S* May 15 16:14:49 80.191.163.12:4195 -> xxx.yyy.255.241:6129 SYN ******S* May 15 16:14:49 80.191.163.12:4208 -> xxx.yyy.255.254:6129 SYN ******S* May 15 16:14:49 80.191.163.12:4205 -> xxx.yyy.255.251:6129 SYN ******S* May 15 16:14:49 80.191.163.12:4206 -> xxx.yyy.255.252:6129 SYN ******S* May 15 16:14:49 80.191.163.12:4203 -> xxx.yyy.255.249:6129 SYN ******S* May 15 16:14:49 80.191.163.12:4207 -> xxx.yyy.255.253:6129 SYN ******S* May 15 16:14:49 80.191.163.12:4204 -> xxx.yyy.255.250:6129 SYN ******S* 72431 May 15 02:51:01 61.35.191.42:1854 -> xxx.yyy.1.1:6129 SYN ******S* May 15 02:51:01 61.35.191.42:1855 -> xxx.yyy.1.2:6129 SYN ******S* May 15 02:51:02 61.35.191.42:1856 -> xxx.yyy.1.3:6129 SYN ******S* May 15 02:51:02 61.35.191.42:1857 -> xxx.yyy.1.4:6129 SYN ******S* May 15 02:51:02 61.35.191.42:1858 -> xxx.yyy.1.5:6129 SYN ******S* May 15 02:50:59 61.35.191.42:1859 -> xxx.yyy.1.6:6129 SYN ******S* May 15 02:50:59 61.35.191.42:1860 -> xxx.yyy.1.7:6129 SYN ******S* May 15 02:51:02 61.35.191.42:1861 -> xxx.yyy.1.8:6129 SYN ******S* [...] May 15 03:04:07 61.35.191.42:3699 -> xxx.yyy.255.247:6129 SYN ******S* May 15 03:04:07 61.35.191.42:3700 -> xxx.yyy.255.248:6129 SYN ******S* May 15 03:04:07 61.35.191.42:3696 -> xxx.yyy.255.244:6129 SYN ******S* May 15 03:04:07 61.35.191.42:3706 -> xxx.yyy.255.254:6129 SYN ******S* May 15 03:04:07 61.35.191.42:3703 -> xxx.yyy.255.251:6129 SYN ******S* May 15 03:04:07 61.35.191.42:3704 -> xxx.yyy.255.252:6129 SYN ******S* May 15 03:04:07 61.35.191.42:3702 -> xxx.yyy.255.250:6129 SYN ******S* May 15 03:04:07 61.35.191.42:3705 -> xxx.yyy.255.253:6129 SYN ******S* 71927 May 15 11:02:49 212.150.41.17:1421 -> xxx.yyy.1.1:20168 SYN ******S* May 15 11:02:47 212.150.41.17:1423 -> xxx.yyy.1.3:20168 SYN ******S* May 15 11:02:50 212.150.41.17:1424 -> xxx.yyy.1.4:20168 SYN ******S* May 15 11:02:49 212.150.41.17:1422 -> xxx.yyy.1.2:20168 SYN ******S* May 15 11:02:50 212.150.41.17:1425 -> xxx.yyy.1.5:20168 SYN ******S* May 15 11:02:50 212.150.41.17:1427 -> xxx.yyy.1.7:20168 SYN ******S* May 15 11:02:50 212.150.41.17:1428 -> xxx.yyy.1.8:20168 SYN ******S* May 15 11:02:50 212.150.41.17:1426 -> xxx.yyy.1.6:20168 SYN ******S* [...] May 15 11:14:30 212.150.41.17:4153 -> xxx.yyy.255.164:20168 SYN ******S* May 15 11:14:30 212.150.41.17:4154 -> xxx.yyy.255.165:20168 SYN ******S* May 15 11:14:30 212.150.41.17:4156 -> xxx.yyy.255.167:20168 SYN ******S* May 15 11:14:30 212.150.41.17:4158 -> xxx.yyy.255.169:20168 SYN ******S* May 15 11:14:30 212.150.41.17:4160 -> xxx.yyy.255.171:20168 SYN ******S* May 15 11:14:30 212.150.41.17:4157 -> xxx.yyy.255.168:20168 SYN ******S* May 15 11:14:30 212.150.41.17:4163 -> xxx.yyy.255.174:20168 SYN ******S* May 15 11:14:30 212.150.41.17:4162 -> xxx.yyy.255.173:20168 SYN ******S* 71731 May 15 20:38:54 64.109.61.3:3612 -> xxx.yyy.1.1:443 SYN ******S* May 15 20:38:54 64.109.61.3:3613 -> xxx.yyy.1.2:443 SYN ******S* May 15 20:38:56 64.109.61.3:3614 -> xxx.yyy.1.3:443 SYN ******S* May 15 20:38:56 64.109.61.3:3615 -> xxx.yyy.1.4:443 SYN ******S* May 15 20:38:56 64.109.61.3:3616 -> xxx.yyy.1.5:443 SYN ******S* May 15 20:38:56 64.109.61.3:3617 -> xxx.yyy.1.6:443 SYN ******S* May 15 20:38:56 64.109.61.3:3618 -> xxx.yyy.1.7:443 SYN ******S* May 15 20:38:53 64.109.61.3:3619 -> xxx.yyy.1.8:443 SYN ******S* [...] May 15 20:50:35 64.109.61.3:4432 -> xxx.yyy.255.244:443 SYN ******S* May 15 20:50:35 64.109.61.3:4433 -> xxx.yyy.255.245:443 SYN ******S* May 15 20:50:35 64.109.61.3:4434 -> xxx.yyy.255.246:443 SYN ******S* May 15 20:50:35 64.109.61.3:4435 -> xxx.yyy.255.247:443 SYN ******S* May 15 20:50:35 64.109.61.3:4436 -> xxx.yyy.255.248:443 SYN ******S* May 15 20:50:35 64.109.61.3:4439 -> xxx.yyy.255.251:443 SYN ******S* May 15 20:50:35 64.109.61.3:4440 -> xxx.yyy.255.252:443 SYN ******S* May 15 20:50:35 64.109.61.3:4441 -> xxx.yyy.255.253:443 SYN ******S* May 15 20:50:35 64.109.61.3:4442 -> xxx.yyy.255.254:443 SYN ******S* 71096 May 15 00:00:03 68.186.232.40:2771 -> xxx.yyy.237.60:2745 SYN ******S* May 15 00:00:03 68.186.232.40:2781 -> xxx.yyy.83.153:1025 SYN ******S* May 15 00:00:03 68.186.232.40:2779 -> xxx.yyy.83.153:2745 SYN ******S* May 15 00:00:04 68.186.232.40:2794 -> xxx.yyy.218.170:2745 SYN ******S* May 15 00:00:04 68.186.232.40:2916 -> xxx.yyy.168.212:2745 SYN ******S* May 15 00:00:05 68.186.232.40:2888 -> xxx.yyy.235.85:2745 SYN ******S* May 15 00:00:05 68.186.232.40:2924 -> xxx.yyy.137.255:2745 SYN ******S* May 15 00:00:06 68.186.232.40:2895 -> xxx.yyy.252.26:2745 SYN ******S* [...] May 15 11:02:28 68.186.232.40:3791 -> xxx.yyy.17.244:2745 SYN ******S* May 15 11:02:32 68.186.232.40:3805 -> xxx.yyy.175.55:2745 SYN ******S* May 15 11:02:33 68.186.232.40:3732 -> xxx.yyy.231.222:2745 SYN ******S* May 15 11:02:34 68.186.232.40:3791 -> xxx.yyy.17.244:2745 SYN ******S* May 15 11:02:35 68.186.232.40:3739 -> xxx.yyy.222.207:2745 SYN ******S* May 15 11:02:38 68.186.232.40:3809 -> xxx.yyy.210.253:2745 SYN ******S* May 15 11:02:36 68.186.232.40:3745 -> xxx.yyy.91.115:2745 SYN ******S* May 15 11:02:36 68.186.232.40:3805 -> xxx.yyy.175.55:2745 SYN ******S* May 15 11:02:37 68.186.232.40:3764 -> xxx.yyy.135.96:2745 SYN ******S* 62483 May 15 13:35:58 213.196.220.16:3364 -> xxx.yyy.196.115:2745 SYN ******S* May 15 13:35:58 213.196.220.16:3371 -> xxx.yyy.196.115:1025 SYN ******S* May 15 13:35:58 213.196.220.16:3374 -> xxx.yyy.196.115:445 SYN ******S* May 15 13:35:58 213.196.220.16:3379 -> xxx.yyy.196.115:3127 SYN ******S* May 15 13:35:58 213.196.220.16:3380 -> xxx.yyy.196.115:6129 SYN ******S* May 15 13:35:58 213.196.220.16:3387 -> xxx.yyy.196.115:139 SYN ******S* May 15 13:36:06 213.196.220.16:3387 -> xxx.yyy.196.115:139 SYN ******S* May 15 13:36:06 213.196.220.16:3380 -> xxx.yyy.196.115:6129 SYN ******S* [...] May 15 23:59:54 213.196.220.16:3554 -> xxx.yyy.82.123:2745 SYN ******S* May 15 23:59:54 213.196.220.16:4197 -> xxx.yyy.67.228:2745 SYN ******S* May 15 23:59:55 213.196.220.16:4485 -> xxx.yyy.15.133:2745 SYN ******S* May 15 23:59:55 213.196.220.16:3430 -> xxx.yyy.174.145:2745 SYN ******S* May 15 23:59:55 213.196.220.16:3348 -> xxx.yyy.143.110:2745 SYN ******S* May 15 23:59:55 213.196.220.16:4048 -> xxx.yyy.74.198:2745 SYN ******S* May 15 23:59:56 213.196.220.16:3929 -> xxx.yyy.66.28:2745 SYN ******S* May 15 23:59:56 213.196.220.16:4739 -> xxx.yyy.169.126:2745 SYN ******S* 51221 May 15 00:00:33 209.63.202.201:2615 -> xxx.yyy.138.138:2745 SYN ******S* May 15 00:00:34 209.63.202.201:2656 -> xxx.yyy.141.177:2745 SYN ******S* May 15 00:00:34 209.63.202.201:2711 -> xxx.yyy.85.175:2745 SYN ******S* May 15 00:00:33 209.63.202.201:2016 -> xxx.yyy.182.37:2745 SYN ******S* May 15 00:00:36 209.63.202.201:2939 -> xxx.yyy.12.221:2745 SYN ******S* May 15 00:00:36 209.63.202.201:2943 -> xxx.yyy.12.221:3127 SYN ******S* May 15 00:00:37 209.63.202.201:2336 -> xxx.yyy.186.108:2745 SYN ******S* May 15 00:00:39 209.63.202.201:2615 -> xxx.yyy.138.138:2745 SYN ******S* [...] May 15 23:59:48 209.63.202.201:3739 -> xxx.yyy.171.152:2745 SYN ******S* May 15 23:59:48 209.63.202.201:3821 -> xxx.yyy.174.218:2745 SYN ******S* May 15 23:59:50 209.63.202.201:4449 -> xxx.yyy.69.223:2745 SYN ******S* May 15 23:59:53 209.63.202.201:4449 -> xxx.yyy.69.223:2745 SYN ******S* May 15 23:59:54 209.63.202.201:4802 -> xxx.yyy.204.121:2745 SYN ******S* May 15 23:59:54 209.63.202.201:3739 -> xxx.yyy.171.152:2745 SYN ******S* May 15 23:59:54 209.63.202.201:3821 -> xxx.yyy.174.218:2745 SYN ******S* May 15 23:59:56 209.63.202.201:4802 -> xxx.yyy.204.121:2745 SYN ******S* 48078 May 15 12:09:38 200.23.18.126:3035 -> xxx.yyy.1.1:1433 SYN ******S* May 15 12:09:38 200.23.18.126:3036 -> xxx.yyy.1.2:1433 SYN ******S* May 15 12:09:38 200.23.18.126:3037 -> xxx.yyy.1.3:1433 SYN ******S* May 15 12:09:38 200.23.18.126:3038 -> xxx.yyy.1.4:1433 SYN ******S* May 15 12:09:38 200.23.18.126:3039 -> xxx.yyy.1.5:1433 SYN ******S* May 15 12:09:38 200.23.18.126:3040 -> xxx.yyy.1.6:1433 SYN ******S* May 15 12:09:38 200.23.18.126:3041 -> xxx.yyy.1.7:1433 SYN ******S* May 15 12:09:38 200.23.18.126:3042 -> xxx.yyy.1.8:1433 SYN ******S* [...] May 15 12:20:41 200.23.18.126:2675 -> xxx.yyy.255.249:1433 SYN ******S* May 15 12:20:41 200.23.18.126:2672 -> xxx.yyy.255.246:1433 SYN ******S* May 15 12:20:41 200.23.18.126:2669 -> xxx.yyy.255.243:1433 SYN ******S* May 15 12:20:41 200.23.18.126:2676 -> xxx.yyy.255.250:1433 SYN ******S* May 15 12:20:41 200.23.18.126:2673 -> xxx.yyy.255.247:1433 SYN ******S* May 15 12:20:41 200.23.18.126:2670 -> xxx.yyy.255.244:1433 SYN ******S* May 15 12:20:41 200.23.18.126:2680 -> xxx.yyy.255.254:1433 SYN ******S* May 15 12:20:41 200.23.18.126:2678 -> xxx.yyy.255.252:1433 SYN ******S* May 15 12:20:41 200.23.18.126:2679 -> xxx.yyy.255.253:1433 SYN ******S* 47494 May 15 09:50:29 61.95.154.8:62860 -> xxx.yyy.150.130:2745 SYN ******S* May 15 09:50:31 61.95.154.8:62864 -> xxx.yyy.151.42:2745 SYN ******S* May 15 09:50:35 61.95.154.8:62877 -> xxx.yyy.201.219:2745 SYN ******S* May 15 09:50:32 61.95.154.8:62877 -> xxx.yyy.85.119:2745 SYN ******S* May 15 09:50:32 61.95.154.8:62877 -> xxx.yyy.85.119:1025 SYN ******S* May 15 09:50:32 61.95.154.8:62877 -> xxx.yyy.85.119:3127 SYN ******S* May 15 09:50:32 61.95.154.8:62877 -> xxx.yyy.85.119:6129 SYN ******S* May 15 09:50:35 61.95.154.8:62885 -> xxx.yyy.202.234:2745 SYN ******S* [...] May 15 23:59:56 61.95.154.8:63492 -> xxx.yyy.233.36:3127 SYN ******S* May 15 23:59:56 61.95.154.8:63492 -> xxx.yyy.233.36:1025 SYN ******S* May 15 23:59:56 61.95.154.8:63492 -> xxx.yyy.233.36:2745 SYN ******S* May 15 23:59:57 61.95.154.8:63499 -> xxx.yyy.241.28:1025 SYN ******S* May 15 23:59:58 61.95.154.8:63515 -> xxx.yyy.171.208:2745 SYN ******S* May 15 23:59:58 61.95.154.8:63515 -> xxx.yyy.171.208:1025 SYN ******S* May 15 23:59:58 61.95.154.8:63515 -> xxx.yyy.171.208:3127 SYN ******S* May 15 23:59:58 61.95.154.8:63515 -> xxx.yyy.171.208:6129 SYN ******S* 27431 May 15 15:03:20 217.186.3.120:2245 -> xxx.yyy.1.0:1433 SYN ******S* May 15 15:03:20 217.186.3.120:2248 -> xxx.yyy.1.1:1433 SYN ******S* May 15 15:03:20 217.186.3.120:2251 -> xxx.yyy.1.2:1433 SYN ******S* May 15 15:03:20 217.186.3.120:2253 -> xxx.yyy.1.3:1433 SYN ******S* May 15 15:03:23 217.186.3.120:2256 -> xxx.yyy.1.4:1433 SYN ******S* May 15 15:03:23 217.186.3.120:2259 -> xxx.yyy.1.5:1433 SYN ******S* May 15 15:03:23 217.186.3.120:2263 -> xxx.yyy.1.6:1433 SYN ******S* May 15 15:03:23 217.186.3.120:2266 -> xxx.yyy.1.7:1433 SYN ******S* [...] May 15 15:43:23 217.186.3.120:3689 -> xxx.yyy.152.117:1433 SYN ******S* May 15 15:43:23 217.186.3.120:3695 -> xxx.yyy.152.119:1433 SYN ******S* May 15 15:43:23 217.186.3.120:3698 -> xxx.yyy.152.120:1433 SYN ******S* May 15 15:43:23 217.186.3.120:3701 -> xxx.yyy.152.121:1433 SYN ******S* May 15 15:43:23 217.186.3.120:3707 -> xxx.yyy.152.123:1433 SYN ******S* May 15 15:43:23 217.186.3.120:3710 -> xxx.yyy.152.124:1433 SYN ******S* May 15 15:43:23 217.186.3.120:3713 -> xxx.yyy.152.125:1433 SYN ******S* May 15 15:43:23 217.186.3.120:3719 -> xxx.yyy.152.127:1433 SYN ******S* May 15 15:43:24 217.186.3.120:3734 -> xxx.yyy.152.132:1433 SYN ******S* 24576 May 15 22:20:23 211.147.203.68:12714 -> xxx.yyy.161.238:1025 SYN ******S* May 15 22:20:23 211.147.203.68:13453 -> xxx.yyy.161.238:2745 SYN ******S* May 15 22:20:26 211.147.203.68:13672 -> xxx.yyy.104.79:2745 SYN ******S* May 15 22:20:28 211.147.203.68:15034 -> xxx.yyy.144.127:2745 SYN ******S* May 15 22:20:28 211.147.203.68:14934 -> xxx.yyy.144.127:1025 SYN ******S* May 15 22:20:26 211.147.203.68:13300 -> xxx.yyy.232.88:1025 SYN ******S* May 15 22:20:26 211.147.203.68:13914 -> xxx.yyy.232.88:2745 SYN ******S* May 15 22:20:26 211.147.203.68:14545 -> xxx.yyy.241.97:2745 SYN ******S* [...] May 15 23:59:57 211.147.203.68:14018 -> xxx.yyy.68.195:2745 SYN ******S* May 15 23:59:57 211.147.203.68:12805 -> xxx.yyy.68.195:1025 SYN ******S* May 15 23:59:57 211.147.203.68:14133 -> xxx.yyy.68.195:6129 SYN ******S* May 15 23:59:57 211.147.203.68:12913 -> xxx.yyy.68.195:3127 SYN ******S* May 15 23:59:57 211.147.203.68:13091 -> xxx.yyy.68.195:80 SYN ******S* May 15 23:59:59 211.147.203.68:12444 -> xxx.yyy.78.141:1025 SYN ******S* May 15 23:59:59 211.147.203.68:13702 -> xxx.yyy.78.141:3127 SYN ******S* May 15 23:59:59 211.147.203.68:14022 -> xxx.yyy.78.141:6129 SYN ******S* May 15 23:59:59 211.147.203.68:14071 -> xxx.yyy.78.141:80 SYN ******S* 24003 May 15 09:50:31 203.195.216.122:3589 -> xxx.yyy.79.241:1025 SYN ******S* May 15 09:50:31 203.195.216.122:3591 -> xxx.yyy.79.241:3127 SYN ******S* May 15 09:50:33 203.195.216.122:3587 -> xxx.yyy.79.241:2745 SYN ******S* May 15 09:50:33 203.195.216.122:3592 -> xxx.yyy.79.241:6129 SYN ******S* May 15 09:50:35 203.195.216.122:3318 -> xxx.yyy.104.203:2745 SYN ******S* May 15 09:50:36 203.195.216.122:2522 -> xxx.yyy.182.154:1025 SYN ******S* May 15 09:50:36 203.195.216.122:2520 -> xxx.yyy.182.154:2745 SYN ******S* May 15 09:50:36 203.195.216.122:2524 -> xxx.yyy.182.154:3127 SYN ******S* [...] May 15 23:59:54 203.195.216.122:1963 -> xxx.yyy.153.33:1025 SYN ******S* May 15 23:59:58 203.195.216.122:4265 -> xxx.yyy.221.52:2745 SYN ******S* May 15 23:59:58 203.195.216.122:4276 -> xxx.yyy.221.52:3127 SYN ******S* May 15 23:59:55 203.195.216.122:4278 -> xxx.yyy.221.52:6129 SYN ******S* May 15 23:59:58 203.195.216.122:4274 -> xxx.yyy.221.52:1025 SYN ******S* May 15 23:59:56 203.195.216.122:3942 -> xxx.yyy.186.167:1025 SYN ******S* May 15 23:59:56 203.195.216.122:1961 -> xxx.yyy.153.33:2745 SYN ******S* May 15 23:59:59 203.195.216.122:1963 -> xxx.yyy.153.33:1025 SYN ******S* May 15 23:59:58 203.195.216.122:1550 -> xxx.yyy.165.145:2745 SYN ******S* 18967 May 15 00:00:37 202.108.87.126:20792 -> xxx.yyy.151.199:2745 SYN ******S* May 15 00:00:39 202.108.87.126:7068 -> xxx.yyy.193.29:2745 SYN ******S* May 15 00:00:39 202.108.87.126:3898 -> xxx.yyy.193.29:1025 SYN ******S* May 15 00:00:41 202.108.87.126:20870 -> xxx.yyy.209.229:2745 SYN ******S* May 15 00:00:38 202.108.87.126:23267 -> xxx.yyy.167.249:2745 SYN ******S* May 15 00:00:42 202.108.87.126:23267 -> xxx.yyy.167.249:2745 SYN ******S* May 15 00:00:44 202.108.87.126:20792 -> xxx.yyy.151.199:2745 SYN ******S* May 15 00:00:46 202.108.87.126:7068 -> xxx.yyy.193.29:2745 SYN ******S* [...] May 15 23:57:50 202.108.87.126:63270 -> xxx.yyy.186.253:2745 SYN ******S* May 15 23:57:50 202.108.87.126:63273 -> xxx.yyy.186.253:6129 SYN ******S* May 15 23:57:50 202.108.87.126:63274 -> xxx.yyy.186.253:80 SYN ******S* May 15 23:57:50 202.108.87.126:63272 -> xxx.yyy.186.253:3127 SYN ******S* May 15 23:57:51 202.108.87.126:63498 -> xxx.yyy.232.244:1025 SYN ******S* May 15 23:57:51 202.108.87.126:63500 -> xxx.yyy.232.244:3127 SYN ******S* May 15 23:57:54 202.108.87.126:63647 -> xxx.yyy.201.30:2745 SYN ******S* May 15 23:57:55 202.108.87.126:64153 -> xxx.yyy.205.244:2745 SYN ******S* May 15 23:57:59 202.108.87.126:64153 -> xxx.yyy.205.244:2745 SYN ******S* 17518 May 15 09:50:33 211.147.203.67:13611 -> xxx.yyy.20.193:2745 SYN ******S* May 15 09:50:39 211.147.203.67:14043 -> xxx.yyy.84.106:2745 SYN ******S* May 15 09:50:39 211.147.203.67:12399 -> xxx.yyy.84.106:1025 SYN ******S* May 15 09:50:39 211.147.203.67:13588 -> xxx.yyy.84.106:3127 SYN ******S* May 15 09:50:36 211.147.203.67:12915 -> xxx.yyy.84.106:80 SYN ******S* May 15 09:50:39 211.147.203.67:12624 -> xxx.yyy.193.4:2745 SYN ******S* May 15 09:50:39 211.147.203.67:13297 -> xxx.yyy.193.4:3127 SYN ******S* May 15 09:50:39 211.147.203.67:12581 -> xxx.yyy.193.4:1025 SYN ******S* [...] May 15 23:59:54 211.147.203.67:15445 -> xxx.yyy.211.211:6129 SYN ******S* May 15 23:59:54 211.147.203.67:15381 -> xxx.yyy.211.211:80 SYN ******S* May 15 23:59:54 211.147.203.67:14507 -> xxx.yyy.32.44:2745 SYN ******S* May 15 23:59:54 211.147.203.67:16006 -> xxx.yyy.32.44:3127 SYN ******S* May 15 23:59:54 211.147.203.67:15082 -> xxx.yyy.32.44:1025 SYN ******S* May 15 23:59:54 211.147.203.67:15622 -> xxx.yyy.32.44:6129 SYN ******S* May 15 23:59:54 211.147.203.67:15081 -> xxx.yyy.32.44:80 SYN ******S* May 15 23:59:55 211.147.203.67:14263 -> xxx.yyy.85.71:1025 SYN ******S* May 15 23:59:55 211.147.203.67:12328 -> xxx.yyy.85.71:2745 SYN ******S* 16228 May 15 09:50:34 202.63.117.165:3387 -> xxx.yyy.146.102:1025 SYN ******S* May 15 09:50:34 202.63.117.165:3385 -> xxx.yyy.146.102:2745 SYN ******S* May 15 09:50:34 202.63.117.165:3428 -> xxx.yyy.186.68:2745 SYN ******S* May 15 09:50:34 202.63.117.165:3430 -> xxx.yyy.186.68:1025 SYN ******S* May 15 09:50:34 202.63.117.165:3432 -> xxx.yyy.186.68:3127 SYN ******S* May 15 09:50:34 202.63.117.165:3433 -> xxx.yyy.186.68:6129 SYN ******S* May 15 09:50:36 202.63.117.165:2905 -> xxx.yyy.165.227:2745 SYN ******S* May 15 09:50:36 202.63.117.165:3617 -> xxx.yyy.178.93:2745 SYN ******S* [...] May 15 23:54:42 202.63.117.165:2055 -> xxx.yyy.162.170:1025 SYN ******S* May 15 23:54:42 202.63.117.165:2053 -> xxx.yyy.162.170:2745 SYN ******S* May 15 23:56:19 202.63.117.165:1887 -> xxx.yyy.172.225:2745 SYN ******S* May 15 23:56:19 202.63.117.165:1889 -> xxx.yyy.172.225:1025 SYN ******S* May 15 23:56:19 202.63.117.165:1891 -> xxx.yyy.172.225:3127 SYN ******S* May 15 23:56:19 202.63.117.165:1892 -> xxx.yyy.172.225:6129 SYN ******S* May 15 23:56:17 202.63.117.165:3352 -> xxx.yyy.248.32:3127 SYN ******S* May 15 23:56:17 202.63.117.165:3350 -> xxx.yyy.248.32:1025 SYN ******S* 13163 May 15 00:00:07 81.173.170.191:3628 -> xxx.yyy.161.107:2745 SYN ******S* May 15 00:00:09 81.173.170.191:3387 -> xxx.yyy.136.100:2745 SYN ******S* May 15 00:00:09 81.173.170.191:3923 -> xxx.yyy.210.13:2745 SYN ******S* May 15 00:00:12 81.173.170.191:3568 -> xxx.yyy.93.52:2745 SYN ******S* May 15 00:00:09 81.173.170.191:3932 -> xxx.yyy.233.252:2745 SYN ******S* May 15 00:00:10 81.173.170.191:3761 -> xxx.yyy.171.37:2745 SYN ******S* May 15 00:00:11 81.173.170.191:4040 -> xxx.yyy.155.98:2745 SYN ******S* May 15 00:00:13 81.173.170.191:3761 -> xxx.yyy.171.37:2745 SYN ******S* [...] May 15 02:01:35 81.173.170.191:4864 -> xxx.yyy.17.148:2745 SYN ******S* May 15 02:01:32 81.173.170.191:4120 -> xxx.yyy.73.179:2745 SYN ******S* May 15 02:01:32 81.173.170.191:4146 -> xxx.yyy.73.179:1025 SYN ******S* May 15 02:01:32 81.173.170.191:4265 -> xxx.yyy.195.155:2745 SYN ******S* May 15 02:01:34 81.173.170.191:4643 -> xxx.yyy.253.110:445 SYN ******S* May 15 02:01:34 81.173.170.191:4634 -> xxx.yyy.253.110:1025 SYN ******S* May 15 02:01:34 81.173.170.191:4579 -> xxx.yyy.253.110:2745 SYN ******S* May 15 02:01:34 81.173.170.191:3310 -> xxx.yyy.176.207:2745 SYN ******S* 12582 May 15 09:50:34 61.95.144.61:1412 -> xxx.yyy.17.25:2745 SYN ******S* May 15 09:50:38 61.95.144.61:1488 -> xxx.yyy.184.226:1025 SYN ******S* May 15 09:50:38 61.95.144.61:1486 -> xxx.yyy.184.226:2745 SYN ******S* May 15 09:50:38 61.95.144.61:1501 -> xxx.yyy.155.189:2745 SYN ******S* May 15 09:50:36 61.95.144.61:1758 -> xxx.yyy.214.197:3127 SYN ******S* May 15 09:50:39 61.95.144.61:1756 -> xxx.yyy.214.197:1025 SYN ******S* May 15 09:50:39 61.95.144.61:1759 -> xxx.yyy.214.197:6129 SYN ******S* May 15 09:50:40 61.95.144.61:1754 -> xxx.yyy.214.197:2745 SYN ******S* [...] May 15 23:59:44 61.95.144.61:3667 -> xxx.yyy.135.184:3127 SYN ******S* May 15 23:59:45 61.95.144.61:3665 -> xxx.yyy.135.184:1025 SYN ******S* May 15 23:59:45 61.95.144.61:3700 -> xxx.yyy.77.100:1025 SYN ******S* May 15 23:59:45 61.95.144.61:3698 -> xxx.yyy.77.100:2745 SYN ******S* May 15 23:59:47 61.95.144.61:3723 -> xxx.yyy.71.232:2745 SYN ******S* May 15 23:59:47 61.95.144.61:3566 -> xxx.yyy.150.22:2745 SYN ******S* May 15 23:59:49 61.95.144.61:3638 -> xxx.yyy.147.153:2745 SYN ******S* May 15 23:59:53 61.95.144.61:4068 -> xxx.yyy.11.183:2745 SYN ******S* 12175 May 15 09:50:51 202.53.76.18:4152 -> xxx.yyy.215.2:2745 SYN ******S* May 15 09:50:51 202.53.76.18:4154 -> xxx.yyy.215.2:1025 SYN ******S* May 15 09:50:51 202.53.76.18:4157 -> xxx.yyy.215.2:6129 SYN ******S* May 15 09:50:52 202.53.76.18:2287 -> xxx.yyy.78.180:2745 SYN ******S* May 15 09:50:52 202.53.76.18:2312 -> xxx.yyy.250.11:2745 SYN ******S* May 15 09:50:52 202.53.76.18:2314 -> xxx.yyy.250.11:1025 SYN ******S* May 15 09:50:52 202.53.76.18:2316 -> xxx.yyy.250.11:3127 SYN ******S* May 15 09:50:52 202.53.76.18:2317 -> xxx.yyy.250.11:6129 SYN ******S* [...] May 15 23:58:49 202.53.76.18:2376 -> xxx.yyy.220.148:2745 SYN ******S* May 15 23:58:49 202.53.76.18:2486 -> xxx.yyy.214.188:2745 SYN ******S* May 15 23:58:52 202.53.76.18:2255 -> xxx.yyy.203.24:2745 SYN ******S* May 15 23:58:53 202.53.76.18:2376 -> xxx.yyy.220.148:2745 SYN ******S* May 15 23:58:57 202.53.76.18:2769 -> xxx.yyy.32.167:2745 SYN ******S* May 15 23:58:58 202.53.76.18:2798 -> xxx.yyy.175.45:2745 SYN ******S* May 15 23:58:59 202.53.76.18:2486 -> xxx.yyy.214.188:2745 SYN ******S* May 15 23:59:00 202.53.76.18:2769 -> xxx.yyy.32.167:2745 SYN ******S* 10963 -- - Ken =========================================================================== Ken Connelly (KC152) Systems and Operations Manager, ITS - Network Services University of Northern Iowa Cedar Falls, IA 50614-0121 email: Ken.Connelly@xxxxxxx phone: (319) 273-5850 fax: (319) 273-7373 _______________________________________________ Intrusions mailing list Intrusions@xxxxxxxxxxxxxx http://www.dshield.org/mailman/listinfo/intrusions