|
Security Incidents
mailing list archives
Attack attempts from 195.86.128.45
From: Christian Stigen Larsen <csl () sublevel3 org>
Date: Tue, 6 May 2003 19:36:34 +0200
Hi all,
we've gotten a lot of attempted attacks from 195.86.128.45, which
maps to kes.wirehub.nl. I've already notified abuse () nl easynet net,
but have anybode else seen attacks from this ip ?
From our log:
05/06/2003 12:29:53.048 Sub Seven Attack Dropped 195.86.128.45, 4341, WAN 195.119.0.181, 6776, DMZ
05/06/2003 12:35:54.624 Ripper Attack Dropped 195.86.128.45, 3230, WAN 195.119.0.181, 2023, DMZ
05/06/2003 12:36:18.736 Sub Seven Attack Dropped 195.86.128.45, 1780, WAN 195.119.0.181, 1243, DMZ
05/06/2003 12:43:28.928 Sub Seven Attack Dropped 195.86.128.45, 1627, WAN 195.119.0.181, 6711, DMZ
05/06/2003 12:52:30.176 Ini Killer Attack Dropped 195.86.128.45, 4690, WAN 195.119.0.181, 9989, DMZ
05/06/2003 12:54:06.592 Striker Attack Dropped 195.86.128.45, 1327, WAN 195.119.0.181, 2565, DMZ
05/06/2003 12:59:22.640 Net Spy Attack Dropped 195.86.128.45, 2570, WAN 195.119.0.181, 1024, DMZ
05/06/2003 13:25:08.352 Net Spy Attack Dropped 195.86.128.45, 3754, WAN 195.119.0.181, 1024, DMZ
05/06/2003 13:32:18.144 Striker Attack Dropped 195.86.128.45, 2661, WAN 195.119.0.181, 2565, DMZ
05/06/2003 13:34:10.352 Ini Killer Attack Dropped 195.86.128.45, 2307, WAN 195.119.0.181, 9989, DMZ
05/06/2003 13:42:59.320 Sub Seven Attack Dropped 195.86.128.45, 2832, WAN 195.119.0.181, 6711, DMZ
05/06/2003 13:48:29.528 Sub Seven Attack Dropped 195.86.128.45, 1863, WAN 195.119.0.181, 1243, DMZ
05/06/2003 13:48:41.544 Ripper Attack Dropped 195.86.128.45, 4230, WAN 195.119.0.181, 2023, DMZ
05/06/2003 13:52:18.416 Sub Seven Attack Dropped 195.86.128.45, 3498, WAN 195.119.0.181, 6776, DMZ
05/06/2003 14:12:09.240 NetBus Attack Dropped 195.86.128.45, 3677, WAN 195.119.0.181, 12345, DMZ
05/06/2003 14:36:07.608 Priority Attack Dropped 195.86.128.45, 2045, WAN 195.119.0.181, 16969, DMZ
05/06/2003 15:08:06.576 Priority Attack Dropped 195.86.128.45, 3927, WAN 195.119.0.181, 16969, DMZ
05/06/2003 15:11:52.048 NetBus Attack Dropped 195.86.128.45, 1756, WAN 195.119.0.181, 12345, DMZ
05/06/2003 15:14:22.032 NetBus Attack Dropped 195.86.128.45, 3133, WAN 195.119.0.181, 12345, DMZ
05/06/2003 15:17:39.560 Priority Attack Dropped 195.86.128.45, 2129, WAN 195.119.0.181, 16969, DMZ
05/06/2003 15:47:12.224 NetBus Attack Dropped 195.86.128.45, 3450, WAN 195.119.0.181, 20034, DMZ
05/06/2003 15:51:43.192 NetBus Attack Dropped 195.86.128.45, 4064, WAN 195.119.0.181, 20034, DMZ
05/06/2003 16:38:27.816 Back Orifice Attack Dropped 195.86.128.45, 2249, WAN 195.119.0.181, 31337, DMZ
[...]
Plus numerous portscans.
What should I do next, besides wait for a reply?
--
Christian Stigen Larsen -- http://sublevel3.org/~csl/ -- mob: +47 98 22 02 15
----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-incidents
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Attack attempts from 195.86.128.45 Christian Stigen Larsen (May 06)
|
Intro
