was: Portscan detected from your machine

[hektor () RZ RWTH-AACHEN DE (Jens Hektor)]

Hello,

the following message was erroneously sent to you, because
of wrong information at the APNIC center:

A whois query at APNIC for 212.63.44.1 gives:

        inetnum:     210.24.27.0 - 255.255.255.224
        etc ...

This is obviously incorrect, so APNIC has to correct it's databases.

The correct ISP in Germany was found and has been contacted.

Regards, Jens Hektor

---------------------------

Hello,

our intrusion detection facilities have detected a portscan from one
of your machines. Portscans like this one usually preceede concrete
attacks towards our machine, therefor we consider this portscan as an
"unfriendly act" against our computers.

We think that someone is misusing your system (usually the machine
we notice portscans from are cracked).

Check your system and ensure that this does not happen again.

Here follow the logs:
----------------------------------------

/var/log/advanced/local7.info:Jun 17 19:36:09 cisco-rz 40179: Jun 17
19:36:08.444 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(911) ->
134.130.27.9(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:36:19 cisco-rz 40185: Jun 17
19:36:18.064 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(1013) ->
137.226.112.21(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:36:39 cisco-rz 40186: Jun 17
19:36:38.068 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(904) ->
153.96.180.2(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:36:44 cisco-rz 40187: Jun 17
19:36:43.156 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(905) ->
153.96.180.2(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:36:49 cisco-rz 40188: Jun 17
19:36:48.676 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(1016) ->
137.226.144.3(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:37:18 cisco-rz 40194: Jun 17
19:37:17.079 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(771) ->
193.174.14.3(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:39:51 cisco-rz 40195: Jun 17
19:39:50.909 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(663) ->
194.94.252.3(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:39:57 cisco-rz 40196: Jun 17
19:39:56.012 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(666) ->
194.94.252.3(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:40:02 cisco-rz 40197: Jun 17
19:40:01.072 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(667) ->
194.94.253.3(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:41:53 cisco-rz 40198: Jun 17
19:41:52.386 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(904) ->
153.96.180.2(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:42:17 cisco-rz 40209: Jun 17
19:42:16.358 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(941) ->
195.37.137.10(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:42:27 cisco-rz 40210: Jun 17
19:42:26.470 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(942) ->
195.37.137.10(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:42:53 cisco-rz 40211: Jun 17
19:42:52.401 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(790) ->
193.174.14.3(111), 2 packets
/var/log/advanced/local7.info:Jun 17 19:44:53 cisco-rz 40217: Jun 17
19:44:52.431 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(663) ->
194.94.252.3(111), 1 packet
/var/log/advanced/local7.info:Jun 17 19:45:53 cisco-rz 40218: Jun 17
19:45:52.445 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(667) ->
194.94.253.3(111), 3 packets
/var/log/advanced/local7.info:Jun 17 19:47:53 cisco-rz 40219: Jun 17
19:47:52.475 MEZS: %SEC-6-IPACCESSLOGP: list 110 denied udp 212.63.44.1(941) ->
195.37.137.10(111), 2 packets

----------------------------------------

Local time is MET (GMT+1) or MEST (GMT+2)
during daylight savings period.

Regards, Jens Hektor

--
Jens Hektor, RWTH Aachen, Rechenzentrum, Seffenter Weg 23, 52074 Aachen
Computing Center Technical University Aachen, firewalls/network security
mailto:hektor () RZ RWTH-Aachen DE, Tel.: +49 241 80 4866
Private: Rochusstr. 26, D52062 Aachen, Fon: +49 241 29888, Fax: % 29889