Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Everything and the kitchen sink.

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 27 Aug 2001 23:22:53 +0200 (CEST)
On Sat, 25 Aug 2001, Sebastian Ip wrote:


Eh yeah I have no idea why this is happening. I don't go on IRC and all i did
today was play Day of Defeat online. I didn't think i pissed anyone off cause
i haven't port scanned anyone.

But here's a short cut from my dshield report it's all from the same ip.


Aug 25 22:39:09 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
ID=22132 PROTO=TCP SPT=1080 DPT=4239 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 25 22:39:11 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
ID=22285 PROTO=TCP SPT=1080 DPT=4236 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 25 22:39:11 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
ID=22287 PROTO=TCP SPT=1080 DPT=4237 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 25 22:39:11 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
ID=22316 PROTO=TCP SPT=1080 DPT=4126 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 25 22:39:12 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
ID=22355 PROTO=TCP SPT=1080 DPT=4239 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 25 22:39:12 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
SRC=212.117.195.110D ST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
ID=22382 PROTO=TCP SPT=1080 DPT=4240 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 25 22:39:14 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
ID=22501 PROTO=TCP SPT=1080 DPT=4238 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 25 22:39:15 shangrila kernel: |Firewall NEW,UNVALID| IN=eth1 OUT=
SRC=212.117.195.110 DST=24.156.214.20 LEN=40 TOS=0x00 PREC=0x00 TTL=232
ID=22581 PROTO=TCP SPT=1080 DPT=4240 WINDOW=0 RES=0x00 ACK RST URGP=0


I guess you see a noisy nmap scan. The DNS info is quite funny:
110.195.117.212.IN-ADDR.ARPA is a nickname for
110.96/27.195.117.212.IN-ADDR.ARPA

I suggest you send a complaint with full log to:

inetnum:      212.117.195.96 - 212.117.195.128
netname:      SYNECTA-CH
descr:        SYNECTA
country:      CH
admin-c:      CB14336-RIPE
tech-c:       MK10485-RIPE
status:       ASSIGNED PA
notify:       mkeller () backbone ch
mnt-by:       BACKBONE-CH-MNT
changed:      mkeller () backbone ch 20010515
source:       RIPE

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: