OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Liudvikas Bukys (bukysINFOSEC.ROCHESTER.EDU)
Date: Wed Jan 24 2001 - 10:42:27 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Here's my log summary (chronological) on the same hosts.
    Actually, there's lots more activity during the same time period,
    but the following covers three of my subnets (Class C size) for
    which I have Cisco PIX logs and a convenient log summarizer.

    Looks like either a stealth scan from those hosts or a DoS against
    those hosts. Most of the hosts probed don't actually exist.

    DATES Jan 15 2001 07:41:56 - Jan 24 2001 00:11:40 EVENTS SUMMARIZED 224 IGNORED 0

    Jan 15 2001 22:55:38 - Jan 15 2001 22:55:38 1 deny DENIED-no-connection TCP 216.22.151.67 port 80 <=> 128.151.*.*(UR) port *** flags RST ACK

    Jan 22 2001 21:57:32 - Jan 24 2001 00:10:36 80 deny DENIED-no-connection TCP 209.220.244.18 port 23 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 22 2001 22:14:50 - Jan 23 2001 23:59:44 47 deny DENIED-no-connection TCP 134.53.215.184 port 23 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 22 2001 22:23:03 - Jan 23 2001 23:53:11 44 deny DENIED-no-connection TCP 216.22.151.67 port 23 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 22 2001 23:58:13 - Jan 22 2001 23:58:13 1 deny DENIED-no-connection TCP 209.240.174.2 port 39061 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 00:58:03 - Jan 23 2001 00:58:03 1 deny DENIED-no-connection TCP 209.240.174.2 port 35773 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 03:03:02 - Jan 23 2001 03:03:02 1 deny DENIED-no-connection TCP 209.240.174.2 port 53017 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 03:17:35 - Jan 23 2001 03:17:35 1 deny DENIED-no-connection TCP 209.240.174.2 port 54604 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 03:33:20 - Jan 23 2001 03:33:20 1 deny DENIED-no-connection TCP 209.240.174.2 port 30239 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 04:32:53 - Jan 23 2001 04:32:53 1 deny DENIED-no-connection TCP 209.240.174.2 port 6590 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 04:44:33 - Jan 23 2001 04:44:33 1 deny DENIED-no-connection TCP 209.240.174.2 port 30021 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 06:03:43 - Jan 23 2001 06:03:43 1 deny DENIED-no-connection TCP 209.240.174.2 port 29025 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 07:09:17 - Jan 23 2001 07:09:17 1 deny DENIED-no-connection TCP 209.240.174.2 port 512 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 07:32:27 - Jan 23 2001 07:32:27 1 deny DENIED-no-connection TCP 209.240.174.2 port 10489 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 07:57:49 - Jan 23 2001 07:57:49 1 deny DENIED-no-connection TCP 209.240.174.2 port 17398 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 08:33:56 - Jan 23 2001 08:33:56 1 deny DENIED-no-connection TCP 209.240.174.2 port 64772 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 08:51:44 - Jan 23 2001 08:51:44 1 deny DENIED-no-connection TCP 209.240.174.2 port 24341 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 09:50:38 - Jan 23 2001 09:50:38 1 deny DENIED-no-connection TCP 209.240.174.2 port 38999 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 10:17:20 - Jan 23 2001 10:17:20 1 deny DENIED-no-connection TCP 209.240.174.2 port 33472 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 10:59:32 - Jan 23 2001 10:59:32 1 deny DENIED-no-connection TCP 209.240.174.2 port 32160 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 11:30:17 - Jan 23 2001 11:30:17 1 deny DENIED-no-connection TCP 209.220.244.18 port 23 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 11:34:10 - Jan 23 2001 11:34:10 1 deny DENIED-no-connection TCP 209.240.174.2 port 9029 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 12:30:33 - Jan 23 2001 12:30:33 1 deny DENIED-no-connection TCP 134.53.215.184 port 23 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 12:37:35 - Jan 23 2001 12:37:35 1 deny DENIED-no-connection TCP 209.220.244.18 port 23 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 12:54:29 - Jan 23 2001 12:54:29 1 deny DENIED-no-connection TCP 209.240.174.2 port 11132 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 13:11:43 - Jan 23 2001 13:11:43 1 deny DENIED-no-connection TCP 209.240.174.2 port 59389 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 14:12:35 - Jan 23 2001 14:12:35 1 deny DENIED-no-connection TCP 209.240.174.2 port 50276 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 14:25:57 - Jan 23 2001 14:25:57 1 deny DENIED-no-connection TCP 209.240.174.2 port 21834 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 14:58:38 - Jan 23 2001 14:58:38 1 deny DENIED-no-connection TCP 209.240.174.2 port 34513 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 15:21:36 - Jan 23 2001 15:21:36 1 deny DENIED-no-connection TCP 209.240.174.2 port 19423 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 15:33:38 - Jan 23 2001 15:33:38 1 deny DENIED-no-connection TCP 209.240.174.2 port 44816 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 16:06:45 - Jan 23 2001 16:06:45 1 deny DENIED-no-connection TCP 209.240.174.2 port 45973 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 16:32:32 - Jan 23 2001 16:32:32 1 deny DENIED-no-connection TCP 209.240.174.2 port 16821 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 16:44:05 - Jan 23 2001 16:44:05 1 deny DENIED-no-connection TCP 209.240.174.2 port 21652 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 17:06:57 - Jan 23 2001 17:06:57 1 deny DENIED-no-connection TCP 209.240.174.2 port 57458 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 17:26:52 - Jan 23 2001 17:26:52 1 deny DENIED-no-connection TCP 209.240.174.2 port 41893 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 17:34:34 - Jan 23 2001 17:34:34 1 deny DENIED-no-connection TCP 216.22.151.67 port 23 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 17:44:22 - Jan 23 2001 17:44:22 1 deny DENIED-no-connection TCP 209.240.174.2 port 61707 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 17:50:39 - Jan 23 2001 17:50:39 1 deny DENIED-no-connection TCP 209.240.174.2 port 64012 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 17:58:28 - Jan 23 2001 17:58:28 1 deny DENIED-no-connection TCP 209.240.174.2 port 43283 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 18:50:28 - Jan 23 2001 18:50:28 1 deny DENIED-no-connection TCP 209.240.174.2 port 12565 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 19:01:49 - Jan 23 2001 19:01:49 1 deny DENIED-no-connection TCP 209.240.174.2 port 9309 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 19:35:41 - Jan 23 2001 19:35:41 1 deny DENIED-no-connection TCP 209.240.174.2 port 27193 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 19:42:18 - Jan 23 2001 19:42:18 1 deny DENIED-no-connection TCP 209.240.174.2 port 56440 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 20:09:12 - Jan 23 2001 20:09:12 1 deny DENIED-no-connection TCP 209.240.174.2 port 32582 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 20:46:41 - Jan 23 2001 20:46:41 1 deny DENIED-no-connection TCP 209.240.174.2 port 43395 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 21:39:21 - Jan 23 2001 21:39:21 1 deny DENIED-no-connection TCP 209.240.174.2 port 40410 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 21:44:07 - Jan 23 2001 21:44:07 1 deny DENIED-no-connection TCP 209.240.174.2 port 24755 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 22:12:44 - Jan 23 2001 22:12:44 1 deny DENIED-no-connection TCP 209.240.174.2 port 2726 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 22:32:02 - Jan 23 2001 22:32:02 1 deny DENIED-no-connection TCP 209.240.174.2 port 22208 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 22:33:48 - Jan 23 2001 22:33:48 1 deny DENIED-no-connection TCP 209.240.174.2 port 43961 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 22:51:07 - Jan 23 2001 22:51:07 1 deny DENIED-no-connection TCP 209.240.174.2 port 45748 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 23:22:57 - Jan 23 2001 23:22:57 1 deny DENIED-no-connection TCP 216.22.151.67 port 23 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 23:41:53 - Jan 23 2001 23:41:53 1 deny DENIED-no-connection TCP 209.240.174.2 port 17974 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 23 2001 23:47:37 - Jan 23 2001 23:47:37 1 deny DENIED-no-connection TCP 209.240.174.2 port 48028 <=> 128.151.*.*(UR) port *** flags RST ACK
    Jan 24 2001 00:11:40 - Jan 24 2001 00:11:40 1 deny DENIED-no-connection TCP 209.240.174.2 port 21880 <=> 128.151.*.*(UR) port *** flags RST ACK