[27708] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Network Probes

daemon@ATHENA.MIT.EDU (Henry R. Linneweh)
Thu Mar 9 16:28:06 2000

Message-ID: <38C811C6.D0988856@concentric.net>
Date: Thu, 09 Mar 2000 13:04:06 -0800
From: "Henry R. Linneweh" <linneweh@concentric.net>
Reply-To: linneweh@concentric.net
MIME-Version: 1.0
To: Scott McGrath <s_mcgrath@bexair.com>
Cc: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu


Vitts Networks (NETBLK-VITT-1BLK)
                    77 Sundial Ave
                    Manchester, NH 03103
                    US

                    Netname: VITT-1BLK
                    Netblock: 216.64.0.0 - 216.64.127.255
                    Maintainer: VITT

                    Coordinator:
                       domreg  (DOM68-ORG-ARIN)  domreg@VITTS.COM
                       603-656-8000
              Fax - 603-656-8100

                    Domain System inverse mapping provided by:

                    NS1.VITTS.COM                216.64.31.76
                    NS2.VITTS.COM                216.64.117.21

                    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

                    Rwhois reassignment information for this block is
available at
                    rwhois.vitts.net 4321

                    Record last updated on 30-Nov-1999.
                    Database last updated on 9-Mar-2000 06:42:18 EDT.

Scott McGrath wrote:

> Hi,
>
> Has anyone else noticed probes against their network with a spoofed
> source address
> and Src (80) and Dst(2183)
>
> ---Snip.
> Mar  8 17:40:16: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 216.52.56.50(80) (Ser
> ial0 *PPP*) -> 216.64.1.198(2183), 1 packet
> .Mar  8 17:44:28: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 208.194.150.10(80) (S
> erial0 *PPP*) -> 216.64.1.142(2183), 1 packet
> .Mar  8 17:45:45: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 216.52.56.50(80) (Ser
> ial0 *PPP*) -> 216.64.1.198(2183), 3 packets
> .Mar  8 17:49:45: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 208.194.150.10(80) (S
> erial0 *PPP*) -> 216.64.1.142(2183), 2 packets
> .Mar  9 07:39:04: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 209.143.228.10(80) (S
> erial0 *PPP*) -> 216.64.1.82(2183), 1 packet
> .Mar  9 07:44:18: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 209.143.228.10(80) (S
> erial0 *PPP*) -> 216.64.1.82(2183), 9 packets
> .Mar  9 09:53:46: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 209.185.181.10(80) (S
> erial0 *PPP*) -> 216.64.1.227(2183), 1 packet
> .Mar  9 09:59:24: %SEC-6-IPACCESSLOGP: list 110 denied tcp
> 209.185.181.10(80) (S
> erial0 *PPP*) -> 216.64.1.227(2183), 9 packets
> .Mar  9 12:11:55: %SEC-6-IPACCESSLOGP: list 110 denied tcp 10.2.1.6(80)
> (Serial0
>  *PPP*) -> 216.64.1.144(1319), 1 packet
> .Mar  9 12:17:29: %SEC-6-IPACCESSLOGP: list 110 denied tcp 10.2.1.6(80)
> (Serial0
>  *PPP*) -> 216.64.1.144(1319), 8 packets
> .Mar  9 12:22:30: %SEC-6-IPACCESSLOGP: list 110 denied tcp 10.2.1.6(80)
> (Serial0
>  *PPP*) -> 216.64.1.144(1319), 4 packets
> ---snip
>
> Thanks

--
Thank you;
|--------------------------------------------|
| Thinking is a learned process so is UNIX   |
|--------------------------------------------|
Henry R. Linneweh


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27708] in North American Network Operators' Group

Re: Network Probes

daemon@ATHENA.MIT.EDU (Henry R. Linneweh)Thu Mar 9 16:28:06 2000

daemon@ATHENA.MIT.EDU (Henry R. Linneweh)
Thu Mar 9 16:28:06 2000