Attacks:
*******
Goupes or Companies(societies)
having tried to get on my hard disk by deceitful processes!
To see their characteristics:
***********
207.32.18.93(4758)
OrgName: Iowa
Network Services, Inc.
OrgID: IOWA
Address: 312 8th Street
City: Des
Moines
StateProv: IA
PostalCode: 50309
Country: US
NetRange: 207.32.0.0 - 207.32.63.255
CIDR: 207.32.0.0/18
NetName: INS-BLK
NetHandle: NET-207-32-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.NETINS.NET
NameServer: NS2.NETINS.NET
Comment:
RegDate: 1996-02-05
Updated: 2002-08-08
TechHandle: INS-NOC-ARIN
TechName: netINS Network Operations
Center
TechPhone: +1-800-205-1110
TechEmail: noc@netins.net
OrgTechHandle: INS-NOC-ARIN
OrgTechName: netINS Network Operations
Center
OrgTechPhone: +1-800-205-1110
OrgTechEmail: noc@netins.net
# ARIN WHOIS database, last updated 2003-06-05 21:05
IOWA 80 GROUP (I8G)
Iowa Ag Development Authority (IADA)
Iowa Area Development Group (IADG)
Iowa army national guard (IANG)
Iowa Association of Homes and Services of the
Aging (IAHSA)
IOWA ASSOCIATION OF MUNICIPAL (IAM-9)
Iowa Business Machines (IBM-29)
Iowa Central Community College (ICCC-2)
Iowa City Area Assn. Realtors (ICAAR)
Iowa City Community School District (ICCSD)
Iowa City Community Schools (ICCS)
Iowa City Press Citizen (ICPC-1)
Iowa City Public Library (ICPL-2)
Iowa City Veterans Adminstration (ICVA)
Iowa College Foundation (ICF-3)
Iowa Communications Network (ICN)
Iowa Concepts (IOWACO)
Iowa Concrete Paving Association (ICPA)
Iowa Corporation (IOWACO-1)
IOWA COUNTY CHRY (ICC-3)
Iowa Cubs (IOWACU)
Iowa Democratic Party (IDP-6)
Iowa Dept. of Employment Svcs. (IDES-1)
Iowa Dept. of Human Services (IDHS)
Iowa Dept. of Revenue and Finance (IDRF)
Iowa Dept. of Transportation (IDT-16)
Iowa Electric Light & Power Co. (IELP)
Iowa Electronics (IAEL)
Iowa Eye Center (IEC-17)
Iowa Eyecare (IOWAEY)
Iowa Falls State Bank (IFSB)
IOWA FARM BUREAU FEDERATION & (IFBF-1)
Iowa Farm Bureau Federation & Affiliated
Cos. (IFBFAC)
IOWA FOUNDATION (IOWAFO)
Iowa Foundation for Medial Care (IFMC)
Iowa Foundation for Medical Care (IFMC-1)
Iowa Glass (IOWAGL)
Iowa Grain (IOWAGR-1)
Iowa Grain Company (IOWAGR)
IOWA HEALTH SYSTEM (IHS-27)
Iowa Health Systems (IHS-24)
Iowa Heart Center (IHC-4)
Iowa interactive (IOWAIN)
Iowa Interactive Access Network (IIAN)
Iowa Lakes Community College (ILCC)
Iowa Legislative Computer Support Bureau (ILCSB)
IOWA LINK (IOWALI)
Iowa Medical Society (IMS-8)
Iowa Methodist Medical Center (IMMC)
Iowa Mutual Insurance Company (IMI-1)
Iowa Natural Heritage Foundation (INHF)
Iowa Nebraska Equipment Dealers Association (INEDA)
Iowa Network Services (INS-50)
Iowa Network Services (INS) (INSI-1)
Iowa Network Services, Inc. (IOWA)
Iowa Network Services, Inc. (IOWA)
Iowa Online Web Access (IOWA-1)
Iowa Physical Therapy Association (IPTA)
Iowa Precision Industries, Inc (IPI-3)
IOWA PRESTRESSED CONCRETE (IPC-30)
Iowa Prestressed Concrete, IA Falls (IPCIF)
Iowa Public Television (IPT-6)
Iowa Realty Commercial (IRC-9)
Iowa Realty, Inc. (IOWARE)
Iowa Research and Education Network (IREN)
Iowa Schools Employee Benefits Association (ISEBA)
IOWA STATE (IOWAS)
Iowa State Bank (ISB-2)
Iowa State Division of Banking (ISDB-1)
IOWA STATE FAIR (ISF-1)
Iowa State Savings Bank (ISSB)
Iowa State University (IAST)
Iowa Student Loan Liquidity Corporation Corp
(ISLLCC)
IOWA STUDENT LOAN LIQUIDITY CORPORATION CORP
(ISLLCC-1)
Iowa Telecom (IOWATE)
Iowa Telecom (IOWATE-1)
Iowa Telecommunications (IOWATE-2)
Iowa Telecommunications Services (ITS-56)
Iowa Telecommunications Services, Inc (ITS-40)
Iowa Title Company (IOWATI)
Iowa Valley Community College (IVCC)
Iowa Valley Community School District (IVCSD)
Iowa Valley Community Schools (IVCS)
IOWA VET (IOWAVE)
IOWA VET (IOWAVE-1)
IOWA VET (IOWAV)
IOWA VET (IOWAV-1)
IOWA VET (IOWAV-2)
IOWA VET (IOWAV-3)
IOWA VET (IOWAV-4)
IOWA VET (IOWAV-5)
IOWA VET (IOWAV-6)
Iowa Wesleyan College (IWC-2)
Iowa Western Community College (IWCC)
Iowa Wireless (IOWAWI)
Iowa Workforce Development (IWD-1)
# ARIN WHOIS database, last updated 2003-06-05
21:05
****************************
2
OrgName: UUNET
Technologies, Inc.
OrgID: UUDA
Address: 22001 Loudoun County
Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US
NetRange: 67.192.0.0 - 67.255.255.255
CIDR: 67.192.0.0/10
NetName: UUNET01DU
NetHandle: NET-67-192-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: DIALDNS1.UU.NET
NameServer: DIALDNS2.UU.NET
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2001-09-13
Updated: 2002-03-25
TechHandle: OA12-ARIN
TechName: UUnet Technologies, Inc.,
Technologies
TechPhone: +1-800-900-0241
TechEmail: help4u@mci.com
OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: abuse-mail@mci.com
OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet Technologies, Inc.,
Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: help4u@mci.com
OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: swipper@uu.net
# ARIN WHOIS database, last updated 2003-06-24 21:05
OrgName: UUNET Technologies,
Inc.
OrgID: UUDA
Address: 22001 Loudoun County
Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US
Comment:
RegDate: 1990-08-03
Updated: 2003-04-25
AbuseHandle: ABUSE3-ARIN
AbuseName: abuse
AbusePhone: +1-800-900-0241
AbuseEmail: abuse-mail@mci.com
AdminHandle: KERRM-ARIN
AdminName: Kerr, Mike
AdminPhone: +1-703-886-2251
AdminEmail: mike.kerr@wcom.com
NOCHandle: OA12-ARIN
NOCName: UUnet Technologies, Inc.,
Technologies
NOCPhone: +1-800-900-0241
NOCEmail: help4u@mci.com
TechHandle: SWIPP-ARIN
TechName: swipper
TechPhone: +1-800-900-0241
TechEmail: swipper@uu.net
*************
NETWORK: 61.128.225.150(3723]
[32768]
HTTP_IIS_ISAPI_EXTENSION
inetnum: 61.128.128.0
- 61.128.255.255
netname: CHINANET-CQ
descr:
CHINANET Chongqing Province Network
descr:
Data Communication Division
descr:
China Telecom
country: CN ->
Chine
admin-c: CH93-AP
tech-c: CQ235-AP
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-CQ
changed: hostmaster@ns.chinanet.cn.net
20000601
status: ALLOCATED
NON-PORTABLE
source: APNIC
***********************
6
66.136.93.150(1ère fois)
66.136.94.83(2e
fois : le 31-07-2003)(0 -> mon port 25)
65.71.68.149
Invalide TCP Source port Attack
(low)
[65.71.70.234(75075)] <= (1ière
et 4e fois)
[65.71.69.151(vers mon port smtp(25))]
<= (5e fois) le 31-07-2003
66.136.92.183(10e
fois : le 11-11-2003)(b1ncfp25 -> 0 -> mon port http(80))
CustName: PPPoX Pool
rback 12.rcsntx
Address: 2701 W. 15th St PMB
236
City: Plano
StateProv: TX -> Texas ->
Richardson
PostalCode: 75075
Country: US
RegDate: 2002-08-26
Updated: 2002-08-26
NetRange: 65.71.68.0 - 65.71.71.255
CIDR: 65.71.68.0/22
NetName: SBC065071068000020826
NetHandle: NET-65-71-68-0-1
Parent: NET-65-64-0-0-1
NetType: Reassigned
Comment: For Policy Abuse issues,
contact: abuse@swbell.net
Comment: For Technical issues,
contact: noc@swbell.net
RegDate: 2002-08-26
Updated: 2002-08-26
TechHandle: ZS44-ARIN
TechName: IPAdmin-SBIS
TechPhone: +1-888-212-5411
TechEmail: IPAdmin-SBIS@sbcis.sbc.com
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern
Bell Internet
OrgAbusePhone: +1-877-722-3755
OrgAbuseEmail: abuse@swbell.net
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern
Bell Internet Services
OrgNOCPhone: +1-888-212-5411
OrgNOCEmail: support@swbell.net
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-888-212-5411
OrgTechEmail: IPAdmin-SBIS@sbis.sbc.com
[67.64.156.215(de 0 vers mon port
smtp(25))] <= (6e fois) le 10-08-2003
67-64-156-0-1[1024]Invalide
TCP Source port Attack (low)
65.71.68.180
(0 vers mon port 3128 {b1ncfp25})
<= (7e fois) le 23-10-2003
Invalide TCP Source port Attack
(low) à 3h31
65.71.68.37 <=
(8e fois)-> à
21h27 le 2-11-2003
b1ncfp25 de 0 -> socks(1080)
CustName: PPPoX Pool rback 12.rcsntx
Address: 2701 W. 15th St PMB
236
City: Plano
StateProv: TX
PostalCode: 75075
Country: US
RegDate: 2002-09-26
Updated: 2002-09-26
NetRange: 67.64.156.0 - 67.64.159.255
CIDR: 67.64.156.0/22
NetName: SBC067064156000020926
NetHandle: NET-67-64-156-0-1
Parent: NET-67-64-0-0-1
NetType: Reassigned
Comment: For Policy Abuse issues,
contact: abuse@swbell.net
Comment: For Technical issues,
contact: noc@swbell.net
RegDate: 2002-09-26
Updated: 2002-09-26
TechHandle: ZS44-ARIN
TechName: IPAdmin-SBIS
TechPhone: +1-888-212-5411
TechEmail: IPAdmin-SBIS@sbis.sbc.com
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern
Bell Internet
OrgAbusePhone: +1-877-722-3755
OrgAbuseEmail: abuse@swbell.net
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern
Bell Internet Services
OrgNOCPhone: +1-888-212-5411
OrgNOCEmail: support@swbell.net
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-888-212-5411
OrgTechEmail: IPAdmin-SBIS@sbis.sbc.com
66.143.66.48 (8e fois)
Invalid TCP Source Port
23h26'24" le 29-10-2003
b1ncfp25 : 0 -> http-proxy(8080)
66.143.66.48 (9e fois) le 31-10-2003
à 23h43
0 -> 3128
adsl-66-143-66-48.dsl.rcsntx.swbell.nt
NET-66-143-66-0-1[512]
CustName: PPPoX Pool - RBACK12.RCSNTX
Address: 2701 W 15th ST PMB
236
City: Plano
StateProv: TX
PostalCode: 75075
Country: US
RegDate: 2003-01-21
Updated: 2003-01-21
NetRange: 66.143.66.0 - 66.143.67.255
CIDR: 66.143.66.0/23
NetName: SBC066143066000030121
NetHandle: NET-66-143-66-0-1
Parent: NET-66-136-0-0-1
NetType: Reassigned
Comment: For Policy Abuse issues,
contact: abuse@swbell.net
Comment: For Technical issues,
contact: noc@swbell.net
RegDate: 2003-01-21
Updated: 2003-01-21
TechHandle: ZS44-ARIN
TechName: IPAdmin-SBIS
TechPhone: +1-888-212-5411
TechEmail: IPAdmin-SBIS@sbis.sbc.com
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern
Bell Internet
OrgAbusePhone: +1-877-722-3755
OrgAbuseEmail: abuse@swbell.net
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern
Bell Internet Services
OrgNOCPhone: +1-888-212-5411
OrgNOCEmail: support@swbell.net
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-888-212-5411
OrgTechEmail: IPAdmin-SBIS@sbis.sbc.com
# ARIN WHOIS database, last updated 2003-10-14 19:15
**********************
218.14.140.136 [393216](2E fois)
HTTP_IIS_ISAPI_EXTENSION Attack
inetnum: 218.13.0.0
- 218.18.255.255
netname: CHINANET-GD
descr:
CHINANET Guangdong province network
descr:
Data Communication Division
descr:
China Telecom
country: CN ->
Chine
admin-c: CH93-AP
tech-c: WM12-AP
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-GD
changed: hostmaster@ns.chinanet.cn.net
20010528
status: ALLOCATED
PORTABLE
source: APNIC
*****************
207.112.79.111(4048)
207-112-0-0-1 [32768]
HTTP_IIS_ISAPI_EXTENSION Attack
High
OrgName: Primus
Telecommunications Canada Inc.
OrgID: PRCA
Address: 5343 Dundas Street
West
Address: Suite 400
City: Etobicoke
StateProv: ON
PostalCode: M9B-6K5
Country: CA
NetRange: 207.112.0.0 - 207.112.127.255
CIDR: 207.112.0.0/17
NetName: PRCA-207-112
NetHandle: NET-207-112-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.PRIMUS.CA
NameServer: NS2.PRIMUS.CA
Comment:
RegDate: 1996-05-01
Updated: 2002-09-09
OrgAbuseHandle: ABUSE48-ARIN
OrgAbuseName: Abuse Services
OrgAbusePhone: +1-800-265-3600
OrgAbuseEmail: abuse@primus.ca
OrgTechHandle: ZP40-ARIN
OrgTechName: Primus Telecommunications
Canada Inc.
OrgTechPhone: +1-416-236-3636
OrgTechEmail: arin-admin@primus.ca
# ARIN WHOIS database, last updated 2003-06-19
21:05
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Primus Telecommunications
Canada Inc.
OrgID: PRCA
Address: 5343 Dundas Street
West
Address: Suite 400
City: Etobicoke
StateProv: ON
PostalCode: M9B-6K5
Country: CA
Comment:
RegDate:
Updated: 2002-09-30
AbuseHandle: ABUSE48-ARIN
AbuseName: Abuse Services
AbusePhone: +1-800-265-3600
AbuseEmail: abuse@primus.ca
AdminHandle: JOANN-ARIN
AdminName: Zelasko, Joanna
AdminPhone: +1-800-265-3600
AdminEmail: jzelasko@primustel.ca
TechHandle: ZP40-ARIN
TechName: Primus Telecommunications
Canada Inc.
TechPhone: +1-416-236-3636
TechEmail: arin-admin@primus.ca
# ARIN WHOIS database, last updated 2003-06-19 21:05
****************
207.248.249.126(4169)(1ère
fois)
207.248.159.251(2466) -> mon
port 80 le 30-07-2003
HTTP_IIS_ISAPI_EXTENSION Attack
(high)
OrgName: Latin American and
Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City: Montevideo
StateProv:
PostalCode: 11500
Country: UY -> URUGUAY
NetRange: 207.248.0.0 - 207.249.255.255
CIDR:
207.248.0.0/15
NetName: LACNIC-207-248-0-0
NetHandle: NET-207-248-0-0-1
Parent: NET-207-0-0-0-0
NetType: Early Registrations,
Transferred to LACNIC
Comment:
RegDate: 2003-05-13
Updated: 2003-05-13
OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Hostmaster
OrgTechPhone: (+55) 11 5509-3525
OrgTechEmail: abuse@lacnic.net
# ARIN WHOIS database, last updated 2003-06-13
21:05
# Enter ? for additional hints on searching
ARIN's WHOIS database.
OrgName: Latin American and
Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City:
Montevideo
StateProv:
PostalCode: 11500
Country: UY
Comment:
RegDate: 2002-07-27
Updated: 2002-12-12
AdminHandle: LACNIC-ARIN
AdminName: LACNIC Hostmaster
AdminPhone: (+55) 11 5509-3525
AdminEmail: abuse@lacnic.net
TechHandle: LACNIC-ARIN
TechName: LACNIC Hostmaster
TechPhone: (+55) 11 5509-3525
TechEmail: abuse@lacnic.net
# ARIN WHOIS database, last updated 2003-06-13 21:05
*********************
HTTP_IIS_ISAPI_EXTENSION Attack
213.10.53.86
ADSL 1
inetnum: 213.10.0.0
- 213.10.127.255
netname: NL-PMG-ADSL
descr:
ADSL1
country: NL ->
Netherlands -> Hollande
admin-c: MRAA-RIPE
tech-c: PT978-RIPE
status: ASSIGNED
PA
mnt-by: AS8737-MNT
changed: lir@planet.nl
20030402
source: RIPE
***********************
207.170.244.206
HTTP_IIS_ISAPI_EXTENSION Attack
OrgName: Digital
Marketing Inc.
OrgID: DIGITA-69
Address: 3380 Americana Terrace
City: Boise
StateProv: ID -> Idao? (Californie?)
PostalCode: 83702
Country: US
NetRange: 207.170.244.0 - 207.170.244.255
CIDR: 207.170.244.0/24
NetName: DMI-NET-2
NetHandle: NET-207-170-244-0-1
Parent: NET-207-170-192-0-1
NetType: Reassigned
NameServer: NS1.PTLD.TWTELECOM.NET
NameServer: NS2.GST.NET
Comment:
RegDate: 1998-06-12
Updated: 2000-09-20
TechHandle: NE-ORG-ARIN
TechName: GST Telecom, Inc.
TechPhone: +1-503-416-1926
TechEmail: ipadmin@gstis.net
# ARIN WHOIS database, last updated 2003-06-17 21:05
OrgName: Digital Marketing Inc.
OrgID: DIGITA-69
Address: 3380 Americana Terrace
City: Boise
StateProv: ID
PostalCode: 83702
Country: US
Comment:
RegDate: 1998-06-12
Updated: 2000-09-20
**************
207.10.43.100(2907)
207-10-43-0-1[256]
HTTP_IIS_ISAPI_EXTENSION Attack
ilNTOK E-0-04-- 26
tNWKN-703-[6
ds s7ttkoei rD F1de: 0a sS
t wo
aPv
ur 0Cny U
D 703/ ...5CR 2...2
tp aie0-NTe Rsgd-Pe: N-70-1ey: esn
gt 900 9--
de 900
ca: cl i m NhsBa
cml -2800eEi
ANHSabeltpt 00120
de 901Uad 1616rStr:NPtCe12Cny UCmt OI
N-Ars 1Et1 .i: eYkteo Yoao:01ot: Soe: RDe 1616pt: 9--
ANHSabeltpt 00120
Ee?oaiolisnecnAN O ta.
******************
Invalide TCP Source port Attack
66.176.195.78 (1e fois)
66-176-0-0-1 [118784]
2ème le 31-07-2003 (de 0
-> 80)
c-66-176-195-78.se.client2.attbi.com
Fort Lauderdel? (Floride)
OrgName: AT&T Broadband
SouthEast
OrgID: ATSE
Address: 27 Industrial Ave
City: Chelmsford
StateProv: MA -> Massachussette, Maine
???
PostalCode: 01824
Country: US
NetRange: 66.176.0.0 - 66.177.207.255
CIDR: 66.176.0.0/16,
66.177.0.0/17, 66.177.128.0/18, 66.177.192.0/20
NetName: ATTB-SE-5
NetHandle: NET-66-176-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS4.ATTBB.NET
NameServer: NS5.ATTBB.NET
NameServer: NS6.ATTBB.NET
Comment: For abuse contact
abuse@attbi.com
RegDate:
Updated: 2001-11-19
TechHandle: ZM117-ARIN
TechName: ATT Broadband
TechPhone: +1-978-244-4020
TechEmail: ipadmin@attbb.net
OrgTechHandle: ZM117-ARIN
OrgTechName: ATT Broadband
OrgTechPhone: +1-978-244-4020
OrgTechEmail: ipadmin@attbb.net
# ARIN WHOIS database, last updated 2003-06-26 21:05
OrgName: AT&T Broadband
SouthEast
OrgID: ATSE
Address: 27 Industrial Ave
City: Chelmsford
StateProv: MA
PostalCode: 01824
Country: US
Comment: For abuse issues contact
abuse@attbi.com
RegDate:
Updated: 2002-09-16
AdminHandle: ZM117-ARIN
AdminName: ATT Broadband
AdminPhone: +1-978-244-4020
AdminEmail: ipadmin@attbb.net
TechHandle: ZM117-ARIN
TechName: ATT Broadband
TechPhone: +1-978-244-4020
TechEmail: ipadmin@attbb.net
# ARIN WHOIS database, last updated 2003-06-26 21:05
Organization:
AT&T Corp.
Corporate Administrator
32 Avenue of the Americas
New York, NY 10013
US
Phone: 908-221-5578
Fax..: 908-221-5581
Email: no.email.here@att.com
Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com
Domain Name: ATTBI.COM
Created on..............: Tue, Oct 02, 2001
Expires on..............: Sat, Oct 02, 2004
Record last updated on..: Thu, Jul 10, 2003
Administrative Contact:
Comcast
Domain Admin
183 Inverness Drive West
Englewood, CO 80112
US
Phone: 1-888-565-4329
Fax..: 720-267-2802
Email: abuse@ATTBI.COM
Technical Contact:
Comcast
Domain Tech
183 Inverness Drive West
Englewood, CO 80112
US
Phone: 1-888-565-4329
Fax..: 720-267-2802
Email: abuse@attbi.com
Zone Contact:
Comcast
Domain Tech
183 Inverness Drive West
Englewood, CO 80112
US
Phone: 1-888-565-4329
Fax..: 720-267-2802
Email: abuse@attbi.com
Domain servers in listed order:
NS2.ATTBI.COM 216.148.227.68
NS.ATTBI.COM 204.127.198.4
NS6.ATTBI.COM 63.240.76.4
NS5.ATTBI.COM 204.127.202.4
Register your domain name at http://www.register.com
********************
HTTP_IIS_ISAPI_EXTENSION Attack
207.17.220.38(4894
OrgName: Telefonica
del Peru S.A.A.
OrgID: TDPS-3
Address: Jorge Basadre, 592,
505
Address: L27 - Lima - LI
City: LIMA
StateProv:
PostalCode:
Country: PE -> Pérou
NetRange: 207.17.216.0 - 207.17.223.255
CIDR: 207.17.216.0/21
NetName: UU-207-17-216-D5
NetHandle: NET-207-17-216-0-1
Parent: NET-207-16-0-0-1
NetType: Reallocated
Comment: Addresses within this
block are non-portable.
RegDate: 2002-12-18
Updated: 2002-12-18
OrgTechHandle: NOC264-ARIN
OrgTechName: NOC
OrgTechPhone: +51 1 2104991
OrgTechEmail: sysadm@unired.net.pe
# ARIN WHOIS database, last updated 2003-06-26
21:05
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Telefonica del Peru
S.A.A.
OrgID: TDPS-3
Address: Jorge Basadre, 592,
505
Address: L27 - Lima - LI
City: LIMA
StateProv:
PostalCode:
Country: PE
Comment:
RegDate: 2002-12-17
Updated: 2002-12-17
AdminHandle: NOC264-ARIN
AdminName: NOC
AdminPhone: +51 1 2104991
AdminEmail: sysadm@unired.net.pe
TechHandle: NOC264-ARIN
TechName: NOC
TechPhone: +51 1 2104991
TechEmail: sysadm@unired.net.pe
# ARIN WHOIS database, last updated 2003-06-26
21:05
*****************
80.164.26.247(3159)
TDC BB-ADSL users[16384]
URL_Directory_Transversal attack
-> (Hight)
inetnum: 80.164.0.0
- 80.164.63.255
netname: TDC-TELEDANMARK-BREDBAANDSADSL-NET
descr:
TDC BB-ADSL users
country: DK ->
Denmark
remarks: +--------------------------------------+
remarks: | For
abuse and security issues please |
remarks: | contact
abuse@post.tele.dk
|
remarks: +--------------------------------------+
admin-c: AS5071-RIPE
tech-c: AS5071-RIPE
status: ASSIGNED
PA
mnt-by: TDK-MNT
changed: auto-ripe@ip.tele.dk
20030214
source: RIPE
****************
202.74.39.92(-> 3128)(4e
fois)
202.74.39.86(1e
fois)
202.74.39.204(2e
fois)
202.74.39.78(3e
fois)
202.74.39.87(-> 0)(5e
fois)(le 25-07-03)
202.74.39.212(de -> 0 -> 3128)(6e
fois)(le 08-08-03)
Invalide TCP Source port Attack
-> (low)(de 0)
inetnum: 202.74.32.0
- 202.74.63.255
netname: CHOMANANWORLDNET
descr:
Chomanan WorldNet Co., Ltd.
country: TH ->
Thaïland
admin-c: PC33-AP
tech-c: MJ7-AP
remarks: Service
Provider
mnt-by: APNIC-HM
changed: hostmaster@apnic.net
19980614
changed: hm-changed@apnic.net
20020605
status: ALLOCATED
PORTABLE
source: APNIC
******************
12.209.160.183 (1ière fois)
Invalide TCP Source port Attack
(LOW)
AT&T WorldNet Services
Salt Lake City Utath
ATTW
400 Interpace Parkway
Parsippany NJ 07054
1-919-319-8249
help@ip.att.net
1-919-319-8130
1-888-613-6330
qhoang@att.net
+++++++++++++++
12.254.168.43 (2e)
Invalide TCP Source port Attack
(LOW)
AT&T WorldNet Services
Salt Lake City Utath
Net-12-0-0-0-1 [16777216]
OrgName: AT&T WorldNet Services
OrgID: ATTW
Address: 400 Interpace Parkway
City: Parsippany
StateProv: NJ -> New Jersey
PostalCode: 07054
Country: US
NetRange: 12.0.0.0 - 12.255.255.255
CIDR: 12.0.0.0/8
NetName: ATT
NetHandle: NET-12-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: DBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: DMTU.MT.NS.ELS-GMS.ATT.NET
NameServer: CBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: CMTU.MT.NS.ELS-GMS.ATT.NET
Comment: For abuse issues contact
abuse@att.net
RegDate: 1983-08-23
Updated: 2002-08-23
TechHandle: DK71-ARIN
TechName: Kostick, Deirdre
TechPhone: +1-919-319-8249
TechEmail: help@ip.att.net
OrgAbuseHandle: ATTAB-ARIN
OrgAbuseName: ATT Abuse
OrgAbusePhone: +1-919-319-8130
OrgAbuseEmail: abuse@att.net
OrgTechHandle: ICC-ARIN
OrgTechName: IP Customer Care
OrgTechPhone: +1-888-613-6330
OrgTechEmail: qhoang@att.com
OrgTechHandle: IPSWI-ARIN
OrgTechName: IP SWIP
OrgTechPhone: +1-888-613-6330
OrgTechEmail: swipid@nipaweb.vip.att.net
# ARIN WHOIS database, last updated 2003-06-25
21:05
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: AT&T WorldNet Services
OrgID: ATTW
Address: 400 Interpace Parkway
City: Parsippany
StateProv: NJ
PostalCode: 07054
Country: US
Comment:
Comment: Contact AT&T Abuse
( abuse@att.net ) for policy abuse issues.
Comment: All policy abuse issues
sent to other POCs will be disregarded.
RegDate:
Updated: 2002-11-11
AbuseHandle: ATTAB-ARIN
AbuseName: ATT Abuse
AbusePhone: +1-919-319-8130
AbuseEmail: abuse@att.net
AdminHandle: DK71-ARIN
AdminName: Kostick, Deirdre
AdminPhone: +1-919-319-8249
AdminEmail: help@ip.att.net
TechHandle: ICC-ARIN
TechName: IP Customer Care
TechPhone: +1-888-613-6330
TechEmail: qhoang@att.com
TechHandle: IPSWI-ARIN
TechName: IP SWIP
TechPhone: +1-888-613-6330
TechEmail: swipid@nipaweb.vip.att.net
# ARIN WHOIS database, last updated 2003-06-25
21:05
# Enter ? for additional hints on searching ARIN's
WHOIS database.
>>>>>>>>>>>>>>>>
att.net Back-order this name
Registrant:
AT&T Corp. (ATT2-DOM)
55 Corporate Drive
Bridgewater, NJ 08807
US
Domain Name: ATT.NET
Administrative Contact, Technical Contact:
GNMC (VXGTRUVDOO) rm-hostmaster@ems.att.com
3324 Hollenberg
Bridgeton, MO 63044
US
314-264-9672 fax: 281-664-9975
Record expires on 14-Dec-2003.
Record created on 17-Oct-2002.
Database last updated on 22-Jul-2003 18:15:41
EDT.
Domain servers in listed order:
ORCU.OR.BR.NP.ELS-GMS.ATT.NET 199.191.129.139
WYCU.WY.BR.NP.ELS-GMS.ATT.NET 199.191.128.43
OHCU.OH.MT.NP.ELS-GMS.ATT.NET 199.191.144.75
MACU.MA.MT.NP.ELS-GMS.ATT.NET 199.191.145.136
************
att.com
Organization:
AT&T Corp.
Corporate Administrator
32 Avenue of the Americas
New York, NY 10013
US
Phone: (908) 781-0323
Fax..: (908) 719-0124
Email: no.email.here@att.com
Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com
Domain Name: ATT.COM
Created on..............: Fri, Apr 25, 1986
Expires on..............: Tue, Apr 26, 2005
Record last updated on..: Tue, Jul 15, 2003
Administrative Contact:
AT&T Corp
Joe D'Andrea
One AT&T Way
Bedminster, NJ 07921
US
Phone: (908) 781-0323
Fax..: (908) 719-0124
Email: jdandrea@ATT.COM
Technical Contact:
AT&T Corp
AT&T Corp
One AT&T Way
Bedminster, NJ 07921
US
Phone: (908) 781-0323
Fax..: (908) 719-0124
Email: jdandrea@ATT.COM
Zone Contact:
AT&T Corp
AT&T Corp
One AT&T Way
Bedminster, NJ 07921
US
Phone: (908) 781-0323
Fax..: (908) 719-0124
Email: jdandrea@ATT.COM
Domain servers in listed order:
KCGW1.ATT.COM 192.128.133.77
ALGW1.ATT.COM 192.128.167.77
CKGW1.ATT.COM 209.219.209.77
Register your domain name at http://www.register.com
The previous information has been obtained either
directly from the
registrant or a registrar of the domain name
other than Network Solutions.
Network Solutions, therefore, does not guarantee
its accuracy or completeness.
*************************
207.245.35.50(2044)(1ère
fois)
le 06-08-2003
207-245-0-0-1[16384]
AT&T Canada Telecom
Services Company
207.245.35.50(4871)(2ère
fois)
7h36 le 11-08-2003 vers mon
port 80
207.245.35.54(4388)(3ère
fois)
14h48 le 31-08-2003 vers mon
port http(80)
HTTP_IIS_ISAPI_EXTENSION Attack
OrgName: AT&T
Canada Telecom Services Company
OrgID: ATTC
Address: 438 University
City: Toronto
StateProv: ON
PostalCode: M5G-2K8
Country: CA
NetRange: 207.245.0.0 - 207.245.63.255
CIDR: 207.245.0.0/18
NetName: ATTCANADA-10
NetHandle: NET-207-245-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.METRONET.CA
NameServer: NS2.METRONET.CA
Comment: For abuse issues contact
abuse@attcanada.ca
RegDate:
Updated: 2003-03-12
AbuseHandle: ACA18-ARIN
AbuseName: ATT Canada Abuse
AbusePhone: +1-416-341-5777
AbuseEmail: abuse@attcanada.ca
NOCHandle: ACN-ARIN
NOCName: ATT Canada NOC
NOCPhone: +1-800-355-0472
NOCEmail: noc@attcanada.com
TechHandle: RA262-ARIN
TechName: Riscalla, Andre
TechPhone: +1-514-940-5664
TechEmail: riscalla@freedom.mtl.metronet.ca
TechHandle: ACIA-ARIN
TechName: ATT Canada IP Admin
TechPhone: +1-514-940-5664
TechEmail: ipadmin@allstream.com
OrgAbuseHandle: ALLST2-ARIN
OrgAbuseName: Allstream Corp Abuse
OrgAbusePhone: +1-416-341-5777
OrgAbuseEmail: abuse@allstream.com
OrgNOCHandle: ALLST1-ARIN
OrgNOCName: Allstream Corp Network
Operations
OrgNOCPhone: +1-800-355-0472
OrgNOCEmail: noc@allstream.com
OrgTechHandle: RA262-ARIN
OrgTechName: Riscalla, Andre
OrgTechPhone: +1-514-940-5664
OrgTechEmail: riscalla@freedom.mtl.metronet.ca
OrgTechHandle: AIA2-ARIN
OrgTechName: Allstream Corp IP Admin
OrgTechPhone: +1-514-940-5664
OrgTechEmail: ipadmin@allstream.com
# ARIN WHOIS database, last updated 2003-07-22
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: AT&T Canada Telecom
Services Company
OrgID: ATTC
Address: 438 University
City: Toronto
StateProv: ON
PostalCode: M5G-2K8
Country: CA
Comment:
RegDate:
Updated: 2003-07-09
AbuseHandle: ALLST2-ARIN
AbuseName: Allstream Corp Abuse
AbusePhone: +1-416-341-5777
AbuseEmail: abuse@allstream.com
AdminHandle: RA262-ARIN
AdminName: Riscalla, Andre
AdminPhone: +1-514-940-5664
AdminEmail: riscalla@freedom.mtl.metronet.ca
NOCHandle: ALLST1-ARIN
NOCName: Allstream Corp Network Operations
NOCPhone: +1-800-355-0472
NOCEmail: noc@allstream.com
TechHandle: RA262-ARIN
TechName: Riscalla, Andre
TechPhone: +1-514-940-5664
TechEmail: riscalla@freedom.mtl.metronet.ca
TechHandle: AIA2-ARIN
TechName: Allstream Corp IP Admin
TechPhone: +1-514-940-5664
TechEmail: ipadmin@allstream.com
======================+++++++++
AT&T WorldNet Services
Chicago Illinois?
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound) High risk
12-0-0-0-1 [16777216]
12.214.216.69 : 1297
-> mon 27374
Le 13-08-2003 à 16h49
OrgName: AT&T WorldNet Services
OrgID: ATTW
Address: 400 Interpace Parkway
City:
Parsippany
StateProv: NJ -> New Jersey
PostalCode: 07054
Country: US
NetRange: 12.0.0.0 - 12.255.255.255
CIDR: 12.0.0.0/8
NetName: ATT
NetHandle: NET-12-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: DBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: DMTU.MT.NS.ELS-GMS.ATT.NET
NameServer: CBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: CMTU.MT.NS.ELS-GMS.ATT.NET
Comment: For abuse issues contact
abuse@att.net
RegDate: 1983-08-23
Updated: 2002-08-23
TechHandle: DK71-ARIN
TechName: Kostick, Deirdre
TechPhone: +1-919-319-8249
TechEmail: help@ip.att.net
OrgAbuseHandle: ATTAB-ARIN
OrgAbuseName: ATT Abuse
OrgAbusePhone: +1-919-319-8130
OrgAbuseEmail: abuse@att.net
OrgTechHandle: ICC-ARIN
OrgTechName: IP Customer Care
OrgTechPhone: +1-888-613-6330
OrgTechEmail: qhoang@att.com
OrgTechHandle: IPSWI-ARIN
OrgTechName: IP SWIP
OrgTechPhone: +1-888-613-6330
OrgTechEmail: help@ip.att.net
# ARIN WHOIS database, last updated 2003-07-26
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: AT&T WorldNet Services
OrgID: ATTW
Address: 400 Interpace Parkway
City: Parsippany
StateProv: NJ
PostalCode: 07054
Country: US
Comment:
Comment: Contact AT&T Abuse
( abuse@att.net ) for policy abuse issues.
Comment: All policy abuse issues
sent to other POCs will be disregarded.
RegDate:
Updated: 2002-11-11
AbuseHandle: ATTAB-ARIN
AbuseName: ATT Abuse
AbusePhone: +1-919-319-8130
AbuseEmail: abuse@att.net
AdminHandle: DK71-ARIN
AdminName: Kostick, Deirdre
AdminPhone: +1-919-319-8249
AdminEmail: help@ip.att.net
TechHandle: ICC-ARIN
TechName: IP Customer Care
TechPhone: +1-888-613-6330
TechEmail: qhoang@att.com
TechHandle: IPSWI-ARIN
TechName: IP SWIP
TechPhone: +1-888-613-6330
TechEmail: help@ip.att.net
***************
12.65.96.164
AT&T WorldNet Services
de 0 -> smtp(25) le 24-08-2003
à 14h12:17
Invalide TCP Source port Attack
(LOW)
San Francisco? Californie
slip-12-65-96-164.mis.prserv.net
NET-12-0-0-0-1 [16777216]
OrgName: AT&T
WorldNet Services
OrgID: ATTW
Address: 400 Interpace Parkway
City:
Parsippany
StateProv: NJ -> New Jersey
PostalCode: 07054
Country: US
NetRange: 12.0.0.0 - 12.255.255.255
CIDR:
12.0.0.0/8
NetName: ATT
NetHandle: NET-12-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: DBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: DMTU.MT.NS.ELS-GMS.ATT.NET
NameServer: CBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: CMTU.MT.NS.ELS-GMS.ATT.NET
Comment: For abuse issues
contact abuse@att.net
RegDate: 1983-08-23
Updated: 2002-08-23
TechHandle: DK71-ARIN
TechName: Kostick, Deirdre
TechPhone: +1-919-319-8249
TechEmail: help@ip.att.net
OrgAbuseHandle: ATTAB-ARIN
OrgAbuseName: ATT Abuse
OrgAbusePhone: +1-919-319-8130
OrgAbuseEmail: abuse@att.net
OrgTechHandle: ICC-ARIN
OrgTechName: IP Customer Care
OrgTechPhone: +1-888-613-6330
OrgTechEmail: qhoang@att.com
OrgTechHandle: IPSWI-ARIN
OrgTechName: IP SWIP
OrgTechPhone: +1-888-613-6330
OrgTechEmail: swipid@nipaweb.vip.att.net
# ARIN WHOIS database, last updated 2003-07-24
19:15
# Enter ? for additional hints on searching
ARIN's WHOIS database.
OrgName: AT&T WorldNet
Services
OrgID: ATTW
Address: 400 Interpace Parkway
City:
Parsippany
StateProv: NJ
PostalCode: 07054
Country: US
Comment:
Comment: Contact AT&T
Abuse ( abuse@att.net ) for policy abuse issues.
Comment: All policy abuse
issues sent to other POCs will be disregarded.
RegDate:
Updated: 2002-11-11
AbuseHandle: ATTAB-ARIN
AbuseName: ATT Abuse
AbusePhone: +1-919-319-8130
AbuseEmail: abuse@att.net
AdminHandle: DK71-ARIN
AdminName: Kostick, Deirdre
AdminPhone: +1-919-319-8249
AdminEmail: help@ip.att.net
TechHandle: ICC-ARIN
TechName: IP Customer Care
TechPhone: +1-888-613-6330
TechEmail: qhoang@att.com
TechHandle: IPSWI-ARIN
TechName: IP SWIP
TechPhone: +1-888-613-6330
TechEmail: swipid@nipaweb.vip.att.net
+12.65.174.53
AT&T WorldNet Services
de 0 -> smtp(25) le 26-08-2003
à 15h58
Invalide TCP Source port Attack
(LOW)
San Francisco? Californie
slip-12-65-174-53.mis.prserv.net
NET-12-0-0-0-1 [16777216]
OrgName: AT&T
WorldNet Services
OrgID: ATTW
Address: 400 Interpace Parkway
City:
Parsippany
StateProv: NJ -> New Jersey
PostalCode: 07054
Country: US
+12.65.162.10
AT&T WorldNet Services
de 0 -> smtp(25) le 24-08-2003
à 14h13
Invalide TCP Source port Attack
(LOW)
San Francisco? Californie
slip-12-65-162-10.mis.prserv.net
NET-12-0-0-0-1 [16777216]
OrgName: AT&T
WorldNet Services
OrgID: ATTW
Address: 400 Interpace Parkway
City:
Parsippany
StateProv: NJ -> New Jersey
PostalCode: 07054
Country: US
NetRange: 12.0.0.0 - 12.255.255.255
CIDR:
12.0.0.0/8
NetName: ATT
NetHandle: NET-12-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: DBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: DMTU.MT.NS.ELS-GMS.ATT.NET
NameServer: CBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: CMTU.MT.NS.ELS-GMS.ATT.NET
Comment: For abuse issues
contact abuse@att.net
RegDate: 1983-08-23
Updated: 2002-08-23
TechHandle: DK71-ARIN
TechName: Kostick, Deirdre
TechPhone: +1-919-319-8249
TechEmail: help@ip.att.net
OrgAbuseHandle: ATTAB-ARIN
OrgAbuseName: ATT Abuse
OrgAbusePhone: +1-919-319-8130
OrgAbuseEmail: abuse@att.net
OrgTechHandle: ICC-ARIN
OrgTechName: IP Customer Care
OrgTechPhone: +1-888-613-6330
OrgTechEmail: qhoang@att.com
OrgTechHandle: IPSWI-ARIN
OrgTechName: IP SWIP
OrgTechPhone: +1-888-613-6330
OrgTechEmail: swipid@nipaweb.vip.att.net
# ARIN WHOIS database, last updated 2003-08-25
19:15
# Enter ? for additional hints on searching
ARIN's WHOIS database.
OrgName: AT&T WorldNet
Services
OrgID: ATTW
Address: 400 Interpace Parkway
City:
Parsippany
StateProv: NJ
PostalCode: 07054
Country: US
Comment:
Comment: Contact AT&T
Abuse ( abuse@att.net ) for policy abuse issues.
Comment: All policy abuse
issues sent to other POCs will be disregarded.
RegDate:
Updated: 2002-11-11
AbuseHandle: ATTAB-ARIN
AbuseName: ATT Abuse
AbusePhone: +1-919-319-8130
AbuseEmail: abuse@att.net
AdminHandle: DK71-ARIN
AdminName: Kostick, Deirdre
AdminPhone: +1-919-319-8249
AdminEmail: help@ip.att.net
TechHandle: ICC-ARIN
TechName: IP Customer Care
TechPhone: +1-888-613-6330
TechEmail: qhoang@att.com
TechHandle: IPSWI-ARIN
TechName: IP SWIP
TechPhone: +1-888-613-6330
TechEmail: swipid@nipaweb.vip.att.net
*****************
Invalide TCP Source port Attack
(LOW)
171.75.198.2
-> Port 3128
St. Louis, MO (Missouri) {???}
dialup-171-75-0-0-1 [65536]
OrgName: Level
3 Communications, Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO -> Colorado
PostalCode: 80021
Country: US
NetRange: 171.75.0.0 - 171.75.255.255
CIDR: 171.75.0.0/16
NetName: BBNINC-0-6
NetHandle: NET-171-75-0-0-1
Parent: NET-171-73-0-0-1
NetType: Reassigned
NameServer: NS1.LEVEL3.NET
NameServer: NS2.LEVEL3.NET
Comment:
RegDate: 2003-05-07
Updated: 2003-05-07
OrgAbuseHandle: APL8-ARIN
OrgAbuseName: Abuse POC LVLT
OrgAbusePhone: +1-877-453-8353
OrgAbuseEmail: abuse@level3.com
OrgTechHandle: TPL1-ARIN
OrgTechName: Tech POC LVLT
OrgTechPhone: +1-877-453-8353
OrgTechEmail: ipaddressing@level3.com
# ARIN WHOIS database, last updated 2003-07-07
21:05
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Level 3 Communications,
Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US
Comment:
RegDate: 1998-05-22
Updated: 2003-01-28
AbuseHandle: APL8-ARIN
AbuseName: Abuse POC LVLT
AbusePhone: +1-877-453-8353
AbuseEmail: abuse@level3.com
AdminHandle: APL7-ARIN
AdminName: ADMIN POC LVLT
AdminPhone: +1-877-453-8353
AdminEmail: ipaddressing@level3.com
TechHandle: TPL1-ARIN
TechName: Tech POC LVLT
TechPhone: +1-877-453-8353
TechEmail: ipaddressing@level3.com
# ARIN WHOIS database, last updated 2003-07-07
21:05
# Enter ? for additional hints on searching ARIN's
WHOIS database.
***********************
Invalide TCP Source port Attack
(LOW)
217.32.113.107[80]->[2048]{<-2e
fois}+[-> 22788 -> 1ère fois]
3e fois -> 0 le 25-07-03
4e fois -> port 0 vers mon port
1080 le 26-07-03
5e fois -> port 0 vers mon port
4480 le 26-07-03
6e fois -> port 0 vers mon port
9877 le 27-07-03
7e fois -> -------- vers mon
port 8000 le 27-07-03
BT internet IP Pools
BT-ADSL
inetnum: 217.32.112.0
- 217.32.119.255
netname: BT-ADSL
descr:
BTinternet IP Pools
country: GB
-> {Royaume-Uni ou Grande Bretagne}
admin-c: DY128-RIPE
tech-c:
DY128-RIPE
status:
ASSIGNED PA
remarks: Please
send abuse notification to abuse@btopenworld.com
mnt-by:
BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: support@bt.net
20000927
changed: preston.dialip@bt.com
20010628
changed: preston.dialip@bt.com
20011129
changed: preston.dialip@bt.com
20011130
changed: preston.dialip@bt.com
20020724
source:
RIPE
++++++++++++>>>>>>>
bt.com
Registrant:
BRITISH TELECOMMUNICATIONS PLC (BT-DOM)
81 NEWGATE STREET
LONDON, LONDON ec1a 7aj
UK
Domain Name: BT.COM
Administrative Contact, Technical Contact:
British Telecommunications plc (BS38-ORG)
dnsreg@BT.COM
PP TKS/F18/01 Trunk Exchange Sth
109-117 Long Rd
Cambridge, Cambs CB2 2HG
UK
+44 1223 840711 fax: - +44 1223 358474
Record expires on 19-Jun-2009.
Record created on 24-Oct-2002.
Database last updated on 24-Jul-2003 19:34:22
EDT.
Domain servers in listed order:
DNS0.AXION.BT.CO.UK 132.146.5.1
NS1.BT.NET 194.72.6.52
DNS1.AXION.BT.CO.UK 132.146.137.1
****************
61.35.69.143 : 3074 -> {NetBus
12345}
Default Block NetBus Trojan
Horse
DaldongHyundae 1 cha APT
27-07-03
inetnum: 61.35.69.128
- 61.35.69.191
netname: DALDONGHYUNDAE52968D
descr:
DaldongHyundae 1cha APT
country: KR
-> Korée du Sud
admin-c: ML267-AP
tech-c:
DB50-AP
notify:
b0052968@users.bora.net
mnt-by:
MAINT-KR-DACOM
changed: b0052968@users.bora.net
20010328
status:
ASSIGNED NON-PORTABLE
source:
APNIC
changed: hm-changed@apnic.net
20020827
*******************
HTTP_IIS_ISAPI_EXTENSION Attack
207.6.207.124 (2362) -> mon port
N°80 -> High
Net-207-6-0-0-1 [65536]fin juillet
2003
OrgName: TELUS
Communications Inc.
OrgID: TACE
Address: #2600 4720 Kingsway
Avenue
City: Burnaby
StateProv: BC -> Colombie Britanique
PostalCode: V5N-4N2
Country: CA
{Québec extrême-Sud}
ReferralServer: rwhois://rwhois.telus.net:4321
NetRange: 207.6.0.0 - 207.6.255.255
CIDR: 207.6.0.0/16
NetName: TELUS-207-6-0-0
NetHandle: NET-207-6-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: PRI3.DNS.CA.TELUS.COM
NameServer: PRI4.DNS.CA.TELUS.COM
Comment:
RegDate:
Updated: 2002-04-08
TechHandle: PSINET-CA-ARIN
TechName: TELUS Communications Inc.
TechPhone: +1-613-780-2200
TechEmail: swip@swip.ca.telus.com
OrgAbuseHandle: AAT-ARIN
OrgAbuseName: Abuse at TELUS
OrgAbusePhone: +1-604-444-5791
OrgAbuseEmail: abuse@telus.com
OrgTechHandle: IA86-ARIN
OrgTechName: IP Admin, IP
OrgTechPhone: +1-403-503-3800
OrgTechEmail: add-req.tac@telus.com
OrgTechHandle: PSINET-CA-ARIN
OrgTechName: TELUS Communications
Inc.
OrgTechPhone: +1-613-780-2200
OrgTechEmail: swip@swip.ca.telus.com
OrgTechHandle: TBOTP-ARIN
OrgTechName: TELUS BC ORG TECH POC
OrgTechPhone: +1-604-444-5791
OrgTechEmail: IPadmin@telus.com
# ARIN WHOIS database, last updated 2003-07-16
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
TACE (TACE-1)
TELUS Communications Inc. (TACE)
***********************
HTTP_IIS_ISAPI_EXTENSION Attack
207.134.97.107 (48789) -> mon port
N°80 -> High
Net-207-134-98-0-1 [4096] le 09-08-2003
Telus Quebec Telus QC Canada
Node Name : mail.absorb-plus.com
OrgName: Telus Quebec
OrgID: TQUE
Address: 6, rue Jules-A-Brillant
Rimouski
City:
RIMOUSKI
StateProv: QC
PostalCode: G5L-7E4
Country: CA
NetRange: 207.134.96.0 - 207.134.111.255
CIDR: 207.134.96.0/20
NetName: TELUS-QC-207-134-96-0
NetHandle: NET-207-134-96-0-1
Parent: NET-207-134-0-0-1
NetType: Reallocated
Comment:
RegDate: 2003-02-20
Updated: 2003-02-20
OrgTechHandle: ZQ9-ARIN
OrgTechName: Quebec Telephone
OrgTechPhone: +1-418-723-4562
OrgTechEmail: netmaster@quebectel.com
# ARIN WHOIS database, last updated 2003-08-08
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Telus Quebec
OrgID: TQUE
Address: 6, rue Jules-A-Brillant
Rimouski
City: RIMOUSKI
StateProv: QC
PostalCode: G5L-7E4
Country: CA
Comment:
RegDate: 2001-12-18
Updated: 2002-10-15
AdminHandle: ZQ9-ARIN
AdminName: Quebec Telephone
AdminPhone: +1-418-723-4562
AdminEmail: netmaster@quebectel.com
TechHandle: ZQ9-ARIN
TechName: Quebec Telephone
TechPhone: +1-418-723-4562
TechEmail: netmaster@quebectel.com
**********************
HTTP_IIS_ISAPI_EXTENSION Attack
202.100.35.186(1942 -> mon port
80 (02-08-2003)
inetnum: 202.100.30.0
- 202.100.44.255
netname: SNXIAN
descr:
xi'an data branch,XIAN CITY SHAANXI PROVINCE
country: CN ->
Chine {Xian}
admin-c: WWN1-AP
tech-c: WWN1-AP
mnt-by: MAINT-CHINANET-SHAANXI
mnt-lower: MAINT-CN-SNXIAN
changed: ipadm@public.xa.sn.cn
20010309
status: ALLOCATED
PORTABLE
source: APNIC
****************
207.63.15.33(4182) -> mon port
80 le 04-08-2003
HTTP_IIS_ISAPI_EXTENSION Attack
(high)
Kansas City -> Missouri???
OrgName: Illinois Century Network
OrgID: ILTN
Address: 120 west Jefferson
Address: suite b
City: Springfield
StateProv: IL -> Illinois
PostalCode: 62702
Country: US
NetRange: 207.63.0.0 - 207.63.255.255
CIDR: 207.63.0.0/16
NetName: ICN5
NetHandle: NET-207-63-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.ILLINOIS.NET
NameServer: NS2.ILLINOIS.NET
Comment:
RegDate:
Updated: 2002-05-31
TechHandle: ZI83-ARIN
TechName: Illinois Century Network
TechPhone: +1-217-557-6555
TechEmail: hostmaster@illinois.net
OrgTechHandle: ZI83-ARIN
OrgTechName: Illinois Century Network
OrgTechPhone: +1-217-557-6555
OrgTechEmail: hostmaster@illinois.net
# ARIN WHOIS database, last updated 2003-07-10
21:05
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Illinois Century Network
OrgID: ILTN
Address: 120 west jefferson
Address: suite b
City: springfield
StateProv: IL
PostalCode: 62702
Country: US
Comment:
RegDate:
Updated: 2003-07-10
AdminHandle: ZI83-ARIN
AdminName: Illinois Century Network
AdminPhone: +1-217-557-6555
AdminEmail: hostmaster@illinois.net
TechHandle: ZI83-ARIN
TechName: Illinois Century Network
TechPhone: +1-217-557-6555
TechEmail: hostmaster@illinois.net
*****************
4.47.250.247
attempted to connect to my computer
using
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound)
Los Angeles?
OrgName: GTE
Intelligent Network Services
OrgID: GINS
Address: 5525 MacArthur Blvd.
Address: Suite 320
City: Irving
StateProv: TX -> Texas
PostalCode: 75038
Country: US
NetRange: 4.47.144.0 - 4.47.255.255
CIDR: 4.47.144.0/20,
4.47.160.0/19, 4.47.192.0/18
NetName: GTEINS-47-144-29
NetHandle: NET-4-47-144-0-1
Parent: NET-4-0-0-0-1
NetType: Reassigned
Comment: The information for
POC handle VOH1-ARIN has been
Comment: reported to be invalid.
ARIN has attempted to obtain updated
Comment: data, but has been
unsuccessful. To provide current contact
Comment: information, please
email hostmaster@arin.net.
RegDate: 2002-04-30
Updated: 2003-06-03
TechHandle: VOH1-ARIN
TechName: Hostmaster, Verizon Online
TechPhone: +1-800-927-3000
TechEmail: hostmaster@bizmailsrvcs.net
OrgAbuseHandle: VOH1-ARIN
OrgAbuseName: Hostmaster, Verizon
Online
OrgAbusePhone: +1-800-927-3000
OrgAbuseEmail: hostmaster@bizmailsrvcs.net
OrgNOCHandle: VOH1-ARIN
OrgNOCName: Hostmaster, Verizon Online
OrgNOCPhone: +1-800-927-3000
OrgNOCEmail: hostmaster@bizmailsrvcs.net
OrgTechHandle: VOH1-ARIN
OrgTechName: Hostmaster, Verizon
Online
OrgTechPhone: +1-800-927-3000
OrgTechEmail: hostmaster@bizmailsrvcs.net
# ARIN WHOIS database, last updated 2003-07-10
21:05
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: GTE Intelligent Network
Services
OrgID: GINS
Address: 5525 MacArthur Blvd.
Address: Suite 320
City: Irving
StateProv: TX
PostalCode: 75038
Country: US
Comment: The information for
POC handle VOH1-ARIN has been
Comment: reported to be invalid.
ARIN has attempted to obtain updated
Comment: data, but has been
unsuccessful. To provide current contact
Comment: information, please
email hostmaster@arin.net.
RegDate: 1996-05-22
Updated: 2003-06-03
AbuseHandle: VOH1-ARIN
AbuseName: Hostmaster, Verizon Online
AbusePhone: +1-800-927-3000
AbuseEmail: hostmaster@bizmailsrvcs.net
AdminHandle: VOH1-ARIN
AdminName: Hostmaster, Verizon Online
AdminPhone: +1-800-927-3000
AdminEmail: hostmaster@bizmailsrvcs.net
NOCHandle: VOH1-ARIN
NOCName: Hostmaster, Verizon Online
NOCPhone: +1-800-927-3000
NOCEmail: hostmaster@bizmailsrvcs.net
TechHandle: VOH1-ARIN
TechName: Hostmaster, Verizon Online
TechPhone: +1-800-927-3000
TechEmail: hostmaster@bizmailsrvcs.net
****************
207.105.76.198(1342 -> mon port
80) le 08-08-2003
Pac Bell Internet Services
Sans Francisco ? Californie
HTTP_IIS_ISAPI_EXTENSION Attack
(high)
t nan.50i: aRoA lIeeSvesOI
PBde: 0Bht#0Cy S m
aPv
sld 1
ur
D 700/ .552 I: 01.05
gt 901 lbese-i u@ieRDe 1642v:SP.Toe:
DEEWH IBCA NOAEoe: lssdlasiueasobebnpa na u s mltasp.tea: 9--
de 002
ca: AiP Thm IdnB
guNe be ciBl: u Pice OAsal BANrbem As-af
l
guEi beae.tAsml u@cln
gCm Spt ciBlnrt-af lIee
gCo:+8-24
gche -8151ePn 182-1ANreNe Pm-IOTho:+8-24
gcml AiP@c.co
Ee?oaiolisnecnAN O ta.dtn n ahgR'WIdas
g: Ce tn rcsrD A
mn 1anteo Aoao:44ot: Soe: 0Cny UCmt
mn ncIdnBssbc rer m pr
mn ncaspblef lybese
gt 901ptae.tothc priu.ea: 9--
de 002
uPn 182-1BlAshe -8151o:+8-24
mPn 182-1ihe -8151IAia: AiP dno:+8-24
mEi Pm-Ibsbc
Cm Spt ciBlnrtaf lIee
Co:+8-24
Ca:sptae.tTechHandle: PIA2-ORG-ARIN
TechName: IPAdmin-PBI
TechPhone: +1-888-212-5411
TechEmail: IPAdmin-PBI@sbcis.sbc.com
*********************
66.75.73.208:3425
23h13 le 10-08-2003
Net-66-74-0-0-1[131072]
ROADRUNNER RR-West-2...
cpe-66-75-73-208.socal.rr.com
attempted to connect to my computer
using
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound)High risk
San Francisco? Californie ?
OrgName: ROADRUNNER
OrgID: RRWE
Address: 13241 Woodland Park
Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
NetRange: 66.74.0.0 - 66.75.255.255
CIDR: 66.74.0.0/15
NetName: RR-WEST-2BLK
NetHandle: NET-66-74-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.RR.COM
NameServer: DNS2.RR.COM
NameServer: DNS3.RR.COM
NameServer: DNS4.RR.COM
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2001-01-30
Updated: 2003-02-11
TechHandle: ZS30-ARIN
TechName: ServiceCo LLC
TechPhone: +1-703-345-3416
TechEmail: abuse@rr.com
OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: abuse@rr.com
OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: abuse@rr.com
# ARIN WHOIS database, last updated 2003-07-18
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: ROADRUNNER
OrgID: RRWE
Address: 13241 Woodland Park
Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
Comment:
RegDate: 2000-10-05
Updated: 2003-03-24
AbuseHandle: ABUSE10-ARIN
AbuseName: Abuse
AbusePhone: +1-703-345-3416
AbuseEmail: abuse@rr.com
AdminHandle: IPADD-ARIN
AdminName: IPADDREG
AdminPhone: +1-703-345-3151
AdminEmail: ipaddreg@rr.com
TechHandle: IPTEC-ARIN
TechName: IP Tech
TechPhone: +1-703-345-3416
TechEmail: abuse@rr.com
***********************
199.35.171.95 le 11-08-2003
à 15h24
Invalide TCP Source Port (0
-> mon socks 1080)
Low
Sunnyvile ? Californie
dcc04-cir-oh-1-95.rasserver.net
OrgName: ICG
NetAhead, Inc.
OrgID: ICGN
Address: 161 Inverness Drive
West
City: Englewood
StateProv: CO
PostalCode: 80112
Country: US
NetRange: 199.35.96.0 - 199.35.255.255
CIDR: 199.35.96.0/19,
199.35.128.0/17
NetName: ICG-BLK-BLK3A
NetHandle: NET-199-35-96-0-1[40960]
Parent: NET-199-0-0-0-0
NetType: Direct Allocation
NameServer: AS1.ICG.NET
NameServer: AS2.ICG.NET
Comment: Addresses within this
block are non-portable
RegDate:
Updated: 2002-08-08
TechHandle: ST452-ARIN
TechName: Taylor, Stacy
TechPhone: +1-408-579-5177
TechEmail: stacy_taylor@icgcomm.com
OrgAbuseHandle: ABUSE170-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-303-414-5000
OrgAbuseEmail: abuse@icgcom.com
OrgTechHandle: ST452-ARIN
OrgTechName: Taylor, Stacy
OrgTechPhone: +1-408-579-5177
OrgTechEmail: stacy_taylor@icgcomm.com
# ARIN WHOIS database, last updated 2003-07-30
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: ICG NetAhead, Inc.
OrgID: ICGN
Address: 161 Inverness Drive
West
City: Englewood
StateProv: CO
PostalCode: 80112
Country: US
Comment: Any abuse or spam
issues MUST be emailed to
Comment: > abuse@icgcom.com
for investigation. Emailing or calling Ms. Taylor will
Comment: > not result in the
rectification of the problem.
RegDate:
Updated: 2003-01-10
AbuseHandle: ABUSE170-ARIN
AbuseName: Abuse
AbusePhone: +1-303-414-5000
AbuseEmail: abuse@icgcom.com
AdminHandle: ST452-ARIN
AdminName: Taylor, Stacy
AdminPhone: +1-408-579-5177
AdminEmail: stacy_taylor@icgcomm.com
TechHandle: ST452-ARIN
TechName: Taylor, Stacy
TechPhone: +1-408-579-5177
TechEmail: stacy_taylor@icgcomm.com
*******************
220.24.33.9 : 1107
Le 13-08-2003 à 5h03
attempted to connect to my computer
using
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound)High risk
YahooBB220024033009.b____
220-0-0-0-1 [16777216]
OrgName: Asia
Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU -> Australie
NetRange: 220.0.0.0 - 220.255.255.255
CIDR: 220.0.0.0/8
NetName: APNIC6
NetHandle: NET-220-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS.RIPE.NET
NameServer: RS2.ARIN.NET
Comment: This IP address range
is not registered in the ARIN database.
Comment: For details, refer
to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or
http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE:
APNIC is the Regional Internet Registry
Comment: for the Asia Pacific
region. APNIC does not operate networks
Comment: using this IP address
range and is not able to investigate
Comment: spam or abuse reports
relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate:
Updated: 2002-09-11
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net
# ARIN WHOIS database, last updated 2003-07-14
21:05
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Asia Pacific Network
Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
Comment:
RegDate:
Updated: 2002-09-11
AdminHandle: AWC12-ARIN
AdminName: APNIC Whois Contact
AdminPhone: +61 7 3858 3100
AdminEmail: search-apnic-not-arin@apnic.net
TechHandle: AWC12-ARIN
TechName: APNIC Whois Contact
TechPhone: +61 7 3858 3100
TechEmail: search-apnic-not-arin@apnic.net
*******************
216.61.138.171 : lotusnotes (1352)
-> vers mon 27374
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound) High risk
SBC Internet Services Southwest
Houston? Texas
Plano
OrgName: SBC Internet Services
- Southwest
OrgID: SBIS
Address: 2701 W 15th St
PMB 236
City:
Plano
StateProv: TX -> Texas
PostalCode: 75075
Country: US
NetRange: 216.60.0.0 - 216.63.255.255
CIDR: 216.60.0.0/14
NetName: SBIS-BLK-2
NetHandle: NET-216-60-0-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.SWBELL.NET
NameServer: NS2.SWBELL.NET
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
Comment: please send all abuse
issue e-mails to abuse@swbell.net
RegDate: 1998-08-27
Updated: 2000-06-09
TechHandle: ZS44-ARIN
TechName: IPAdmin-SBIS
TechPhone: +1-888-212-5411
TechEmail: IPAdmin-SBIS@sbis.sbc.com
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern
Bell Internet
OrgAbusePhone: +1-877-722-3755
OrgAbuseEmail: abuse@swbell.net
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern
Bell Internet Services
OrgNOCPhone: +1-888-212-5411
OrgNOCEmail: support@swbell.net
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-888-212-5411
OrgTechEmail: IPAdmin-SBIS@sbis.sbc.com
# ARIN WHOIS database, last updated 2003-07-21
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
SBC Internet Services - Southwest (SBIS)
SBIS LAN - Pitman Atrium Building (SLPAB)
***********************
68.56.84.252 : 3690
-> mon 27374 À 7h25 le
13-08-2003
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound) High risk
Tampas ? -> Floride
68-56-0-0-1[65536]
pcps03976708pcs.sarast01.fl.comcast.net
CustName: Comcast
Cable Communications, Inc.
Address: 3 Executive Campus
Address: 5th Floor
City:
Cherry Hill
StateProv: NJ -> New Jersey
PostalCode: 08002
Country: US
RegDate: 2003-03-19
Updated: 2003-03-19
NetRange: 68.56.0.0 - 68.56.255.255
CIDR:
68.56.0.0/16
NetName: WESTFLORIDA-2
NetHandle: NET-68-56-0-0-1
Parent: NET-68-32-0-0-1
NetType: Reassigned
Comment: NONE
RegDate: 2003-03-19
Updated: 2003-03-19
TechHandle: IC161-ARIN
TechName: Comcast Cable Communications,
Inc.
TechPhone: +1-856-317-7300
TechEmail: cips-ip-registration@cable.comcast.com
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and
Policy Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: abuse@comcast.net
OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications,
Inc.
OrgTechPhone: +1-856-317-7300
OrgTechEmail: cips-ip-registration@cable.comcast.com
********************
Pourquoi faites-vous cela ? / Why do you make it?
Jacques fortier
*****************
203.156.32.91
Invalide TCP Source port Attack
(LOW)
(0 -> mon smpt(25))
1e fois le 15-08-2003
2e fois le 16-08-2003 à
20h32
3e fois le 17-08-2003 à
12h25 avec :
203.156.32.159
4e fois le 19-08-2003 à
2h25 avec :
203.156.32.150
Invalide TCP Source port Attack
(LOW)
203.156.32.91 [512]
5e fois le 25-08-2003 à
14h22 avec :
203.156.32.50
6e fois le 26-08-2003 à
20h13 -> [512] avec :
203.156.32.247
7e fois le 28-08-2003 à
7h22 -> avec :
203.156.32.247
8e fois le 30-08-2003 à
9h31 -> avec :
203.156.32.33 et 0-> smtp(25)
9e fois le 03-09-2003 à
1h42 ->[512]
et 10e fois le 05-09-2003 à
21h49
et 16e fois le 26-09-2003 à
12h46 ->[512] avec :
203.156.32.40 et 0-> smtp(25)
11e fois le 08-09-2003 à
1h42 ->[512]
et 12e fois le 09-09-2003 à
6h57 ->[512] avec :
203.156.32.250 et 0-> smtp(25)
13e fois le 09-09-2003 à
16h51 ->[512] avec :
203.156.32.66 et 0-> smtp(25)
14e fois le 11-09-2003 à
19h42 ->[512] avec :
203.156.32.198 et 0-> smtp(25)
15e fois le 27-09-2003 à
3h58 ->[512] avec :
203.156.32.76 et 0-> smtp(25)
17e fois le 28-09-2003 à
6h22 (vers mon b1ncfp25), avec:
203.156.32.181 et 0-> smtp(25)
18e fois le 28-09-2003 à
8h24 (vers mon b1ncfp25), avec:
203.156.32.31 et 0-> smtp(25)
19e fois le 28-09-2003 à
15h41 (vers mon b1ncfp25), avec:
203.156.32.94 et 0-> smtp(25)
20e fois le 29-09-2003 à
13h26 (vers mon b1ncfp25), avec:
21e fois le 30-09-2003 à
23h31 (vers mon b1ncfp25),
23e fois le 04-10-2003 à
01h44 (vers jacquesfortier.com),
24e fois le 05-10-2003 à
02h05 (vers mon b1ncfp25),
avec:
203.156.32.84 et 0-> smtp(25)
22e fois le 02-10-2003 à
6h36 (vers mon b1ncfp25), avec:
203.156.32.94 et 0-> smtp(25)
25e fois le 06-10-2003 à
17h22 (vers mon b1ncfp25), avec:
203.156.32.190 et 0-> smtp(25)
À partir de multiples
microordinateurs {14}!!!
203.156.32.{91
ou 159, 150, 50, 247, 33, 40, 250, 66, 198, 76,181, 31, 94, 84, 190}
inetnum: 203.156.32.0
- 203.156.33.255
netname: INFRASTRUCTURE
country: TH
descr: Access
Server JIPlus
descr:
Jasmine Internet (Thailand)Co.,Ltd.
descr:
Nonthaburi
admin-c: NJ31-AP
tech-c: NJ31-AP
status: ASSIGNED
NON-PORTABLE
changed: eakji@ji-net.com
20030508
mnt-by: MAINT-JINET-TH
source: APNIC
*******************
80.164.26.247(3265 -> mon http
(80))
à 2h28 le 16-08-2003
URL_Drectory_Traversal (haut
risk)
[0x50a41af7.arcnxx16.adsl-dhcp.tele.dk]
Chicago? Illinois?
Danemark
inetnum: 80.164.0.0
- 80.164.63.255
netname: TDC-TELEDANMARK-BREDBAANDSADSL-NET
descr:
TDC BB-ADSL users
country: DK
remarks: +--------------------------------------+
remarks: | For
abuse and security issues please |
remarks: | contact
abuse@post.tele.dk
|
remarks: +--------------------------------------+
admin-c: AS5071-RIPE
tech-c: AS5071-RIPE
status: ASSIGNED
PA
mnt-by: TDK-MNT
changed: auto-ripe@ip.tele.dk
20030214
source: RIPE
*********************
207.247.91.26(2016) -> http(80)
le 18-08-2003 à 6h36
HTTP_IIS_ISAPI_EXTENSION Attack
Los Angeles?
OrgName: LDDS
WorldCom
OrgID: LDDS
Address: 22001 Loudoun County
Parkway
City:
Ashburn
StateProv: VA
PostalCode: 20147
Country: US
NetRange: 207.247.0.0 - 207.247.255.255
CIDR: 207.247.0.0/16
NetName: WCOM-PROD1
NetHandle: NET-207-247-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: AUTH10.NS.WCOM.COM
NameServer: AUTH20.NS.WCOM.COM
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 1996-11-15
Updated: 1997-09-08
TechHandle: OA12-ARIN
TechName: UUnet Technologies, Inc.,
Technologies
TechPhone: +1-800-900-0241
TechEmail: help4u@mci.com
OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: swipper@uu.net
# ARIN WHOIS database, last updated 2003-08-06
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
LDDS Metromedia Communications (LDDS1)
LDDS WorldCom (LDDS)
LDDS WorldCom (LDDS)
**********************
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound) High risk
63.105.128.52:13254 (-> mon 27374)
le 18-08-2003 à 11h16
Node Name : 63.105.128.52.hcis.net
Atlanta? Georgie?
CustName: Heartland
Internet UU-63-
Address: 1412 Julianne Drive
City: Marion
StateProv: IL -> Illinois
PostalCode: 62959
Country: US
RegDate: 2000-06-07
Updated: 2003-05-30
NetRange: 63.105.128.0 - 63.105.129.255
CIDR: 63.105.128.0/23
NetName: UU-63-105-128
NetHandle: NET-63-105-128-0-1
Parent: NET-63-64-0-0-1
NetType: Reassigned
Comment:
RegDate: 2000-06-07
Updated: 2003-05-30
TechHandle: OA12-ARIN
TechName: UUnet Technologies, Inc.,
Technologies
TechPhone: +1-800-900-0241
TechEmail: help4u@mci.com
OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: abuse-mail@mci.com
OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet Technologies, Inc.,
Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: help4u@mci.com
OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: swipper@uu.net
*********************
HTTP_IIS_ISAPI_EXTENSION Attack
207.110.56.42
le 21-08-2003 à 14h09:43
207-110-56-42-0-1 [256]
gotoss.com
San José, Californie?
OrgName: Loan
Administration Network Inc
OrgID: LAN
Address: 1401 Dove St., Ste.
400
City:
Newport Beach
StateProv: CA (Californie)
PostalCode: 92660
Country: US
NetRange: 207.110.56.0 - 207.110.56.255
CIDR: 207.110.56.0/24
NetName: LANI-NET
NetHandle: NET-207-110-56-0-1
Parent: NET-207-110-0-0-1
NetType: Reassigned
NameServer: NS.CONNECTNET.COM
NameServer: NS2.CONNECTNET.COM
Comment:
RegDate: 1997-12-06
Updated: 1997-12-06
TechHandle: SG4011-ARIN
TechName: Groaner, Steve
TechPhone: +1-714-752-5246
TechEmail: steve_groaner@lani.com
# ARIN WHOIS database, last updated 2003-07-25
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
LAN & Computer Integrators, Inc. (LCI-2)
LAN Associates (LANASS)
LAN Builders (LANBU)
LAN CHILE (LANCHI)
Lan Circuit (LANCIR-1)
LAN Comp Systems (LCS-21)
Lan Design (LANDES)
Lan Engineering (LANENG)
LAN ENTERPRISES (LANENT)
Lan Infosystems (LANINF)
LAN Line Comm (LLC-6)
LAN MANAGEMENT (LANMAN-2)
LAN Management (LANMAN-1)
LAN MANAGEMENT SERVICES (LMS-24)
LAN MANAGMENT SERVICES (LMS-28)
LAN MD (LANMD)
Lan Media Consulting (LMC-6)
LAN Microsystems, Inc. (LANMIC)
Lan Planet (LANPLA)
Lan Professionals (LANPRO-1)
LAN Professionals, Inc. (LANPRO)
LAN SRV (LANSRV)
LAN Supervision (LANSUP)
LAN Systems, Inc. (LANSYS-1)
Lan Technologies (LANTEC-7)
LAN Technologies, Inc (LANTEC-6)
Lan vision (LANVIS-1)
Lan Write, Inc. (LANWRI)
Loan Administration Network Inc (LAN)
*************
24.78.76.178(44484)
Le 27-08-2003 à 5h15
HTTP_IIS_ISAPI_EXTENSION Attack
(high)
Net-24-76-0-0-1[262144]
vers mon port http(80)
Centre sud du Québec ou
Nord-est de l'ontario? (frontière)
Hull/Ottawa???
TCP(Inbound) -> 27374
24.66.162.1:3856
Le 25-9-2003 à 11h44
h24-66-162-1.fm.shawcable.net
OrgName: Shaw
Communications Inc.
OrgID: SHAWC
Address: Suite 800
Address: 630 - 3rd Ave. SW
City: Calgary
StateProv: AB -> Alberta
PostalCode: T2P-4L4
Country: CA -> Canada
NetRange: 24.76.0.0 - 24.79.255.255
CIDR: 24.76.0.0/14
NetName: SHAW-COMM
NetHandle: NET-24-76-0-0-1
Parent: NET-24-0-0-0-0
NetType: Direct Allocation
NameServer: NS2SO.CG.SHAWCABLE.NET
NameServer: NS1SO.CG.SHAWCABLE.NET
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2000-12-15
Updated: 2003-06-20
OrgAbuseHandle: SHAWA-ARIN
OrgAbuseName: SHAW ABUSE
OrgAbusePhone: +1-403-750-7420
OrgAbuseEmail: internet.abuse@sjrb.ca
OrgTechHandle: ZS178-ARIN
OrgTechName: Shaw High-Speed Internet
OrgTechPhone: +1-403-750-7428
OrgTechEmail: ipadmin@sjrb.ca
# ARIN WHOIS database, last updated 2003-08-14
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Shaw Communications
Inc.
OrgID: SHAWC
Address: Suite 800
Address: 630 - 3rd Ave. SW
City: Calgary
StateProv: AB
PostalCode: T2P-4L4
Country: CA
Comment:
RegDate: 2003-03-05
Updated: 2003-04-10
AbuseHandle: SHAWA-ARIN
AbuseName: SHAW ABUSE
AbusePhone: +1-403-750-7420
AbuseEmail: internet.abuse@sjrb.ca
AdminHandle: ZS178-ARIN
AdminName: Shaw High-Speed Internet
AdminPhone: +1-403-750-7428
AdminEmail: ipadmin@sjrb.ca
TechHandle: ZS178-ARIN
TechName: Shaw High-Speed Internet
TechPhone: +1-403-750-7428
TechEmail: ipadmin@sjrb.ca
****************
209.6.190.77:3345
Backdoor-g-1(1243)
RCNCorporation RCN-BLR
209-6-190-77.c3-0.wth.ubr2.sho-wth.ma.cable.rcn.c___
Worcester?
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound) High risk
OrgName: RCN
Corporation
OrgID: RCN
Address: 105 Carnegie Center
City:
Princeton
StateProv: NJ -> New Jersey
PostalCode: 08540
Country: US
NetRange: 209.6.0.0 - 209.6.255.255
CIDR: 209.6.0.0/16
NetName: RCN-BLK-9
NetHandle: NET-209-6-0-0-1 [65536]
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: AUTH1.DNS.RCN.NET
NameServer: AUTH2.DNS.RCN.NET
NameServer: AUTH3.DNS.RCN.NET
NameServer: AUTH4.DNS.RCN.NET
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate:
Updated: 2002-11-05
TechHandle: ZR40-ARIN
TechName: RCN Corporation
TechPhone: +1-888-972-6622
TechEmail: noc@rcn.com
OrgAbuseHandle: RAD75-ARIN
OrgAbuseName: RCN Abuse Department
OrgAbusePhone: +1-888-972-6622
OrgAbuseEmail: abuse@rcn.com
OrgNOCHandle: ZR40-ARIN
OrgNOCName: RCN Corporation
OrgNOCPhone: +1-888-972-6622
OrgNOCEmail: noc@rcn.com
OrgTechHandle: ZR40-ARIN
OrgTechName: RCN Corporation
OrgTechPhone: +1-888-972-6622
OrgTechEmail: noc@rcn.com
# ARIN WHOIS database, last updated 2003-08-10
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
RCN (RCN-9)
RCN (RCN-4)
RCN (RCN-8)
RCN Cable Modems - Allentown, PA (RCMAP)
RCN Cable Modems - Lanham, MD (RCMLM)
RCN Cable Modems - New York City (Manhattan),
NY (RCMNYCMN)
RCN Corporation (RCN)
RCN Corporation (RCN)
RCN Employee (RCNEMP)
RCN Telecommunications (RCNTEL)
*****************
171.75.226.6
Invalid TCP Source Port
0 -> smtp(25) le6-9-2003 à
0h48
Net-171-75-0-0-1 [65536]
Saint Louis Mo (Missouri)
[dialup-171.75.226.6.Dial1.SaintLouis1Level3.net....]
OrgName:
Level 3 Communications,
Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City:
Broomfield
StateProv: CO
PostalCode: 80021
Country: US
NetRange: 171.75.0.0 - 171.75.255.255
CIDR: 171.75.0.0/16
NetName: BBNINC-0-6
NetHandle: NET-171-75-0-0-1
Parent: NET-171-73-0-0-1
NetType: Reassigned
NameServer: NS1.LEVEL3.NET
NameServer: NS2.LEVEL3.NET
Comment:
RegDate: 2003-05-07
Updated: 2003-05-07
OrgAbuseHandle: APL8-ARIN
OrgAbuseName: Abuse POC LVLT
OrgAbusePhone: +1-877-453-8353
OrgAbuseEmail: abuse@level3.com
OrgTechHandle: TPL1-ARIN
OrgTechName: Tech POC LVLT
OrgTechPhone: +1-877-453-8353
OrgTechEmail: ipaddressing@level3.com
# ARIN WHOIS database, last updated 2003-08-07
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Level 3 Communications,
Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US
Comment:
RegDate: 1998-05-22
Updated: 2003-01-28
AbuseHandle: APL8-ARIN
AbuseName: Abuse POC LVLT
AbusePhone: +1-877-453-8353
AbuseEmail: abuse@level3.com
AdminHandle: APL7-ARIN
AdminName: ADMIN POC LVLT
AdminPhone: +1-877-453-8353
AdminEmail: ipaddressing@level3.com
TechHandle: TPL1-ARIN
TechName: Tech POC LVLT
TechPhone: +1-877-453-8353
TechEmail: ipaddressing@level3.com
*********************
Invalide TCP Source port Attack
(LOW)
67.66.4.39
adsl-67-66-4-39.dsl.rcsntx
Le 8-09-2003
0-> smtp(25)
Richardson -> Texas USA
CustName: rback12.rcsntx SBC06706
Address: 2623 Camino Ramon
City: San
Ramon
StateProv: CA -> Californie
PostalCode: 94583
Country: US
RegDate: 2002-11-13
Updated: 2002-11-13
NetRange: 67.66.4.0 - 67.66.7.255
CIDR: 67.66.4.0/22
NetName: SBC067066004000021113
NetHandle: NET-67-66-4-0-1
[1024]
Parent: NET-67-64-0-0-1
NetType: Reassigned
Comment: For Policy Abuse issues,
contact: abuse@swbell.net
Comment: For Technical issues,
contact: noc@swbell.net
RegDate: 2002-11-13
Updated: 2002-11-13
TechHandle: ZS44-ARIN
TechName: IPAdmin-SBIS
TechPhone: +1-888-212-5411
TechEmail: IPAdmin-SBIS@sbcis.sbc.com
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern
Bell Internet
OrgAbusePhone: +1-877-722-3755
OrgAbuseEmail: abuse@swbell.net
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern
Bell Internet Services
OrgNOCPhone: +1-888-212-5411
OrgNOCEmail: support@swbell.net
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-888-212-5411
OrgTechEmail: IPAdmin-SBIS@sbis.sbc.com
*****************************
24.141.48.155:2317
Le 12-09-2003 à 16h55
UDP (BNBOUND)
-> MON BACK-ORIFICE(31337)
d141-48-155.home.cgocable.net
CustName: Cogeco Cable
Solutions
Address: 950 Syscon Drive
City: Burlington
StateProv: ON -> Ontario,
Canada
PostalCode: L7R 4S6
Country: CA
RegDate: 2001-07-19
Updated: 2001-07-19
NetRange: 24.141.48.0 - 24.141.63.255
CIDR: 24.141.48.0/20
NetName: CGOC-BUBR1-1
NetHandle: NET-24-141-48-0-1
Parent: NET-24-141-0-0-1
NetType: Reassigned
Comment:
RegDate: 2001-07-19
Updated: 2001-07-19
TechHandle: IS7-ORG-ARIN
TechName: Cogeco Cable
TechPhone: +1-905-333-7055
TechEmail: ipservices@cogeco.net
OrgAbuseHandle: INTER3-ARIN
OrgAbuseName: Internet Abuse
OrgAbusePhone: +1-905-333-5343
OrgAbuseEmail: abuse@cogeco.net
OrgTechHandle: INS2-ARIN
OrgTechName: IP Network Service
OrgTechPhone: +1-905-333-7055
OrgTechEmail: ipservices@cogeco.net
**********************
Objet:
Why do you attack(do affect) my microcomputer?
Date:
Tue, 16 Sep 2003 02:49:06 -0400
De:
Jacques Fortier <vision_globale@sympatico.ca>
À: hostmaster@apnic.net
Objet:
[Fwd: Why do you attack(do affect) my microcomputer?]
Date:
Tue, 16 Sep 2003 06:58:33 -0400
De:
Jacques Fortier <vision_globale@sympatico.ca>
À: netadm@anet.net.th
Objet:
Why do you attack(do affect) my microcomputer?
Date:
Tue, 16 Sep 2003 07:06:54 -0400
De:
Jacques Fortier <vision_globale@sympatico.ca>
À: netadm@anet.net.th
Why do you attack(do affect) my microcomputer?
Pourquoi faites-vous cela ? / Why do you make it?
Jacques fortier
****************:
210.203.178.80
Invalide TCP Source port Attack
(LOW)
0 -> smpt(25)
[16384]Network
1ère fois : Le 16-09-2003
à 2h02
2e fois : Le 17-09-2003 à
12h50
210.203.184.10
DIAL263-NAS210.anet.net
3e fois : Le 18-09-2003 à
18h26
4e fois : Le 20-09-2003 à
06h12
5e fois : Le 21-09-2003 à
11h43
6e fois : Le 24-09-2003 à
21h26 avec :
210.203.179.173
7e fois : Le 09-10-2003 à
01h54 avec :
210.203.179.112
DIAL363-NAS216.anet.net.th
8e fois : Le 10-10-2003 à
22h23 avec :
210.203.184.175
www.jacquesfortier.com [0 -> smtp(25)]
9e fois : Le 14-10-2003 à
00h57 avec :
210.203.179.224
0 -> smpt(25) {b1ncfp25}
inetnum: 210.203.128.0
- 210.203.191.255
netname: ANET-TH
descr: ANET
Co.,Ltd.
descr: Internet
Service Provider In Thailand
descr:
23 Soi Charoen Nakorn 14,
descr:
Charoen Nakorn Rd.,
descr:
Klongsan ,
descr:
Bangkok 10600
country: TH
admin-c: PR2-TH
tech-c: PR2-TH
mnt-by: APNIC-HM
mnt-lower: MAINT-ANET
changed: hostmaster@apnic.net
20020306
status: ALLOCATED
PORTABLE
source: APNIC
person:
Pudulae Rabob
address:
A-Net Co.,Ltd
address:
23 Charoen Nakorn 14Rd.
address:
Klongsan, Bangkok Thailand
country:
TH
phone:
+662 861 1555
fax-no:
+662 861 1567
e-mail:
netadm@anet.net.th
nic-hdl:
PR2-TH
mnt-by:
MAINT-ANET-AP
changed:
netadm@anet.net.th 20000613
source:
APNIC
**********************
207.87.83.24 (1712)
Le 17-09-2003 à 3h52
mon b1ncfp25 -> port http(80)
attaqué
adslg24.cofs.net
Los Angeles? Californie
NET-207-86-0-0-1[131072]
HTTP_IIS_ISAPI_EXTENSION Attack
OrgName: Allegiance
Telecom Companies Worldwide
OrgID: ATCW
Address: 1950 North Stemmons
Freeway
City:
Dallas
StateProv: TX -> Texas
PostalCode: 75207
Country: US
NetRange: 207.86.0.0 - 207.87.255.255
CIDR: 207.86.0.0/15
NetName: ALGX-ABI-BLK11
NetHandle: NET-207-86-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NSF.ALGX.NET
NameServer: NSE.ALGX.NET
Comment:
RegDate: 2001-01-02
Updated: 2002-11-15
TechHandle: ZA141-ARIN
TechName: Allegiance Telecom Companies
Worldwide
TechPhone: +1-800-581-8711
TechEmail: ipreq@algx.net
OrgAbuseHandle: AARA-ARIN
OrgAbuseName: ALGX Abuse Role Account
OrgAbusePhone: +1-240-616-2155
OrgAbuseEmail: abuse@algx.net
OrgNOCHandle: ANCC-ARIN
OrgNOCName: ALGX Network Control
Center
OrgNOCPhone: +1-866-696-2794
OrgNOCEmail: noc@algx.net
OrgTechHandle: ZA141-ARIN
OrgTechName: Allegiance Telecom Companies
Worldwide
OrgTechPhone: +1-800-581-8711
OrgTechEmail: ipreq@algx.net
# ARIN WHOIS database, last updated 2003-09-07
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Allegiance Telecom
Companies Worldwide
OrgID: ATCW
Address: 1950 North Stemmons
Freeway
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US
Comment:
RegDate: 2002-09-04
Updated: 2002-11-08
AbuseHandle: AARA-ARIN
AbuseName: ALGX Abuse Role Account
AbusePhone: +1-240-616-2155
AbuseEmail: abuse@algx.net
AdminHandle: ZA141-ARIN
AdminName: Allegiance Telecom Companies
Worldwide
AdminPhone: +1-800-581-8711
AdminEmail: ipreq@algx.net
NOCHandle: ANCC-ARIN
NOCName: ALGX Network Control Center
NOCPhone: +1-866-696-2794
NOCEmail: noc@algx.net
TechHandle: ZA141-ARIN
TechName: Allegiance Telecom Companies
Worldwide
TechPhone: +1-800-581-8711
TechEmail: ipreq@algx.net
*************************
1e fois -> 64.216.218.228
Invalide TCP Source port Attack
(LOW)
0 -> MON 4480, Le 22-09-2003
À 5h23
-> b1ncfp25
St-Louis -> Missouri
[ppp-64-216-218-228.dialup.stlsmo.swbell.net]
64-216-218-0-1[512]
2e fois -> 64.216.219.14
0 -> MON http-proxy8080, Le
22-09-2003 À 13h50
3e fois -> 64.216.219.6 le2-11-2003
à 9h12
0 -> 6588 {b1ncfp25} -> Ivalid
TCP...
4e fois -> 64.216.219.89
0 -> MON http-proxy8080, Le
02-11-2003 À 14h45
5e fois -> 64.216.219.63
0 -> MON smtp(25), Le 10-11-2003
À 1h29
CustName: DIALPOOL1-max100
Address: 2701 W. 15th St.
Address: PMB 236
City: Plano
StateProv: TX -> Texas
PostalCode: 75075
Country: US
RegDate: 2000-04-26
Updated: 2000-04-26
NetRange: 64.216.218.0 - 64.216.219.255
CIDR: 64.216.218.0/23
NetName: SBCIS-100426-101631
NetHandle: NET-64-216-218-0-1
Parent: NET-64-216-0-0-1
NetType: Reassigned
Comment:
RegDate: 2000-04-26
Updated: 2000-04-26
TechHandle: ZS44-ARIN
TechName: IPAdmin-SBIS
TechPhone: +1-888-212-5411
TechEmail: IPAdmin-SBIS@sbis.sbc.com
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern
Bell Internet
OrgAbusePhone: +1-877-722-3755
OrgAbuseEmail: abuse@swbell.net
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern
Bell Internet Services
OrgNOCPhone: +1-888-212-5411
OrgNOCEmail: support@swbell.net
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-888-212-5411
OrgTechEmail: IPAdmin-SBIS@sbis.sbc.com
*****************
203.76.219.233 [8192]
à 16h59 le 11-10-2003
Invalid TCP Source Port -> 0 ->
{1080}b1ncfp25
Interisland - NOCNET2
SL568-AP
inetnum: 203.76.192.0
- 203.76.223.255
netname: INTERISLAND-NOCNET2
descr:
Internet Service Provider
country:
PH ->Philippines
admin-c: SL568-AP
tech-c: SL568-AP
status: ALLOCATED
PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-PH-INTERISLAND
changed: hm-changed@apnic.net
20030217
source: APNIC
+???!!!
203.76.199.173:3425 -> mon 27374
À22h33 le 14-10-2003
TCP(Inbound)
************
38.117.19.61
À3h24 le 13-10-2003
Invalid TCP Source Port
0 -> (1080) de b1ncfp25
OrgName: Performance
Systems International Inc.
OrgID: PSI
Address: 1015 31st Street,
NW
City: Washington
StateProv: DC
PostalCode: 20007
Country: US
NetRange: 38.112.0.0 - 38.119.255.255
CIDR: 38.112.0.0/13
NetName: COGENT-NB-0002
NetHandle: NET-38-112-0-0-1
[524288]
Parent: NET-38-0-0-0-1
NetType: Reassigned
NameServer: AUTH1.DNS.COGENTCO.COM
NameServer: AUTH2.DNS.COGENTCO.COM
Comment: ReferralServer: rwhois://rwhois.cogentco.com:4321/
RegDate: 2003-08-20
Updated: 2003-08-20
OrgAbuseHandle: COGEN-ARIN
OrgAbuseName: Cogent Abuse
OrgAbusePhone: +1-877-875-4311
OrgAbuseEmail: abuse@cogentco.com
OrgNOCHandle: ZC108-ARIN
OrgNOCName: Cogent Communications
OrgNOCPhone: +1-877-875-4311
OrgNOCEmail: noc@cogentco.com
OrgTechHandle: IPALL-ARIN
OrgTechName: IP Allocation
OrgTechPhone: +1-877-875-4311
OrgTechEmail: ipalloc@cogentco.com
# ARIN WHOIS database, last updated 2003-09-22
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
Performance Systems International Inc. (PSI)
PSI (PSI-1)
PSI (PSI-11)
PSI (PSI-31)
PSI (PSI-51)
PSI (PSI-61)
PSI (PSI-62)
PSI (PSI-17)
PSI Bearings (PSIBEA)
PSI Energy Incorporated (PSIENE)
PSI Energy, Inc. (PSIENE-1)
PSI Engineers (PSIENG)
PSI Fort Worth (PFW)
PSI Inc. Oita Branch (PIOB)
PSI Internet (PSIINT)
PSI Napse Technology (PNT-4)
Psi Napse Technology. (PNT-2)
PSI NET (PSINE)
PSI Net Switzerland (PNS-52)
PSI Network (PSINET-2)
PSI NETWORK (PSINET-14)
PSI Network One (PNO-2)
PSI Network Two (PNT)
PSI PRIME INC (PSIPR)
PSI PRIME INC (PSIPR-1)
PSI Search.com (PSISEA)
PSI Summa Industries (PSI-57)
PSI Systems, Inc. (PSISYS)
PSI Systems, Inc./Envelope Manager Software (PSIMS)
PSI Technologies (PSITEC-1)
PSI Technologies (PSITEC-2)
Psi Upsilon (PSIUPS)
************************
206.204.10.200
PortScan Attack le13-10-2003
à 20h58 (sous ma demande probablement
pour fin de test)
Au moins 11 ports de tester
{Symantec}
OrgName: ConXioN
Corporation
OrgID: CONX
Address: 4201 Burton Drive
City:
Santa Clara
StateProv: CA -> Californie
PostalCode: 95054
Country: US
NetRange: 206.204.0.0 - 206.204.255.255
CIDR:
206.204.0.0/16
NetName: CONXION
NetHandle: NET-206-204-0-0-1 [65536]
Parent: NET-206-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CONXION.NET
NameServer: NS2.CONXION.NET
NameServer: NS3.CONXION.NET
NameServer: NS4.CONXION.NET
Comment:
RegDate: 1995-07-17
Updated: 2002-12-19
AbuseHandle: ABUSE150-ARIN
AbuseName: Abuse
AbusePhone: +1-408-566-8500
AbuseEmail: abuse@conxion.net
TechHandle: CO-ORG-ARIN
TechName: ConXioN
TechPhone: +1-408-566-8500
TechEmail: dns@conxion.net
# ARIN WHOIS database, last updated 2003-09-24
19:15
# Enter ? for additional hints on searching
ARIN's WHOIS database.
OrgName: ConXioN Corporation
OrgID: CONX
Address: 4201 Burton Drive
City:
Santa Clara
StateProv: CA
PostalCode: 95054
Country: US
Comment:
RegDate: 1995-04-19
Updated: 2001-12-17
****************************
65.33.198.88:2228
Le 24-10-2003 à 19h11
TCP(Inbound) -> Default Block Back
door/SubSevenTrojanHorse
88.198.33.65.cfl.rr.com
Dallas? -> Texas
NET-65-32-0-0-1 [139264]
OrgName: ROADRUNNER-SOUTHWEST
OrgID: RRSW
Address: 13241 Woodland Park
Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
ReferralServer: rwhois://ipcontrol-b.rr.com:4321
NetRange: 65.32.0.0 - 65.34.31.255
CIDR: 65.32.0.0/15,
65.34.0.0/19
NetName: ROADRUNNER-SOUTHEAST
NetHandle: NET-65-32-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.RR.COM
NameServer: DNS2.RR.COM
NameServer: DNS3.RR.COM
NameServer: DNS4.RR.COM
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2000-08-22
Updated: 2002-08-30
TechHandle: ZS30-ARIN
TechName: ServiceCo LLC
TechPhone: +1-703-345-3416
TechEmail: abuse@rr.com
OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: abuse@rr.com
OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: abuse@rr.com
# ARIN WHOIS database, last updated 2003-10-05
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: ROADRUNNER-SOUTHWEST
OrgID: RRSW
Address: 13241 Woodland Park
Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
Comment:
RegDate:
Updated: 2003-08-19
ReferralServer: rwhois://ipcontrol-b.rr.com:4321
AbuseHandle: ABUSE10-ARIN
AbuseName: Abuse
AbusePhone: +1-703-345-3416
AbuseEmail: abuse@rr.com
AdminHandle: IPADD-ARIN
AdminName: IPADDREG
AdminPhone: +1-703-345-3151
AdminEmail: ipaddreg@rr.com
TechHandle: IPTEC-ARIN
TechName: IP Tech
TechPhone: +1-703-345-3416
TechEmail: abuse@rr.com
************************