RE: Scans from Moscow

From: Robert Woods (robert.woods@percepta-crm.com)
Date: 10/17/01 

From: "Robert Woods" <robert.woods@percepta-crm.com>
To: "'Alan Wright'" <AlanJWright@manx.net>
Subject: RE: Scans from Moscow
Date: Wed, 17 Oct 2001 13:51:12 -0400
Message-ID: <000401c15734$4ff8dcf0$6565a8c0@fordcac.ca>

Alan,
  Not many, but enough to rise concern. Not to say these organizations are
malicious, but they may be compromised. I usually make contact with the
people and work through it with them. Often, if it's an ISP, you have
script kiddies or bored computer science students messing around. However,
there is always this sort of traffic before a major worm or virus, so we
have to be careful these days.

Rob

-----Original Message-----
From: Alan Wright [mailto:AlanJWright@manx.net]
Sent: Wednesday, October 17, 2001 1:28 PM
To: robert.woods@percepta-crm.com
Cc: incidents@securityfocus.com
Subject: RE: Scans from Moscow

I am going to snip most of my stuff out of this email and just leave yours
in,
I would think that incidents here is the best place for input.
How many hits are you getting from each address?

At 19:21 16/10/2001 -0400, you wrote:
>Alan,
> A little messy, but this is a list of my problems over the last week or
>so, nothing from Russia though.. Do you know of a good site to enter in IP
>addresses then receive a list of reports from other Administrators? Might
>be a help to both of us and others.
>
>
>28-Aug-01 Wiznet Inc. Toronto Ontario
>Canada 216.129.216.36 http port scans
>28-Aug-01 Wiznet Inc. Toronto Ontario
>Canada 216.129.213.43.stott.wiznet.ca
>http port scans
>15-Oct-01 Wiznet Inc. Toronto Ontario
>Canada 216.129.217.9 http port scans
>15-Oct-01 Business Internet Inc. Tampa Florida United
>States 216.0.151.158
>port 27374 scan
>15-Oct-01 Kersur
>Technologies Manchaug Massachusetes United States
>216.129.158.18 http port scans
>16-Oct-01 One Care New York New Yorl United
>States 216.213.85.230 http port
>scans
>11-Oct-01 Taiwan Network Information
>Centre Taipei Taiwan 202.39.29.198
>port 1080 scan
>13-Oct-01 Acer Internet Services
>Inc. Taipei Taiwan 210.67.84.6 printer
>port scan
>14-Oct-01 Korea Telecom Seoul Korea 211.220.193.214
>port 22452 scan
>14-Oct-01 Korea Network Information
>Centre Seocho-Dong Seocho-ku Korea
>211.196.153.182 printer port scan
>9-Oct-01 Korea Network Information
>Centre Seocho-Dong Seocho-ku Korea
>211.46.246.194 Exchange_ports_1 scan
>9-Oct-01 Korea Network Information
>Centre Seocho-Dong Seocho-ku Korea
>211.196.153.182 printer port scan
>10-Oct-01 Xi'an High Tech Development Xi'an City Shaanxi
China
>202.100.26.185 printer port scan
>4-Oct-01 Shandong Qingdao Furuitai Chenxi Business
>Co. Jinan Shandong China
>202.110.195.88 printer port scan
>10-Oct-01 DigiTel Communications Asia Ltd. Hong
>Kong Hong Kong
>202.122.224.234 Exchange_ports_1 scan
>7-Oct-01 HanseNet Telefongesellschaft mbH & Co.
>KG Hamburg Germany
>213.191.86.21 printer port scan
>7-Oct-01 HanseNet Telefongesellschaft mbH & Co.
>KG Hamburg Germany
>213.191.86.21 ftp port scan
>7-Oct-01 HanseNet Telefongesellschaft mbH & Co.
>KG Hamburg Germany
>213.191.86.21 port 54681 scan
>11-Oct-01 Apple Online London United
>Kingdom 213.219.19.162 port 22 scan
>(SSH)
>5-Oct-01 BT ADSL Sandridge Hertfordshire United
>Kingdom 213.123.146.178 port
>1080 scan
>5-Oct-01 BT ADSL Sandridge Hertfordshire United
>Kingdom 213.123.146.178 ftp
>port scan
>
>
> >
> >-----Original Message-----
> >From: Alan Wright [mailto:AlanJWright@manx.net]
> >Sent: Sunday, October 14, 2001 3:11 PM
> >To: security-basics@securityfocus.com
> >Subject: Scans from Moscow
> >
> >
> >Anyone else getting http probes out of Moscow College of Business
> >Administration ?
> >Second time this week from Moscow , both from 'organisations'
> >
> >All the best
> >
> >Alan
> >
> >
> >
> >Alan J Wright B.Sc(Hons)(Open)
> >SMS +47624462772.
> >Email AlanJWright@manx.net
> > foll478trap@yahoo.com
> >
> >
> >'You're a feisty little one but you'll soon learn respect'
> >
> >Return of the Jedi
>
>All the best
>
>Alan
>
>
>
>Alan J Wright B.Sc(Hons)(Open)
>SMS +47624462772.
>Email AlanJWright@manx.net
> foll478trap@yahoo.com
>
>
>'You're a feisty little one but you'll soon learn respect'
>
>Return of the Jedi

All the best

Alan

Alan J Wright B.Sc(Hons)(Open)
SMS +47624462772.
Email AlanJWright@manx.net
         foll478trap@yahoo.com

'You're a feisty little one but you'll soon learn respect'

Return of the Jedi

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • RE: Scans from Moscow
    ... >Canada 216.129.216.36 http port scans ... >211.196.153.182 printer port scan ... >>Subject: Scans from Moscow ...
    (Incidents)
  • Standard ML on RISC OS?
    ... What implementations of SML exist on RISC OS? ... find were dead links to a port of an old version of Moscow ML and an ... even older port of Edinburgh ML. ...
    (comp.sys.acorn.misc)
  • Re: LPT missing
    ... entries or those with red X or yellow!. ... parallel printer port with either an red X or yellow!. ... The PCI printer port card: check the installation manual that came with it ... additional PCI printer port, there's no problem to install the driver, ...
    (microsoft.public.windowsxp.print_fax)
  • Re: need basic program to print string to printer port
    ... I need to be able to put string to a printer port. ... (using the 8 lines for different device controll) ... When you start hooking long wires, different powered devices, anything hooked to the power grid, anything that can get static zapped, you run the risk of blowing up your whole motherboard. ...
    (comp.home.automation)
  • Re: file transfer between Linux and XP home computers?
    ... > XP has a wizard that lets me define connections on a printer port, ... > port, or a modem. ... networking would be your best bet.. ...
    (comp.os.linux.networking)