Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Sensing A Pattern

with one comment

Source

93.114.122.72 SC- DIAL TELECOM Romania Slammer
91.135.19.162 DTG Wireless Latvia DdoS
89.106.8.194 Grid Hosting Turkey DOS/SYN
72.1.0.0 Northern Telephone OSHKOSH BAD IP
69.10.42.58 Interserver Inc NJ DOS/SYN
61.175.209.11 China Telecom DOS/SYN
61.147.112.197 Chinanet DOS/SYN
61.139.175.30 UNICOM JL China DOS/SYN
60.190.49.244 NINGHAI-XINYANG-LTD China Slammer
60.173.10.154 Chinanet AH China DOS/SYN
60.12.6.238 CNC Group CHINA169 Zhejiang Province Network TCP Nmap Scan
59.45.19.52 MAINT-CHINANET-LN DOS/SYN
58.57.17.194 MAINT-CHINANET-SD Slammer
58.221.42.163 CHINANET jiangsu province network China DOS/SYN
222.45.112.219 Kunde Htech Ltd Co China DOS/SYN
222.240.205.117 CHINANET-HN Changsha node network DOS/SYN
222.179.5.106 CHINANET Chongqing province network Slammer
222.175.213.210 CHINANET SHANDONG PROVINCE NETWORK DOS/SYN
222.133.182.194 China Unicom Shandong province network DOS/SYN
222.128.51.11 China Unicom Beijing province network DOS/SYN
221.238.10.195 TIANJIN-CHANGCHENGZHIBAO-LTD DOS/SYN
221.195.73.68 China Unicom Hebei Province Network Korea DOS/SYN
221.161.82.238 KORNET-10321992250 DOS/SYN
220.191.241.2 ZHEJIANG-PEOPLE-GOV TCP Nmap Scan
219.149.53.239 LY-GUANGDIAN-ISP China Slammer
218.75.95.244 JINHUA-TELECOM-LTD Slammer
218.61.126.21 China Unicom Liaoning province network DOS/SYN
218.23.37.51 CHINANET Anhui province network Slammer
218.204.137.156 China Mobile Communications Corporation – jiangxi Slammer
217.76.32.53 Ratel Company Russia DOS/SYN
212.252.124.15 SuperOnline Inc. Turkey Slammer
211.157.108.232 CHINACOMM DOS/SYN
211.141.78.197 CMNET-jilin DOS/SYN
211.100.229.252 BEIJING ZHENG-BO TECHNOLOGY CO.LTD Slammer
202.120.127.149 Shanghai University DOS/SYN
174.143.78.90 Rackspace.com App Anomaly RPC
125.68.57.86 CHINANET Sichuan province network DOS/SYN
125.65.112.168 SC-MY-SJDF-LTD China DOS/SYN
125.119.209.199 CHINANET-ZJ-HZ DOS/SYN
124.160.43.18 CNC Group CHINA169 Zhejiang Province Network TCP Nmap Scan
123.30.75.107 CUCBUUDIENTW-NET DOS/SYN
122.225.36.85 JIAXING-TELECOM-LTD DOS/SYN
121.28.90.36 SJZ-FriendshipHotelNorthStateStreetstore China DOS/SYN
121.123.158.33 Maxis Communications Bhd Malaysia DOS/SYN
121.11.80.42 shantoushitianyingxinxijishuyou China DOS/SYN
118.1.0.0 NTT Communications Corporation Japan BAD IP
116.228.179.19 CHINANET Shanghai province network DOS/SYN

Since my little incident with j35t3r I have been paying more attention again to the IDS. In the last few days alone the system has seen some interesting traffic including another DDoS attempt from Latvia. I am seeing a pattern though for the most part. Our Chinese overlords have a lot of traffic coming my way from worms.

Also interesting to note is the Nmap traffic, guess some folks got interested in my system to see what ports I have open. They went away unhappy though. Kinda makes you wonder what your traffic is like huh? It also might make you wonder just how much your system is protected.. If it is at all.

If you are interested, you can take a scan for yourself with Shields Up. It’s a system in place to run a Nessus scan against your IP address and see whats what. It does a good job and will tell you what ports are open and perhaps what vulns you might have.

Just remember, if you have a persistent connection and your machine is on.. Well, they are knocking at the door.

CoB

Written by Krypt3ia

2010/01/24 at 01:23

One Response

Subscribe to comments with RSS.

  1. I have McAfee and every now and then I check the inbound traffic log and I found this HTECH tried to access different ports. I banned the address after tracing it back to China. I have also found China Unicom in that log too.

    Marie

    2010/05/16 at 22:23


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: