[Gllug] Intrusion detection rates
Ian Lewis
ian.lewis at dlf.org.uk
Fri May 27 09:50:19 UTC 2005
> On Fri, May 27, 2005 at 09:01:50AM +0100, Chris Bell wrote:
> > Hello,
> > I have just installed an IPCop box on a BT-connect ADSL
> line which is
> > reporting far more intrusion attempts than I see on my
> Demon ADSL connection
> > (same speed). Is this pure chance? As far as I know BT do
> not filter, while
> > Demom use Brightmail spam filtering but not anti-virus.
>
> Intrusion attempts and viral emails (or spam emails) are seperate.
I don't use Ipcop but have got Portsentry installed on the gateway
(spam/virus filtering) mailserver. For interest, one days worth of scans is
listed below. The hosts.deny file is quite big now...
We are on Easynet and generally speaking an awful lot of bad traffic does
come off the BT network.
The only time I worry is if Portsentry denies access to a wanted connection.
But moving the IP from hosts.deny to hosts.allow sorts it.
Ian
>
> IPcop will be reporting trojaned/cracked/hacked/etc boxes
> scanning your
> IP address(es) for vulnerabilities to exploit. I guess the BT address
> ranges are just more popular than the Demon ones (either that or demon
> does packet filtering of some sort...)
>
> --
> Russell Howe | Why be just another cog in the machine,
--------------------- PortSentry Begin ------------------------
Warning: Portscans detected
SYN/Normal from:
12-207-74-93.client.mchsi.com (12.207.74.93): ports: 445
120-249-30-217.kgts.ru (217.30.249.120): ports: 445
137.red-217-126-119.pooles.rima-tde.net (217.126.119.137): ports: 135
15-199-126-200.fibertel.com.ar (200.126.199.15): ports: 1433
196.28.224.166: ports: 445
197.red-62-57-72.user.auna.net (62.57.72.197): ports: 42
200-90-76-3.genericrev.cantv.net (200.90.76.3): ports: 4899
200.87.18.151: ports: 1433
203.177.178.26: ports: 445
213.132.44.222: ports: 445
217-140-141-142.wlan.finnetcom.net (217.140.141.142): ports: 445
217-140-206-56.adsl-net.finnetcom.net (217.140.206.56): ports: 135
217-15-171-125.adsl-now.co.uk (217.15.171.125): ports: 445
217-159-132-144-dsl.kvm.estpak.ee (217.159.132.144): ports: 135
217-159-184-2-dsl.est.estpak.ee (217.159.184.2): ports: 445
217-162-116-248.dclient.hispeed.ch (217.162.116.248): ports: 1433
217-162-221-66.dclient.hispeed.ch (217.162.221.66): ports: 445
217-173-226-197.cable.powersurf.li (217.173.226.197): ports: 445
217-19-22-173.dsl.cambrium.nl (217.19.22.173): ports: 445
217.100.76.146.ip.onderwijs.casematelecom.nl (217.100.76.146): ports:
135
217.100.76.240.ip.onderwijs.casematelecom.nl (217.100.76.240): ports:
135
217.113.66.41: ports: 445
217.14.101.14: ports: 445
217.148.7.64: ports: 445
217.15.11.54: ports: 445
217.196.83.69: ports: 135
217.199.82.201.tv-net.at (217.199.82.201): ports: 135 445
217.205.180.147: ports: 135
217.218.149.178: ports: 135
217.221.68.160: ports: 445
217.23.227.194: ports: 445
217.29.241.165: ports: 445
217.64.26.71: ports: 445
217.75.242.146: ports: 1521
218.11.219.100: ports: 135
218.19.35.94: ports: 4899
220.167.31.52: ports: 445
220.178.220.59: ports: 1433
220.224.52.99: ports: 1433
220.79.198.244: ports: 4899
222.115.193.170: ports: 4899
230.red-217-126-226.pooles.rima-tde.net (217.126.226.230): ports: 445
61.177.239.126: ports: 445
61.251.187.137: ports: 4899
64-60-7-34.cust.telepacific.net (64.60.7.34): ports: 3389
66.red-217-216-73.user.auna.net (217.216.73.66): ports: 445
76.red-80-33-102.pooles.rima-tde.net (80.33.102.76): ports: 4899
85-250-66-109.bb.netvision.net.il (85.250.66.109): ports: 1433
93-211.bbned.dsl.internl.net (217.149.211.93): ports: 445
a6946.a.pppool.de (213.6.105.70): ports: 135
adsl-217-73-209-145.energit.it (217.73.209.145): ports: 445
adsl-63-200-246-11.dsl.lsan03.pacbell.net (63.200.246.11): ports: 135
arcsolutions-3.dsl.easynet.co.uk (217.206.123.83): ports: 445
brm9-d9baa094.pool.mediaWays.net (217.186.160.148): ports: 445
c-180-209-5.cvx-l.dial.de.ignite.net (62.180.209.5): ports: 445
c-66-30-243-7.hsd1.ma.comcast.net (66.30.243.7): ports: 4899
c5351.167.sinor.ru (213.228.80.167): ports: 445
client-200.106.111.226.speedy.net.pe (200.106.111.226): ports: 135
d96df313.fsp.oleane.fr (217.109.243.19): ports: 445
de24053.alshamil.net.ae (217.165.90.243): ports: 445
dhcp-064-247-076-038.sg4.ohiou.edu (64.247.76.38): ports: 4899
dsl-201-128-63-155.prod-infinitum.com.mx (201.128.63.155): ports: 135
dsl-217-199-70-170.berlikomm.net (217.199.70.170): ports: 135
dsl-re01-010.adslmega.it (217.18.211.73): ports: 445
dsl85-97-16147.ttnet.net.tr (85.97.63.19): ports: 445
edes364a-isdn-017.otenet.gr (212.205.237.17): ports: 1433
h104n1fls35o839.telia.com (217.209.216.104): ports: 135
h147n1fls35o834.telia.com (217.210.228.147): ports: 135
h153n2fls31o989.telia.com (217.208.124.153): ports: 445
h171n2fls33o883.telia.com (217.208.62.171): ports: 135
hnv9-d9bacfda.pool.mediaways.net (217.186.207.218): ports: 445
host186-189.pool8019.interbusiness.it (80.19.189.186): ports: 4899
host217-137-28-4.no-dns-yet.ntli.net (217.137.28.4): ports: 445
host217-37-17-201.in-addr.btopenworld.com (217.37.17.201): ports: 445
host217-39-46-197.in-addr.btopenworld.com (217.39.46.197): ports: 445
host217-39-7-17.in-addr.btopenworld.com (217.39.7.17): ports: 135
host217-41-51-28.in-addr.btopenworld.com (217.41.51.28): ports: 445
host217-42-228-244.range217-42.btcentralplus.com (217.42.228.244):
ports: 445
host217-44-44-37.range217-44.btcentralplus.com (217.44.44.37): ports:
445
host217-44-79-84.range217-44.btcentralplus.com (217.44.79.84): ports:
445
host37-217.pool217223.interbusiness.it (217.223.217.37): ports: 445
host54-21.pool21759.interbusiness.it (217.59.21.54): ports: 445
mail.consodata.it (212.31.247.60): ports: 445
mgd9-d9ba1554.pool.mediaWays.net (217.186.21.84): ports: 445
nt.islaweb.com (217.26.245.5): ports: 135
pD9E462B6.dip.t-dialin.net (217.228.98.182): ports: 445
pc-46-145-83-200.cm.vtr.net (200.83.145.46): ports: 1433
pd9022853.dip.t-dialin.net (217.2.40.83): ports: 445
pd902d908.dip.t-dialin.net (217.2.217.8): ports: 445
pd955bfe2.dip.t-dialin.net (217.85.191.226): ports: 445
pd9579205.dip0.t-ipconnect.de (217.87.146.5): ports: 445
pd95d4bba.dip.t-dialin.net (217.93.75.186): ports: 445
pd95d909e.dip.t-dialin.net (217.93.144.158): ports: 445
pd95d9c28.dip.t-dialin.net (217.93.156.40): ports: 445
pd95e389b.dip.t-dialin.net (217.94.56.155): ports: 445
pd95eaa9b.dip.t-dialin.net (217.94.170.155): ports: 445
pd95eadfc.dip.t-dialin.net (217.94.173.252): ports: 445
pd95f063e.dip.t-dialin.net (217.95.6.62): ports: 445
pd9e0b98e.dip.t-dialin.net (217.224.185.142): ports: 445
pd9e46d10.dip.t-dialin.net (217.228.109.16): ports: 445
pd9e4a7db.dip.t-dialin.net (217.228.167.219): ports: 445
pd9e57bf4.dip.t-dialin.net (217.229.123.244): ports: 445
pd9e635be.dip.t-dialin.net (217.230.53.190): ports: 445
pd9e77b5d.dip.t-dialin.net (217.231.123.93): ports: 445
pd9e93aa6.dip.t-dialin.net (217.233.58.166): ports: 445
pd9ed1dbe.dip0.t-ipconnect.de (217.237.29.190): ports: 135
pd9eea110.dip.t-dialin.net (217.238.161.16): ports: 445
pd9eebb8a.dip.t-dialin.net (217.238.187.138): ports: 445
pd9f7723d.dip.t-dialin.net (217.247.114.61): ports: 445
pd9f82f0a.dip.t-dialin.net (217.248.47.10): ports: 445
pd9f9482a.dip.t-dialin.net (217.249.72.42): ports: 445
pd9f99537.dip0.t-ipconnect.de (217.249.149.55): ports: 445
pd9faba80.dip.t-dialin.net (217.250.186.128): ports: 445
pd9fd5a75.dip.t-dialin.net (217.253.90.117): ports: 445
ppp-217-133-29-209.cust-adsl.tiscali.it (217.133.29.209): ports: 445
spb-195-218-238-14.sovintel.spb.ru (195.218.238.14): ports: 445
undefined.capcave.net (217.198.201.244): ports: 135
user-11fa4fm.dsl.mindspring.com (66.245.17.246): ports: 445
zl016114.ppp.dion.ne.jp (222.7.16.114): ports: 445
zo118126.ppp.dion.ne.jp (222.11.118.126): ports: 445
UDP from:
218.83.158.204: ports: 1026
220.189.252.222: ports: 1026-1027
221.10.254.193: ports: 1026-1027
222.77.185.244: ports: 1026-1027
222.88.173.5: ports: 1026
61.134.49.34: ports: 1026-1027
61.172.249.201: ports: 1026-1027
Warning: Blocked route from/to 66.red-217-216-73.user.auna.net
(217.216.73.66) 2 times(s).
Warning: Blocked route from/to mail.consodata.it (212.31.247.60) 2 times(s).
Warning: Blocked route from/to 12-207-74-93.client.mchsi.com (12.207.74.93) 2
times(s).
Warning: Blocked route from/to pd95eaa9b.dip.t-dialin.net (217.94.170.155) 2
times(s).
Warning: Blocked route from/to 64-60-7-34.cust.telepacific.net (64.60.7.34) 2
times(s).
Warning: Blocked route from/to 217-162-221-66.dclient.hispeed.ch
(217.162.221.66) 2 times(s).
Warning: Blocked route from/to 218.19.35.94 2 times(s).
Warning: Blocked route from/to pd9f9482a.dip.t-dialin.net (217.249.72.42) 2
times(s).
Warning: Blocked route from/to ppp-217-133-29-209.cust-adsl.tiscali.it
(217.133.29.209) 2 times(s).
Warning: Blocked route from/to pc-46-145-83-200.cm.vtr.net (200.83.145.46) 2
times(s).
Warning: Blocked route from/to 220.178.220.59 2 times(s).
Warning: Blocked route from/to pd9e77b5d.dip.t-dialin.net (217.231.123.93) 2
times(s).
Warning: Blocked route from/to
host217-42-228-244.range217-42.btcentralplus.com (217.42.228.244) 2 times(s).
Warning: Blocked route from/to pd95f063e.dip.t-dialin.net (217.95.6.62) 2
times(s).
Warning: Blocked route from/to 217.221.68.160 2 times(s).
Warning: Blocked route from/to hnv9-d9bacfda.pool.mediaways.net
(217.186.207.218) 2 times(s).
Warning: Blocked route from/to host217-137-28-4.no-dns-yet.ntli.net
(217.137.28.4) 2 times(s).
Warning: Blocked route from/to pd95d909e.dip.t-dialin.net (217.93.144.158) 2
times(s).
Warning: Blocked route from/to 220.224.52.99 2 times(s).
Warning: Blocked route from/to pd9fd5a75.dip.t-dialin.net (217.253.90.117) 2
times(s).
Warning: Blocked route from/to 217.100.76.146.ip.onderwijs.casematelecom.nl
(217.100.76.146) 4 times(s).
Warning: Blocked route from/to host54-21.pool21759.interbusiness.it
(217.59.21.54) 2 times(s).
Warning: Blocked route from/to 137.red-217-126-119.pooles.rima-tde.net
(217.126.119.137) 2 times(s).
Warning: Blocked route from/to 217.218.149.178 2 times(s).
Warning: Blocked route from/to pd9579205.dip0.t-ipconnect.de (217.87.146.5) 2
times(s).
Warning: Blocked route from/to 220.79.198.244 2 times(s).
Warning: Blocked route from/to 120-249-30-217.kgts.ru (217.30.249.120) 2
times(s).
Warning: Blocked route from/to brm9-d9baa094.pool.mediaWays.net
(217.186.160.148) 2 times(s).
Warning: Blocked route from/to 217-162-116-248.dclient.hispeed.ch
(217.162.116.248) 2 times(s).
Warning: Blocked route from/to de24053.alshamil.net.ae (217.165.90.243) 2
times(s).
Warning: Blocked route from/to 217-159-132-144-dsl.kvm.estpak.ee
(217.159.132.144) 2 times(s).
Warning: Blocked route from/to pd9e0b98e.dip.t-dialin.net (217.224.185.142) 2
times(s).
Warning: Blocked route from/to pd902d908.dip.t-dialin.net (217.2.217.8) 2
times(s).
Warning: Blocked route from/to 217-159-184-2-dsl.est.estpak.ee
(217.159.184.2) 2 times(s).
Warning: Blocked route from/to dsl85-97-16147.ttnet.net.tr (85.97.63.19) 2
times(s).
Warning: Blocked route from/to pd9022853.dip.t-dialin.net (217.2.40.83) 2
times(s).
Warning: Blocked route from/to spb-195-218-238-14.sovintel.spb.ru
(195.218.238.14) 2 times(s).
Warning: Blocked route from/to 222.115.193.170 2 times(s).
Warning: Blocked route from/to pd9e57bf4.dip.t-dialin.net (217.229.123.244) 2
times(s).
Warning: Blocked route from/to 217.29.241.165 2 times(s).
Warning: Blocked route from/to pd9f7723d.dip.t-dialin.net (217.247.114.61) 2
times(s).
Warning: Blocked route from/to nt.islaweb.com (217.26.245.5) 2 times(s).
Warning: Blocked route from/to host217-39-46-197.in-addr.btopenworld.com
(217.39.46.197) 2 times(s).
Warning: Blocked route from/to client-200.106.111.226.speedy.net.pe
(200.106.111.226) 2 times(s).
Warning: Blocked route from/to h153n2fls31o989.telia.com (217.208.124.153) 2
times(s).
Warning: Blocked route from/to pd9f82f0a.dip.t-dialin.net (217.248.47.10) 2
times(s).
Warning: Blocked route from/to 196.28.224.166 2 times(s).
Warning: Blocked route from/to 200-90-76-3.genericrev.cantv.net (200.90.76.3)
2 times(s).
Warning: Blocked route from/to 217.100.76.240.ip.onderwijs.casematelecom.nl
(217.100.76.240) 4 times(s).
Warning: Blocked route from/to pd955bfe2.dip.t-dialin.net (217.85.191.226) 2
times(s).
Warning: Blocked route from/to 217.64.26.71 2 times(s).
Warning: Blocked route from/to 218.11.219.100 2 times(s).
Warning: Blocked route from/to c-66-30-243-7.hsd1.ma.comcast.net
(66.30.243.7) 2 times(s).
Warning: Blocked route from/to pd9eebb8a.dip.t-dialin.net (217.238.187.138) 2
times(s).
Warning: Blocked route from/to 85-250-66-109.bb.netvision.net.il
(85.250.66.109) 2 times(s).
Warning: Blocked route from/to dsl-217-199-70-170.berlikomm.net
(217.199.70.170) 2 times(s).
Warning: Blocked route from/to adsl-63-200-246-11.dsl.lsan03.pacbell.net
(63.200.246.11) 2 times(s).
Warning: Blocked route from/to c-180-209-5.cvx-l.dial.de.ignite.net
(62.180.209.5) 2 times(s).
Warning: Blocked route from/to 217.14.101.14 2 times(s).
Warning: Blocked route from/to pd95d4bba.dip.t-dialin.net (217.93.75.186) 2
times(s).
Warning: Blocked route from/to h171n2fls33o883.telia.com (217.208.62.171) 2
times(s).
Warning: Blocked route from/to pd9eea110.dip.t-dialin.net (217.238.161.16) 2
times(s).
Warning: Blocked route from/to 76.red-80-33-102.pooles.rima-tde.net
(80.33.102.76) 2 times(s).
Warning: Blocked route from/to 217-15-171-125.adsl-now.co.uk (217.15.171.125)
2 times(s).
Warning: Blocked route from/to 197.red-62-57-72.user.auna.net (62.57.72.197)
2 times(s).
Warning: Blocked route from/to user-11fa4fm.dsl.mindspring.com
(66.245.17.246) 2 times(s).
Warning: Blocked route from/to zo118126.ppp.dion.ne.jp (222.11.118.126) 2
times(s).
Warning: Blocked route from/to pd9e4a7db.dip.t-dialin.net (217.228.167.219) 2
times(s).
Warning: Blocked route from/to host217-44-44-37.range217-44.btcentralplus.com
(217.44.44.37) 2 times(s).
Warning: Blocked route from/to a6946.a.pppool.de (213.6.105.70) 2 times(s).
Warning: Blocked route from/to dsl-re01-010.adslmega.it (217.18.211.73) 2
times(s).
Warning: Blocked route from/to zl016114.ppp.dion.ne.jp (222.7.16.114) 2
times(s).
Warning: Blocked route from/to 217.148.7.64 2 times(s).
Warning: Blocked route from/to 217-173-226-197.cable.powersurf.li
(217.173.226.197) 2 times(s).
Warning: Blocked route from/to 217.205.180.147 2 times(s).
Warning: Blocked route from/to pd9f99537.dip0.t-ipconnect.de (217.249.149.55)
2 times(s).
Warning: Blocked route from/to 213.132.44.222 2 times(s).
Warning: Blocked route from/to 217.75.242.146 2 times(s).
Warning: Blocked route from/to pd95eadfc.dip.t-dialin.net (217.94.173.252) 2
times(s).
Warning: Blocked route from/to mgd9-d9ba1554.pool.mediaWays.net
(217.186.21.84) 2 times(s).
Warning: Blocked route from/to 217-140-141-142.wlan.finnetcom.net
(217.140.141.142) 2 times(s).
Warning: Blocked route from/to pd9e46d10.dip.t-dialin.net (217.228.109.16) 2
times(s).
Warning: Blocked route from/to h147n1fls35o834.telia.com (217.210.228.147) 2
times(s).
Warning: Blocked route from/to 61.177.239.126 2 times(s).
Warning: Blocked route from/to host186-189.pool8019.interbusiness.it
(80.19.189.186) 2 times(s).
Warning: Blocked route from/to host217-39-7-17.in-addr.btopenworld.com
(217.39.7.17) 2 times(s).
Warning: Blocked route from/to d96df313.fsp.oleane.fr (217.109.243.19) 2
times(s).
Warning: Blocked route from/to host217-44-79-84.range217-44.btcentralplus.com
(217.44.79.84) 2 times(s).
Warning: Blocked route from/to pd9e635be.dip.t-dialin.net (217.230.53.190) 2
times(s).
Warning: Blocked route from/to c5351.167.sinor.ru (213.228.80.167) 2
times(s).
Warning: Blocked route from/to dsl-201-128-63-155.prod-infinitum.com.mx
(201.128.63.155) 2 times(s).
Warning: Blocked route from/to host37-217.pool217223.interbusiness.it
(217.223.217.37) 2 times(s).
Warning: Blocked route from/to 217.15.11.54 2 times(s).
Warning: Blocked route from/to pd9e93aa6.dip.t-dialin.net (217.233.58.166) 2
times(s).
Warning: Blocked route from/to pd95d9c28.dip.t-dialin.net (217.93.156.40) 2
times(s).
Warning: Blocked route from/to 200.87.18.151 2 times(s).
Warning: Blocked route from/to edes364a-isdn-017.otenet.gr (212.205.237.17) 2
times(s).
Warning: Blocked route from/to 203.177.178.26 2 times(s).
Warning: Blocked route from/to pd9faba80.dip.t-dialin.net (217.250.186.128) 2
times(s).
Warning: Blocked route from/to pd95e389b.dip.t-dialin.net (217.94.56.155) 2
times(s).
Warning: Blocked route from/to 217.199.82.201.tv-net.at (217.199.82.201) 6
times(s).
Warning: Blocked route from/to pd9ed1dbe.dip0.t-ipconnect.de (217.237.29.190)
2 times(s).
Warning: Blocked route from/to 220.167.31.52 2 times(s).
Warning: Blocked route from/to dhcp-064-247-076-038.sg4.ohiou.edu
(64.247.76.38) 2 times(s).
Warning: Blocked route from/to adsl-217-73-209-145.energit.it
(217.73.209.145) 2 times(s).
---------------------- PortSentry End -------------------------
--
Disabled Living Foundation - Solutions for Independent Living
http://www.dlf.org.uk
This email has been scanned for viruses.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 266.11.17 - Release Date: 25/05/2005
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list