
- Code: Select all
=-=-=-=-=-=-=-=-=-=-=-= Mon May 30 01:10:51 2011 =-=-=-=-=-=-=-=-=-=-=-=
Danger level: [5] (out of 5)
Scanned TCP ports: [4001-6999: 2981 packets]
TCP flags: [SYN: 2981 packets, Nmap: -sT or -sS]
iptables chain: INPUT, 2981 packets
Source: 111.221.109.251
DNS: [No reverse dns info available]
Destination: 209.159.146.108
DNS: q3.vogon.vg
Overall scan start: Mon May 30 01:10:43 2011
Total email alerts: 0
Complete TCP range: [4001-6999]
Syslog hostname: ares
Global stats: chain: interface: TCP: UDP: ICMP:
INPUT eth0 2981 0 0
[+] TCP scan signatures:
"BACKDOOR GateCrasher Connection attempt"
dst port: 6969 (no server bound to local port)
flags: SYN
sid: 147
chain: INPUT
packets: 1
classtype: misc-activity
"BACKDOOR BackConstruction 2.1 connection attempt"
dst port: 5402 (no server bound to local port)
flags: SYN
sid: 152
chain: INPUT
packets: 2
classtype: misc-activity
"BACKDOOR NetMetro File List connection attempt"
dst port: 5032 (no server bound to local port)
flags: SYN
sid: 159
chain: INPUT
packets: 1
classtype: misc-activity
"MISC Radmin Default install options attempt"
dst port: 4899 (no server bound to local port)
flags: SYN
psad_id: 100204
chain: INPUT
packets: 1
classtype: attempted-admin
"BACKDOOR Doly 2.0 Connection attempt"
dst port: 6789 (no server bound to local port)
flags: SYN
sid: 119
chain: INPUT
packets: 1
classtype: misc-activity
"BACKDOOR WinCrash 1.0 communication attempt"
dst port: 5714 (no server bound to local port)
flags: SYN
sid: 163
chain: INPUT
packets: 1
classtype: misc-activity
"P2P eDonkey transfer attempt"
dst port: 4242 (no server bound to local port)
flags: SYN
sid: 2586
chain: INPUT
packets: 1
classtype: policy-violation
"MISC VNC communication attempt"
dst port: 5900 (no server bound to local port)
flags: SYN
psad_id: 100202
chain: INPUT
packets: 1
classtype: attempted-admin
"P2P eDonkey communication attempt"
dst port: 4711 (no server bound to local port)
flags: SYN
sid: 2587
chain: INPUT
packets: 1
classtype: policy-violation
"POLICY vncviewer Java applet communication attempt"
dst port: 5800 (no server bound to local port)
flags: SYN
sid: 1846
chain: INPUT
packets: 3
classtype: misc-activity
"MISC PCAnywhere communication attempt"
dst port: 5632 (no server bound to local port)
flags: SYN
psad_id: 100073 (derived from: 507 512)
chain: INPUT
packets: 2
classtype: attempted-admin
"DOS DB2 dos communication attempt"
dst port: 6789 (no server bound to local port)
flags: SYN
sid: 1641
chain: INPUT
packets: 2
classtype: denial-of-service
"DOS iParty DOS attempt"
dst port: 6004 (no server bound to local port)
flags: SYN
sid: 1605
chain: INPUT
packets: 1
classtype: misc-attack
[+] Whois Information (source IP):
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 111.221.64.0 - 111.221.127.255
netname: Microsoft
descr: Microsoft
descr: Microsoft Corp, Singapore
country: SG
admin-c: MP234-AP
tech-c: SC1001-AP
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: [email protected] 20090714
mnt-by: APNIC-HM
mnt-lower: MAINT-AP-MICROSOFT
source: APNIC
person: MSFT POC
nic-hdl: MP234-AP
e-mail: [email protected]
address: One Microsft Way
address: Redmond, WA 98052
address: US
phone: +1-425-882-8080
country: US
changed: [email protected] 20030603
mnt-by: MAINT-AP-MICROSOFT
source: APNIC
person: Sean Carlin
nic-hdl: SC1001-AP
e-mail: [email protected]
address: One Microsoft Way
address: Redmond, WA 98052
address: USA
phone: +1-425-705-5165
fax-no: +1-425-936-7329
country: US
changed: [email protected] 20030603
mnt-by: MAINT-AP-MICROSOFT
source: APNIC
=-=-=-=-=-=-=-=-=-=-=-= Mon May 30 01:10:51 2011 =-=-=-=-=-=-=-=-=-=-=-=
Danger level: [5] (out of 5)
Scanned TCP ports: [4001-6999: 2981 packets]
Source: 111.221.109.251
DNS: [No reverse dns info available]
Destination: 209.159.146.108
DNS: q3.vogon.vg
Overall scan start: Mon May 30 01:10:43 2011
inetnum: 111.221.64.0 - 111.221.127.255
netname: Microsoft
descr: Microsoft
descr: Microsoft Corp, Singapore
country: SG
q3.vogon.vg 1 : Microsoft 0
