linux-l: PortScan

Sa Dez 4 22:23:59 CET 1999

Zu unser aller Belustigung..

Die Portscans vom root at 62.158.186.96 sind, auf einem 2ten Rechner und
anderer Telefonleitung von mir selbst durchgeführte Portscans.
Offensichtlich gab es einen Trittbrettfahrer der schnell mal mitlauschen
wollte, ob da was zu holen ist. Die unten genannten Dienste sind alle
offen!
Vieleicht passen die bei T-online ja auf!

Dec  4 21:07:34 mypc scanlogd: From 62.158.186.96 to 62.158.189.8 ports
665, 198, 505, 951, 200, 652, 298, 772, 70, ..., flags fSrpau, TOS 00,
TTL 64, started at 21:07:34
Dec  4 21:07:35 mypc in.telnetd[8846]: refused connect from
root at 62.158.186.96
Dec  4 21:07:36 mypc popper[8847]: refused connect from
root at 62.158.186.96
Dec  4 21:07:39 mypc in.fingerd[8852]: refused connect from
root at 62.158.186.96
Dec  4 21:07:42 mypc in.rshd[8856]: refused connect from
root at 62.158.186.96
Dec  4 21:07:42 mypc wu.ftpd[8857]: refused connect from
root at 62.158.186.96
Dec  4 21:07:42 mypc sshd[8858]: refused connect from root at 62.158.186.96
Dec  4 21:07:42 mypc in.rlogind[8859]: refused connect from
root at 62.158.186.96
Dec  4 21:08:21 mypc in.telnetd[8860]: refused connect from
root at 62.158.186.96
Dec  4 21:08:35 mypc sshd[8861]: refused connect from root at 62.158.186.96

hier wird´ s Interessant.. !
Dec  4 21:11:17 mypc scanlogd: From 212.184.141.98 to 62.158.189.8 ports
392, 359, 979, 664, 75, 925, 165, 731, 582, ..., flags fSrpau, TOS 00,
TTL 64, started at 21:11:17
Dec  4 21:11:19 mypc in.rshd[8863]: refused connect from
root at 212.184.141.98
Dec  4 21:11:19 mypc in.telnetd[8864]: refused connect from
root at 212.184.141.98
Dec  4 21:11:20 mypc in.rlogind[8865]: refused connect from
root at 212.184.141.98
Dec  4 21:11:20 mypc sshd[8867]: refused connect from
root at 212.184.141.98
Dec  4 21:11:22 mypc in.fingerd[8871]: refused connect from
root at 212.184.141.98
Dec  4 21:11:25 mypc popper[8875]: refused connect from
root at 212.184.141.98
Dec  4 21:11:26 mypc wu.ftpd[8877]: refused connect from
root at 212.184.141.98
Dec  4 21:12:53 mypc in.rshd[8878]: refused connect from
root at 212.184.141.98
Dec  4 21:13:05 mypc in.rlogind[8879]: refused connect from
root at 212.184.141.98

Dec  4 21:24:18 mypc scanlogd: From 212.184.141.98 to 62.158.189.8 ports
423, 661, 98, 266, 223, 73, 689, 322, 640, ..., flags fSrpau, TOS 00,
TTL 64, started at 21:24:18
Dec  4 21:24:20 mypc in.fingerd[8955]: refused connect from
root at 212.184.141.98
Dec  4 21:24:22 mypc in.rlogind[8960]: refused connect from
root at 212.184.141.98
Dec  4 21:24:22 mypc popper[8962]: refused connect from
root at 212.184.141.98
Dec  4 21:24:23 mypc in.rshd[8961]: refused connect from
root at 212.184.141.98
Dec  4 21:24:23 mypc in.telnetd[8963]: refused connect from
root at 212.184.141.98
Dec  4 21:24:25 mypc sshd[8966]: refused connect from
root at 212.184.141.98
Dec  4 21:24:26 mypc wu.ftpd[8968]: refused connect from
root at 212.184.141.98

Sowas kann stark ins Auge gehen!
Ein nslookup führte zu einem anderen T-online Rechner
pcDblahblah.dip.t-online-de