Cyber Security BLOG: 2007

Thursday, November 1, 2007

Cyber Center Report - November 1, 2007

BLSS Cyber Center Report - 1 Nov 2007
-------------------------------------
www.blacklabsecurity.com

China and Korea are still probing/attacking on all previously reported IPs and Ports with the same tenacity. There has been no decrease in the frequency of probes/attacks from China or Korea. However, within the last 24 hour period, we have detected the least number of new computers now broadcasting over the Internet. Over the past 24 hours, only (approx) 22 new computers have begun to broadcast over the Internet. It appears that disabling port 7212 does have a significant impact on China/Korea's ability to successfully penetrate a computer.

Port 1024; U.S. (new site). Port 1026; Korea (new site), U.S. No IANA Probe last night. This is the first time in several days that the U.S. IANA has NOT probed the Internet on port 1026. However, we did detect an Internet-wide probe of the "Latin American and Caribbean IP address Regional Registry", which is the equivalent of the U.S. IANA. We also detected a probe from the "Broadcasting Center Europe S.A." that is located in Luxembourg. This may be the Luxembourg equivalent to the U.S. IANA. We detected one U.S. DoD computer probing on port 1026. We detected two computers with no recorded (unknown) IP addresses probing on port 1026 (most likely some government agency computers). We detected a computer from J.P.
Morgan probing on port 1026. Other countries probing on port 1026; U.K. (Peat Marwick computer), France (new site), Brazil (new site). Port 22; China (new site). Port 1433; U.S. (2 new site), China (2 new sites). Port 1434; Croatia (new site). Port 2967; U.S. (new site). Port 5900; China (new sites), Chile (new site), Spain (new site), France (new site). Honey Pot Activity; None. No one surfed or attacked the Honey Pot.

The following is a list of new IPs detected and their associated ports;

----Port 1024 -------------
IP Address : 64.157.15.117 [ yui.desync.com ]
ISP : Level 3 Communications
Organization : CandidHosting
Location : US, United States
City : Tampa, FL 33602
Latitude : 27°95'78" North
Longitude : 82°46'22" West

----Port 1026 -------------
IP Address : 211.199.169.161 [ 211.199.169.161 ]
ISP : KRNIC
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

IP Address : 146.220.130.21 [ dummy.clt-ufa.net ]
ISP : Broadcasting Center Europe S.A.
Organization : Broadcasting Center Europe S.A.
Location : LU, Luxembourg
City : -, - -
Latitude : 49°75'00" North
Longitude : 6°16'67" East

OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Rambla Republica de Mexico 6125
City: Montevideo
StateProv:
PostalCode: 11400
Country: UY

IP Address : 22.189.227.141 [ 22.189.227.141 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : DoD Network Information Center
OrgID: : DNIC
Address: : 3990 E. Broad Street
City: : Columbus
StateProv: : OH
PostalCode: : 43218
Country: : US

IP Address : 158.176.170.220 [ 158.176.170.220 ]
ISP : KPMG Peat Marwick
Organization : KPMG Peat Marwick
Location : GB, United Kingdom
City : Wales, C9 -
Latitude : 53°33'33" North
Longitude : 1°28'33" West

IP Address : 192.230.95.221 [ 192.230.95.221 ]
ISP : No Record (Unknown)

IP Address : 90.44.151.20 [ AOrleans-158-1-20-20.w90-44.abo.wanadoo.fr ]
ISP : France Telecom
Organization : France Telecom
Location : FR, France
City : Paris, A8 -
Latitude : 48°86'67" North
Longitude : 2°33'33" East

IP Address : 169.100.95.158 [ 169.100.95.158 ]
ISP : J.P. Morgan & Co.
Organization : JP Morgan Chase & Co
Location : US, United States
City : New York, NY 10271
Latitude : 40°70'87" North
Longitude : 74°01'04" West

IP Address : 192.186.30.157 [ 192.186.30.157 ]
ISP : No Record (Unknown)

IP Address : 200.245.134.68 [ 200.245.134.68 ]
ISP : EMBRATEL-EMPRESA BRASILEIRA DE TELECOMUNICAÇÕES SA
Organization : LABORATORIO SARDALINA LTDA.
Location : BR, Brazil
City : Diadema, 27 -
Latitude : 23°70'00" South
Longitude : 46°61'67" West

----Port 22 -----------------
IP Address : 59.42.254.53 [ 59.42.254.53 ]
ISP : CHINANET Guangdong province network
Organization : ChinaNet Guangdong Province Network
Location : CN, China
City : Guangzhou, 30 -
Latitude : 23°11'67" North
Longitude : 113°25'00" East

----Port 1433 ---------------
IP Address : 69.238.4.7 [ 69-238-4-7.absolutetechnologies.com ]
ISP : SBC Internet Services
Organization : Absolute Technologies
Location : US, United States
City : Yorba Linda, CA 92887
Latitude : 33°88'79" North
Longitude : 117°72'86" West

IP Address : 61.191.224.19 [ 61.191.224.19 ]
ISP : Data Communication Division
Organization : CHINANET Anhui province network
Location : CN, China
City : Hefei, 01 -
Latitude : 31°86'39" North
Longitude : 117°28'08" East

IP Address : 69.179.108.90 [ 69-179-108-90.dyn.centurytel.net ]
ISP : CenturyTel Internet Holdings
Organization : CenturyTel Internet Holdings
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 125.76.215.14 [ 125.76.215.14 ]
ISP : CHINANET Shanxi(SN) province network
Organization : CHINANET Shanxi(SN) province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

----Port 1434 ---------------
IP Address : 161.53.169.2 [ merkur.fesb.hr ]
ISP : Croatian Academic and Research Network (CARNet)
Organization : Croatian Academic and Research Network (CARNet)
Location : HR, Croatia
City : Zagreb, 21 -
Latitude : 45°80'00" North
Longitude : 16°00'00" East

----Port 2967 ----------------
IP Address : 69.122.209.109 [ ool-457ad16d.dyn.optonline.net ]
ISP : Optimum Online (Cablevision Systems)
Organization : Optimum Online (Cablevision Systems)
Location : US, United States
City : Westbury, NY -
Latitude : 40°75'70" North
Longitude : 73°58'14" West

----Port 5900 ----------------
IP Address : 124.224.131.247 [ 124.224.131.247 ]
ISP : CHINANET ningxia province network
Organization : CHINANET ningxia province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

IP Address : 190.160.48.168 [ 190.160.48.168 ]
ISP : -
Organization : VTR Banda Ancha S.A.
Location : CL, Chile
City : Santiago, 12 -
Latitude : 33°45'00" South
Longitude : 70°66'67" West

IP Address : 88.2.137.74 [ 74.Red-88-2-137.staticIP.rima-tde.net ]
ISP : Telefonica de Espana
Organization : Telefonica de Espana
Location : ES, Spain
City : Palma, 07 -
Latitude : 39°56'67" North
Longitude : 2°65'00" East

IP Address : 86.210.6.38 [ ANantes-256-1-87-38.w86-210.abo.wanadoo.fr ]
ISP : France Telecom
Organization : France Telecom
Location : FR, France
City : Nantes, B5 -
Latitude : 47°21'67" North
Longitude : 1°55'00" West

Wednesday, October 31, 2007

Cyber Center Report - October 31, 2007

BLSS Cyber Center Report - 31 October 2007
------------------------------------------
www.blacklabsecurity.com

The BLSS Cyber Center has detected new activity on port 53, one IP from Korea and IP from China. China and Korea still continue probing/attacking on all previously reported ports within an increased tenacity. Disabling port 7212 seems to prevent probes/attacks in successfully activating the Microsoft Service Pack Update (Software Updates) and Help Center Service system. The BLSS Cyber Center, however, will continue to monitor such probes/attacks to detect a possible "work-around" from China, Korea, etc.

Port 53; Korea (new site), China (new site). Port 1024; Russia (new site).
Port 1026; China (3 new sites), U.S. the IANA probed 5 times last night, Apple Computers, Hewlett-Packard, XO Communications, Japan (2 new site), Australia (new site), Korea (new site), Canada (new site). Port 1027; Canada (new site). Port 1028; Canada (new site). Port 21; China (new site). Port 22; U.S. (new site). Port 1433; Romania (new site), China (2 new sites), U.S. (new site). Port 1434; China (new site). Port 3128; Korea (new site).
Port 4899; Argentina (new site). Port 5900; China (new site), Korea (new site), Netherlands (new site), U.S. (2 new sites), Canada (2 new sites).
Honey Pot Activity; U.S. (new site). Port 80 surf only.

----Port 53 (new) ---------------
IP Address : 220.88.20.5 [ 220.88.20.5 ]
ISP : Korea Telecom
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

IP Address : 221.136.24.36 [ 221.136.24.36 ]
ISP : NBIP CNC(Ningbo)info-Port co.,Ltd
Organization : NBIP TongLian(Ningbo)info-Port co.,Ltd
Location : CN, China
City : Ningbo, 02 -
Latitude : 29°87'50" North
Longitude : 121°54'19" East

----Port 1024 -------------------
IP Address : 81.29.241.22 [ 81.29.241.22 ]
ISP : LLC GlobalWholesaleTrade
Organization : LLC GlobalWholesaleTrade
Location : RU, Russian Federation
City : Moscow, 48 -
Latitude : 55°75'22" North
Longitude : 37°61'56" East

----Port 1026 -------------------
IP Address : 221.209.110.50 [ 221.209.110.50 ]
ISP : CNCGROUP Heilongjiang province network
Organization : Mudanjiang Internet Division
Location : CN, China
City : Mudanjiang, 08 -
Latitude : 44°58'33" North
Longitude : 129°60'00" East

IP Address : 221.208.208.100 [ 221.208.208.100 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 221.208.208.92 [ 221.208.208.92 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 106.26.68.11 [ 106.26.68.11 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 183.80.106.179 [ 183.80.106.179 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 126.122.46.85 [ softbank126122046085.bbtec.net ]
ISP : searched the APNIC whois database for an address t
Organization : Softbank BB Corp
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East

IP Address : 119.70.217.23 [ 119.70.217.23 ]
OrgName: : Asia Pacific Network Information Centre
OrgID: : APNIC
Address: : PO Box 2131
City: : Milton
StateProv: : QLD
PostalCode: : 4064
Country: : AU

IP Address : 60.45.233.13 [ p1013-ipbf10sinnagasak.nagasaki.ocn.ne.jp ]
ISP : NTT Communications Corporation
Organization : Open Computer Network
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East

IP Address : 184.180.230.100 [ 184.180.230.100 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 17.29.248.133 [ 17.29.248.133 ]
ISP : APPLE COMPUTER
Organization : APPLE COMPUTER
Location : US, United States
City : Cupertino, CA 95014
Latitude : 37°30'42" North
Longitude : 122°09'46" West

IP Address : 185.17.11.96 [ 185.17.11.96 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 16.10.71.38 [ 16.10.71.38 ]
ISP : HEWLETT-PACKARD COMPANY
Organization : Hewlett-Packard Company
Location : US, United States
City : Palo Alto, CA 94304
Latitude : 37°37'62" North
Longitude : 122°18'26" West

IP Address : 24.64.58.9 [ 24.64.58.9 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

IP Address : 110.180.202.35 [ 110.180.202.35 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 124.198.13.163 [ 124.198.13.163 ]
ISP : HAIonNet
Organization : campusmedia
Location : KR, Korea, Republic of
City : Seoul, 11 -
Latitude : 37°56'64" North
Longitude : 126°99'97" East

IP Address : 67.91.4.156 [ ip67-91-4-156.z4-91-67.customer.algx.net ]
ISP : XO Communications
Organization : XO Communications
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

----Port 1027 -------------
IP Address : 24.64.58.9 [ 24.64.58.9 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

----Port 1028 --------------
IP Address : 24.64.58.9 [ 24.64.58.9 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

----Port 21 ---------------
IP Address : 202.202.170.171 [ 202.202.170.171 ]
ISP : China Education and Research Network
Organization : Chongqing Three Geoges College
Location : CN, China
City : Chongqing, 33 -
Latitude : 29°56'28" North
Longitude : 106°55'28" East

----Port 22 ----------------
IP Address : 66.121.60.18 [ adsl-66-121-60-18.dsl.lsan03.pacbell.net ]
ISP : SBC Internet Services
Organization : SBC Internet Services
Location : US, United States
City : Inglewood, CA -
Latitude : 33°95'20" North
Longitude : 118°34'77" West

----Port 1433 ---------------
IP Address : 195.182.220.122 [ 195.182.220.122 ]
ISP : SC. CONDIV IMPEX SRL.
Organization : SC. CONDIV IMPEX SRL.
Location : RO, Romania
City : -, - -
Latitude : 46°00'00" North
Longitude : 25°00'00" East

IP Address : 60.218.104.190 [ 60.218.104.190 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 71.162.124.178 [
static-71-162-124-178.bstnma.fios.verizon.net ]
ISP : Verizon Internet Services
Organization : DAVID DOHERTY
Location : US, United States
City : Winchester, MA 01890
Latitude : 42°45'47" North
Longitude : 71°15'02" West

----Port 1434 ---------------
IP Address : 58.242.184.222 [ 58.242.184.222 ]
ISP : CNC Group AnHui province network
Organization : CNC Group AnHui province network
Location : CN, China
City : Hefei, 01 -
Latitude : 31°86'39" North
Longitude : 117°28'08" East

----Port 3128 ---------------
IP Address : 61.85.202.38 [ 61.85.202.38 ]
ISP : Korea Telecom
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

----Port 4899 ----------------
IP Address : 201.234.99.242 [ 201.234.99.242 ]
ISP : -
Organization : IMPSAT FIBER NETWORKS INC
Location : AR, Argentina
City : Buenos Aires, 07 -
Latitude : 34°58'75" South
Longitude : 58°67'25" West

----Port 5900 --------------------
IP Address : 202.96.155.134 [ 202.96.155.134 ]
ISP : CHINANET Guangdong province network
Organization : ChinaNet Guangdong Province Network
Location : CN, China
City : Guangzhou, 30 -
Latitude : 23°11'67" North
Longitude : 113°25'00" East

IP Address : 69.80.166.124 [ 69.80.166.124 ]
ISP : -
Organization : SUNY Brockport
Location : US, United States
City : Brockport, NY 14420
Latitude : 43°25'08" North
Longitude : 77°92'46" West

IP Address : 69.176.178.178 [ 69.176.178.178 ]
ISP : -
Organization : City West Cable & Telephone Corp.
Location : CA, Canada
City : Prince Rupert, BC v8j1l1
Latitude : 54°31'67" North
Longitude : 130°33'34" West

IP Address : 84.84.136.217 [ ip545488d9.speed.planet.nl ]
ISP : World Access / Planet Internet
Organization : Planet Technologies
Location : NL, Netherlands
City : Hattem, 03 -
Latitude : 52°46'67" North
Longitude : 6°06'67" East

IP Address : 76.181.103.166 [ cpe-76-181-103-166.columbus.res.rr.com ]
ISP : -
Organization : Road Runner
Location : US, United States
City : Greensboro, NC -
Latitude : 36°08'44" North
Longitude : 79°82'09" West

IP Address : 69.158.64.21 [ bas14-toronto12-1167998997.dsl.bell.ca ]
ISP : Bell Canada
Organization : Sympatico
Location : CA, Canada
City : Rexdale, ON -
Latitude : 43°71'67" North
Longitude : 79°56'67" West

IP Address : 221.148.61.236 [ 221.148.61.236 ]
ISP : Korea Telecom
Organization : (sa)hangugsaneobgyungjeyeunguwon
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

----Honey Pot Activity --------
Activity : Port 80 surf only
IP Address : 168.91.1.189 [ 168.91.1.189 ]
ISP : IVYTech
Organization : IVYTech Community College of Indiana
Location : US, United States
City : Indianapolis, IN 46208
Latitude : 39°83'31" North
Longitude : 86°17'47" West

Monday, October 29, 2007

Recommended IPs Addresses to be Blocked - China, Korea, Taiwan, and Thailand

The BLSS Cyber Center is recommending that the following (additional) IP addresses from China, Korea, Taiwan and Thailand be entered into Firewalls:

IP Address Country
---------- -------
125.76.238.164 China - Shanxi
219.148.119.2 China - Hebei
116.18.161.55 China - Guangdong
222.216.28.161 China - Guangxi
222.217.240.248 China - Guangxi
121.18.13.107 China - Hebei
218.10.137.130 China - Heilongjiang
221.208.208.101 China - Heilongjiang
221.208.208.3 China - Heilongjiang
221.208.208.83 China - Heilongjiang
221.208.208.91 China - Heilongjiang
221.208.208.95 China - Heilongjiang
221.208.208.98 China - Heilongjiang
221.209.110.50 China - Mudanjiang
218.3.134.250 China - China Shipbuilding Inst
59.72.128.14 China - Beihua Univ
58.247.50.243 China - ShangHai
222.215.136.52 China - Sichuan
218.50.1.119 Korea - Hanaro Telecomm
218.232.95.60 Korea - Hanaro Telecomm
211.67.58.203 China - Wuhan - Inst Science/Tech
61.134.56.18 China - Shanghai
58.20.228.52 China - Changsa
122.116.17.133 Taiwan - Taipei
121.18.12.197 China - Hebei
218.10.137.42 China - Harbin
61.184.101.46 China - Wuhan
218.10.137.42 China - Harbin
218.10.137.42 China - Harbin
202.97.238.202 China - Heilongjiang
219.240.44.147 Korea - Seocho
221.139.35.78 Korea - Islan
218.10.137.142 China - Harbin
221.209.110.20 China - Mudanjiang
124.114.116.18 China - Beijing
219.147.233.40 China - Zhongshan
218.75.199.50 China - Hunan
218.165.8.32 Taiwan - Taipei
222.169.226.169 China - Changchun
222.239.255.43 Korea - Soul
61.130.50.150 China - Quzhou
221.158.228.40 Korea - Korea Telecomm
221.141.127.137 Korea -Ilsan
221.209.110.50 China - Mudanjiang
218.10.137.142 China - Harbin
221.209.110.20 China - Mudanjiang
202.75.218.145 China - Hangzhou
61.189.154.33 China - Shanghai
218.106.91.25 China - Hefei
220.191.233.132 China - Taizhou
220.179.244.138 China - Hefei
61.175.243.182 China - Jinyun
58.241.178.213 China - Xuzhou
58.97.5.64 Thailand - Bangkok
222.217.221.224 China - Nanning
122.38.90.165 Korea
218.234.38.39 Korea - Seocho
221.11.6.197 China - Taiyuan
59.56.27.170 China - Beijing
219.153.5.169 China - Shanghai
220.191.252.62 China - Lishui
58.241.178.210 China - Xuzhou
61.130.134.66 China - Hangzhou
222.216.28.178 China - Nanning
124.224.131.132 China - Beijing
218.234.41.8 Korea - Seocho
218.27.148.78 China - Changchun
218.3.134.250 China - Zhenjiang
218.234.32.131 Korea - Seocho
218.153.221.29 Korea
122.136.45.2 China - Changchun
219.147.233.30 China - Zhongshan
58.38.3.178 China - Shanghai
58.247.11.242 China - Shanghai
124.226.234.15 China - Nanning
123.8.228.123 China - Beijing
211.174.179.32 Korea - Seoul
124.224.128.140 China - Beijing
218.234.38.69 Korea - Seocho
218.26.89.141 China - Changzhi
121.139.129.4 Korea - Keieii
222.217.221.214 China - Nanning
221.6.7.89 China - Nanning
220.165.8.32 China - Beijing
219.153.47.134 China - Shanghai
124.132.3.222 China - Jinan
221.194.46.204 China - Hebei
203.151.151.246 China - Thailand
210.202.199.132 Taiwan - Taichung
218.92.205.106 China - Beijing
125.225.22.110 Taiwan - Taipei
210.51.187.88 China - Bejing
218.38.56.170 Korea
218.108.70.246 China - Chaoyang
60.175.101.20 China - Hefei
58.246.107.14 China - Shanghai
219.153.5.169 China - Shanghai

Additional Attack Context

Additional context to the latest set of BLSS Cyber Reports. As we are researching the techniques deployed, we found one approach documented in May 2007 that used the Microsoft Patch or Update Service (aka BITS – background intelligent transfer service). This knowledge seems to be well dispersed in the underground hacking community and could be the technique or some variation of the techniques that we have witness in the past few days.

Please see :

New Attack Piggybacks on Microsoft's Patch Service (Washington Post – May 2007)
http://blog.washingtonpost.com/securityfix/2007/05/malware_using_microsoft_patch.html

Cyber Center Report - October 29, 2007

BLSS Cyber Center Report - 29 October 2007
------------------------------------------
www.blacklabsecurity.com

This BLSS Cyber Center Report is a continuation of the Cyber Center Report published on 29 October 2007. BLSS has initiated an immediate analysis on the China attack of our Honey Pot, which was reported yesterday, 28 October 2007. This report will be categorized into two separate sections; 1) Analysis Of Honey Pot Attack, and 2) Advised Immediate Action Required To Prevent The Attacks.

Analysis Of Honey Pot Attack
----------------------------

Below are the first 100 program file payloads detected by Shadow. There were many more payloads installed into the "i386" and "Service Pack" nested folders. The most interesting fact about the first 100 payloads below, is that almost all the payloads are related to "Remote Access" functions. The fact is that the RegCode.dll, Adfsocm.dll, ComAdmin.dll, Dialer.exe, the "System Configuration Install" (system.configuration.install.dll), Nfsocm.dll, Explorer.exe, etc. But most interesting, is the fact that remote access program payloads were updated, along with the \Windows\PCHealth\HelpCtr\System\RemoteAssistance\Interaction\Client\Raclient.js, Racontrol.js, Raserver.js and Common.js, along with a new RegEdit.exe.

The following are the first 100 payloads detected:

1. C:\WINDOWS\ASSEMBLY\GAC\REGCODE\1.0.5000.0__B03F5F7F11D50A3A\REGCODE.DLL
2. C:\WINDOWS\SERVICEPACKFILES\SERVICEPACKCACHE\CMPNENTS\R2\PACKAGES\NEWBINS\I386\ADFSOCM.DLL
3. C:\WINDOWS\SYSTEM32\COM\COMADMIN.DLL
4. C:\WINDOWS\DIALER.EXE
5. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.CONFIGURATION.INSTALL\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.CONFIGURATION.INSTALL.DLL
6. C:\WINDOWS\SERVICEPACKFILES\SERVICEPACKCACHE\CMPNENTS\R2\PACKAGES\NEWBINS\I386\NFSOCM.DLL
7. C:\WINDOWS\EXPLORER.EXE
8. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.DATA\1.0.5000.0__B77A5C561934E089\SYSTEM.DATA.DLL
9. C:\WINDOWS\SERVICEPACKFILES\SERVICEPACKCACHE\CMPNENTS\R2\PACKAGES\NEWBINS\I386\OCWSS.DLL
10. C:\PROGRAM FILES\COMMONFILES\SPEECHENGINES\MICROSOFT\TTS\1033\SPTTSENG.DLL
11. C:\WINDOWS\HH.EXE
12. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.DATA.ORACLECLIENT\1.0.5000.0__B77A5C561934E089\SYSTEM.DATA.ORACLECLIENT.DLL
13. C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTEASSISTANCE\INTERACTION\CLIENT\RACLIENT.JS
14. C:\WINDOWS\SERVICEPACKFILES\SERVICEPACKCACHE\CMPNENTS\R2\PACKAGES\NEWBINS\I386\SUAIDMOG.DLL
15. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MUI\0409\MSCORSECR.DLL
16. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.DIRECTORYSERVICES\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.DIRECTORYSERVICES.DLL
17. C:\WINDOWS\NOTEPAD.EXE
18. C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTEASSISTANCE\INTERACTION\COMMON\RACONTROL.JS
19. C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\COMMON\COMMON.JS
20. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.ENTERPRISESERVICES\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.ENTERPRISESERVICES.DLL
21. C:\WINDOWS\REGEDIT.EXE
22. C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTEASSISTANCE\INTERACTION\SERVER\RASERVER.JS
23. C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\COMMON\CONSTANTS.JS
24. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.ENTERPRISESERVICES\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.ENTERPRISESERVICES.THUNK.DLL
25. C:\WINDOWS\SYSTEM32\MUI\0C0A\W03A2409.DLL
26. C:\WINDOWS\TWAIN.DLL
27. C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFTCORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\COMMON\COMMON.JS
28. C:\WINDOWS\SYSTEM32\MUI\0C0A\WS03RES.DLL
29. C:\WINDOWS\TWAIN_32.DLL
30. C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFTCORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTEASSISTANCE\COMMON\CONSTANTS.JS
31. C:\WINDOWS\SYSTEM32\MUI\0C0A\XPOB2RES.DLL
32. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.MESSAGING\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.MESSAGING.DLL
33. C:\WINDOWS\SYSTEM32\REINSTALLBACKUPS\0001\DRIVERFILES\I386\PROCESSR.SYS
34. C:\WINDOWS\TWUNK_16.EXE
35. C:\WINDOWS\SYSTEM32\MUI\0C0A\XPSP2RES.DLL
36. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.RUNTIME.REMOTING\1.0.5000.0__B77A5C561934E089\SYSTEM.RUNTIME.REMOTING.DLL
37. C:\WINDOWS\SERVICEPACKFILES\SERVICEPACKCACHE\CMPNENTS\R2\PACKAGES\VDS11\DISKRAID.EXE
38. C:\WINDOWS\TWUNK_32.EXE
39. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.RUNTIME.SERIALIZATION.FORMATTERS.SOAP\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.RUNTIME.SERIALIZATION.FORMATTERS.SOAP.DLL
40. C:\WINDOWS\SERVICEPACKFILES\SERVICEPACKCACHE\CMPNENTS\R2\PACKAGES\VDS11\VDS.EXE
41. C:\WINDOWS\UDDISP.EXE
42. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.SECURITY\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.SECURITY.DLL
43. C:\WINDOWS\INF\UNREGMP2.EXE
44. C:\WINDOWS\SYSTEM32\WBEM\ADSTATUS\TRUSTMON.DLL
45. C:\WINDOWS\SERVICEPACKFILES\SERVICEPACKCACHE\CMPNENTS\R2\PACKAGES\VDS11\VDSDYNDR.DLL
46. C:\WINDOWS\VMMREG32.DLL
47. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.SERVICEPROCESS\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.SERVICEPROCESS.DLL
48. C:\WINDOWS\SERVICEPACKFILES\SERVICEPACKCACHE\CMPNENTS\R2\PACKAGES\VDS11\VDSLDR.EXE
49. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.WEB\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.WEB.DLL
50. C:\WINDOWS\WINHELP.EXE
51. C:\WINDOWS\SERVICEPACKFILES\SERVICEPACKCACHE\CMPNENTS\R2\PACKAGES\VDS11\VDSUTIL.DLL
52. C:\WINDOWS\SYSTEM32\WBEM\XML\WMI2XML.DLL
53. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.WEB.MOBILE\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.WEB.MOBILE.DLL
54. C:\WINDOWS\WINHLP32.EXE
55. C:\WINDOWS\MSAGENT\AGENTANM.DLL
56. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.WEB.REGULAREXPRESSIONS\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.WEB.REGULAREXPRESSIONS.DLL
57. C:\WINDOWS\MSAGENT\AGENTCTL.DLL
58. C:\WINDOWS\_DEFAULT.PIF
59. C:\WINDOWS\MSAGENT\AGENTDP2.DLL
60. C:\WINDOWS\ASSEMBLY\GAC\SYSTEM.WEB.SERVICES\1.0.5000.0__B03F5F7F11D50A3A\SYSTEM.WEB.SERVICES.DLL
61. C:\WINDOWS\SYSTEM32\SERVERAPPLIANCE\WEB\ADMIN\HELP\0409\LINKCSS.JS
62. C:\WINDOWS\MSAGENT\AGENTDPV.DLL
63. C:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\MSCORLIB\1.0.5000.0__B77A5C561934E089_1C85CDAB\MSCORLIB.DLL
64. C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
65. C:\WINDOWS\MSAGENT\AGENTMPX.DLL
66. C:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM\1.0.5000.0__B77A5C561934E089_8DF1E0E7\SYSTEM.DLL
67. C:\WINDOWS\MSAGENT\AGENTPSH.DLL
68. C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\IEINFO5.OCX
69. C:\WINDOWS\MSAGENT\AGENTSR.DLL
70. C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE
71. C:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM.DESIGN\1.0.5000.0__B03F5F7F11D50A3A_2DC1A7DB\SYSTEM.DESIGN.DLL
72. C:\WINDOWS\MSAGENT\AGENTSVR.EXE
73. C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SPEECH\SAPI.DLL
74. C:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM.DRAWING\1.0.5000.0__B03F5F7F11D50A3A_66784F17\SYSTEM.DRAWING.DLL
75. C:\WINDOWS\MSAGENT\AGTINTL.DLL
76. C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SPEECH\SAPISVR.EXE
77. C:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM.DRAWING.DESIGN\1.0.5000.0__B03F5F7F11D50A3A_271DA28B\SYSTEM.DRAWING.DESIGN.DLL
78. C:\WINDOWS\MSAGENT\MSLWVTTS.DLL
79. C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\TEXTCONV\MSCONV97.DLL
80. C:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM.WINDOWS.FORMS\1.0.5000.0__B77A5C561934E089_9D99100D\SYSTEM.WINDOWS.FORMS.DLL
81. C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\TRIEDIT\DHTMLED.OCX
82. C:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM.XML\1.0.5000.0__B77A5C561934E089_667035EA\SYSTEM.XML.DLL
83. C:\WINDOWS\SRCHASST\MSGR3EN.DLL
84. C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\TRIEDIT\TRIEDIT.DLL
85. C:\WINDOWS\SRCHASST\SRCHCTLS.DLL
86. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\1033\ALINKUI.DLL
87. C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VGX\VGX.DLL
88. C:\WINDOWS\SRCHASST\SRCHUI.DLL
89. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\1033\CSCOMPUI.DLL
90. C:\PROGRAM FILES\COMMON FILES\SPEECHENGINES\MICROSOFT\SPCOMMON.DLL
91. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\1033\VBC7UI.DLL
92. C:\WINDOWS\SYSTEM32\6TO4SVC.DLL
93. C:\PROGRAM FILES\COMMON FILES\SYSTEM\ADO\MSADER15.DLL
94. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\1033\VSAVB7RTUI.DLL
95. C:\WINDOWS\SYSTEM32\AAAAMON.DLL
96. C:\PROGRAM FILES\COMMON FILES\SYSTEM\ADO\MSADO15.DLL
97. C:\WINDOWS\SYSTEM32\ACCTRES.DLL
98. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASP.NETCLIENTFILES\SMARTNAV.JS
99. C:\PROGRAM FILES\COMMON FILES\SYSTEM\ADO\MSADOMD.DLL
100.C:\WINDOWS\SYSTEM32\ACCWIZ.EXE

Advised Immediate Action Required To Prevent The Attacks
--------------------------------------------------------

The first step, is to enter the following ports into firewalls, if organizations can do so without inhibiting the normal operations of your network and software:

Port 7212
Port 1026
Port 1027
Port 1028

The second step, is to enter the following IP addresses into firewalls:

IP Address
----------
121.18.13.107
121.18.12.197
221.208.208.83
221.208.208.91
221.208.208.95
221.208.208.98
202.97.238.202
218.50.1.119
222.239.255.43
121.235.156.114
210.79.152.144
202.97.238.202
221.208.208.101
44.139.107.99

The third step, is to TURN OFF all Automatic Updates and Disable the Microsoft Help Center Remote Access Functions. As a "hardening method"
within BLSS, we actually erase the following java scripts:

Java Scripts
-----------
Raclient.js
Racontrol.js
Common.js
Raserver.js
Constants.js

The BLSS Cyber Center will be publishing a list of all IP addresses detected from China and Korea within the next 24 hours. It is recommended that all IP addresses from China and Korea be entered into firewalls as a security
(safety) precaution.

Storm Worm Research

Commenting on eWeek articles:
NAC Can't Weather the Storm - October 26, 2007
http://www.eweek.com/article2/0,1895,2207921,00.asp
Storm Worm Botnet Lobotomizing Anti-Virus Programs - October 24, 2007
http://www.eweek.com/article2/0,1895,2205606,00.asp

Our Storm Worm Research

The Storm worm and other nameless worms roaming the Internet today are extremely capable and are not beating with brute force techniques; they don’t need to base on the techniques being deployed. These worms are intruding networks and systems almost at will without logins, passwords, or help from insiders. There are hundreds of new compromised IPs added to the attack every day using the same attack profile and techniques. Therefore blocking IPs and countries in your firewalls and other network access controls (NACs) from accessing your networks is a mission impossible. The actual attack is hidden is the overload of communications and probes that come from these compromised computers that intrude looking like normal expected communications. Anti-virus and anti-spyware solutions are being rendered worst than useless since they are reporting that all is OK.

Adjusting filters and behaviors in IPS systems and UTM systems is also nearly unproductive since these worms change their signature every 30 minutes or less. Once in, these worms are invisible because they comes with a rootkit built in and hide at the kernel level; and they are clever enough to change every few weeks (or days). These worms have built-in defense mechanisms and they know when they are being investigated, and it punishes and fights back.

We are finding that the best security defense in depth (DiD) architectures with many security appliances and software products are having equally difficult problems in stopping theses worms. The filter sensitivities are different in each tool and analyzing a single event has many gaps in what the logs are showing. Since there are some many short-burst probes and attacks each day, the logs are extremely lengthy. Often after identifying an suspicious event, they files are gone since they are already were installed, make critical O/S changes or download other malware via open ports looking like valid communications, and then deleted themselves.

So why is the information so vague about the storm worm? It’s because the storm worm knows the weaknesses of security products available today and it doing a grand job of defeating and confusing computer security analysts. A new security technology and approach is required by the industry. As you see form the posted cyber reports, we are able to prevent, capture forensics, and analyze these worms without much difficulty. No need for filter adjustments or new signature updates for us. We see these attacks like watching a video game in near real-time. By the way, we have not published our forensics and logs, but have provided this information through several channels. We will remain discrete about how these attacks are so successful.

Cyber Center Report - October 28, 2007

BLSS Cyber Center Report - 28 October 2007
------------------------------------------
http://www.blacklabsecurity.com/

BLSS detected and observed the highest number of new computers suddenly broadcasting over the Internet to date. China and Korea continue to escalate their probes/attacks on all previously reported ports. The number of IPs in China and Korea probing/attacking the U.S. is rising substantially each night.

Please read this report carefully. Several government computers are now broadcasting over port 1026 UDP.

BLSS also detected and captured the forensics of multiple IP connections from China (Hebei, Beijing and 3 Harbin IP sites), Japan, and one site inside the U.S. from an Amateur Radio Digital Communications Group.

Several unauthorized files were detected from offshore sources (IPs) within the BLSS Honey Pot that included REGCODE.DLL and ADFSOCM.DLL.

The following IPs were connected to the BLSS Honey Pot when these files were received:

IP Address Location Port Protocol
------------- ----------- ----- --------
121.18.13.107 China - Hebei 7212 TCP
121.235.156.114 China - Beijing 1026 UDP
210.79.152.144 Japan 1026 UDP
221.208.208.91 China - Harbin 1027 UDP
202.97.238.202 China - Harbin 1027 UDP
221.208.208.101 China - Harbin 1026 UDP
44.139.107.99 U.S. 1026 UDP

(IP 44.139.107.99 is located somewhere (approx) in Colorado at an Armature Radio Digital Communications Station)

Several other key U.S. government computers are now suddenly broadcasting over port 1026 UDP;

Four computers from the Naval Ocean Systems Center:

1) 214.174.173.142
2) 33.14.45.142
3) 214.71.189.59
4) 214.84.88.214

One computer from the DoD Network Centric Operations:

1) 26.198.93.126

Several other computers now broadcasting on port 1026. from the U.S. there are; The IANA probed port 1026 a total number of eight times last night, from eight separate IP addresses, one computer from Hewlett-Packard Company, one computer from Cingular Wireless II, one computer from Road Runner, one computer from TDS Telecom, one computer the Buckeye Pipe Line Company.

Other countries probing on Port 1026; China (new site), Korea (2 new sites), Japan (2 new sites), Canada (4 new sites – one of these computers is from Nortel Networks Canada), Italy (new site), Germany (new site), New Zealand (new site), United Kingdom, (new site), “Societe Internationale de Telecomm (Europe), One IP Address which has no record and cannot be traced (most likely belongs to a government agency), Australia (new site). Port 1027; Canada (new site), Israel (new site). Port 1028; Canada (new site). Port 21; China (new site). Port 22; Netherlands (new site), China (2 new sites), Japan (new site), U.S. (new site). Port 25; Taiwan (new site). Port 1080; China (new site), Korea (new site). Port 1433; Taiwan (new site), U.S. (new site), China (new site). Port 1434; China (2 new sites, including China Mobile Comm Corp). Port 2967; Spain (new site), U.S. (new site), China (new site). Port 2968; U.S. (new site). Port 3128; Germany (new site). Port 4899; China (new site), India (new site). Port 5900; Algeria (new site), China (2 new sites), Korea (new site). Port 7212; China (new site). Honey Port Activity; China surfed port 80 and attacked through port 1080, three hours after the service pack update was attempted. The Chinese attack failed. Germany surfed port 80 and attempted no attack. Ethiopia surfed port 80 and attempted no attack.

----Service Pack Update Activated During The Following IP Connections -----
IP Address : 121.18.13.107 [ 121.18.13.107 ]
ISP : -
Organization : CNC Group Hebei province network
Location : CN, China
City : Hebei, 10 -
Latitude : 39°88'97" North
Longitude : 115°27'50" East

IP Address : 121.235.156.114 [
114.156.235.121.broad.wx.js.dynamic.163data.com.cn ]
ISP : -
Organization : CHINANET jiangsu province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

IP Address : 210.79.152.144 [ 144M61.rivo.mediatti.net ]
ISP : Mediatti Communications Inc.
Organization : Mediatti Communications,Inc.
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East

IP Address : 221.208.208.91 [ 221.208.208.91 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 202.97.238.202 [ 202.97.238.202 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 221.208.208.101 [ 221.208.208.101 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 44.139.107.99 [ 44.139.107.99 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: :Amateur Radio Digital Communications
OrgID: : ARDC
Address:
City:
StateProv:
PostalCode:
Country: : US

Below is a listing of the specific details on each port probe/attack and IP
address:

----Port 1026 ---------
IP Address : 110.223.103.15 [ 110.223.103.15 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 221.208.208.100 [ 221.208.208.100 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 16.190.180.16 [ 16.190.180.16 ]
ISP : HEWLETT-PACKARD COMPANY
Organization : Hewlett-Packard Company
Location : US, United States
City : Palo Alto, CA 94304
Latitude : 37°37'62" North
Longitude : 122°18'26" West

IP Address : 122.43.240.241 [ 122.43.240.241 ]
ISP : -
Organization : POWERCOMM
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

IP Address : 214.174.173.142 [ 214.174.173.142 ]
ISP : Naval Ocean Systems Center
Organization : Naval Ocean Systems Center
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 155.164.42.223 [ 155.164.42.223 ]
ISP : Cingular Wireless II, LLC
Organization : Cingular Wireless II, LLC
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 77.148.5.226 [ 77.148.5.226 ]
ISP : -
Organization : freenet Cityline GmbH
Location : DE, Germany
City : Kiel, 10 -
Latitude : 54°33'33" North
Longitude : 10°13'33" East

IP Address : 142.217.35.43 [ 142-217-35-43.telebecinternet.net ]
ISP : Telebec
Organization : Telebec
Location : CA, Canada
City : Scarborough, ON -
Latitude : 43°75'00" North
Longitude : 79°20'00" West

IP Address : 91.81.75.23 [ 91.81.75.23 ]
ISP : -
Organization : Vodafone Omnitel N.V.
Location : IT, Italy
City : Ivrea, 12 -
Latitude : 45°46'67" North
Longitude : 7°86'67" East

IP Address : 24.64.238.193 [ S0106000cf1e85077.cg.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : Calgary, AB -
Latitude : 51°08'33" North
Longitude : 114°08'33" West

IP Address : 47.8.89.165 [ h165s89a8n47.user.nortelnetworks.com ]
ISP : Bell-Northern Research
Organization : Nortel Networks
Location : CA, Canada
City : Ottawa, ON k1y4h7
Latitude : 45°41'67" North
Longitude : 75°70'00" West

IP Address : 133.94.112.4 [ 133.94.112.4 ]
ISP : -
Organization : -
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East
OrgName: : Japan Network Information Center
OrgID: : JNIC
Address: : Kokusai-kougyou-Kanda Bldg 6F
Address: : 2-3-4 Uchikanda
City: : Chiyoda-ku
StateProv: : Tokyo
PostalCode: : 101-0047
Country: : JP

IP Address : 33.14.45.142 [ 33.14.45.142 ]
ISP : Naval Ocean Systems Center
Organization : Naval Ocean Systems Center
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 175.71.14.149 [ 175.71.14.149 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 121.135.156.114 [ 121.135.156.114 ]
ISP : Korea Telecom
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

IP Address : 210.79.52.144 [ 210.79.52.144 ]
ISP : Traced to Auckland, New Zealand and lost

IP Address : 44.139.107.99 [ 44.139.107.99 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : Amateur Radio Digital Communications
OrgID: : ARDC
Address:
City:
StateProv:
PostalCode:
Country: : US

IP Address : 82.26.217.87 [ client-82-26-217-87.glfd.adsl.virgin.net ]
ISP : NTL Internet
Organization : NTL Internet
Location : GB, United Kingdom
City : Rochdale, L2 -
Latitude : 53°61'67" North
Longitude : 2°15'00" West

IP Address : 214.71.189.59 [ 214.71.189.59 ]
ISP : Naval Ocean Systems Center
Organization : Naval Ocean Systems Center
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 57.14.29.60 [ 57.14.29.60 ]
ISP : SITA-Societe Internationale de Telecommunications
Organization : SITA-Societe Internationale de Telecommunications
Location : EU, Europe
City : -, - -
Latitude : 47°00'00" North
Longitude : 8°00'00" East

IP Address : 69.135.158.111 [ voip-69-135-158-111.neo.rr.com ]
ISP : Road Runner
Organization : Road Runner
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 121.110.92.53 [ KD121110092053.ppp-bb.dion.ne.jp ]
ISP : -
Organization : KDDI Corporation
Location : JP, Japan
City : Tokyo, 40 -
Latitude : 35°68'50" North
Longitude : 139°75'14" East

IP Address : 177.119.235.34 [ 177.119.235.34 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 174.28.137.177 [ 174.28.137.177 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 142.61.198.197 [ 142.61.198.197 ]
ISP : Canadian Research Network
Organization : Canadian Research Network
Location : CA, Canada
City : Toronto, ON m5s3j1
Latitude : 43°66'67" North
Longitude : 79°41'68" West

IP Address : 216.165.129.157 [ ns6.dns.tds.net ]
ISP : TDS TELECOM
Organization : TDS TELECOM
Location : US, United States
City : Madison, WI 53717
Latitude : 43°07'37" North
Longitude : 89°52'74" West

IP Address : 178.95.193.126 [ 178.95.193.126 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 26.198.93.126 [ 26.198.93.126 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : DoD Network Information Center
OrgID: : DNIC
Address: : 3990 E. Broad Street
City: : Columbus
StateProv: : OH
PostalCode: : 43218
Country: : US

IP Address : 209.197.186.202 [ hs-scarlett-209197186202.3web.net ]
ISP : Cybersurf
Organization : 3web Corp.
Location : CA, Canada
City : Calgary, AB t2e7p1
Latitude : 51°08'33" North
Longitude : 114°08'33" West

IP Address : 139.186.84.121 [ 139.186.84.121 ]
ISP : No Record (Unknown) No Trace Whatsoever

IP Address : 161.224.174.101 [ 161.224.174.101 ]
ISP : Buckeye Pipe Line Company
Organization : Buckeye Pipe Line Company
Location : US, United States
City : Emmaus, PA 18049
Latitude : 40°51'89" North
Longitude : 75°50'13" West

IP Address : 182.148.106.18 [ 182.148.106.18 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 108.85.32.236 [ 108.85.32.236 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 183.200.235.254 [ 183.200.235.254 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 118.242.111.243 [ 118.242.111.243 ]
OrgName: : Asia Pacific Network Information Centre
OrgID: : APNIC
Address: : PO Box 2131
City: : Milton
StateProv: : QLD
PostalCode: : 4064
Country: : AU

IP Address : 214.84.88.214 [ 214.84.88.214 ]
ISP : Naval Ocean Systems Center
Organization : Naval Ocean Systems Center
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

----Port 1027 -----------
IP Address : 24.64.238.193 [ S0106000cf1e85077.cg.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : Calgary, AB -
Latitude : 51°08'33" North
Longitude : 114°08'33" West

IP Address : 82.166.13.50 [ 82-166-13-50.barak-online.net ]
ISP : Barak I.T.C
Organization : Barak I.T.C
Location : IL, Israel
City : -, - -
Latitude : 31°50'00" North
Longitude : 34°75'00" East

----Port 1028 -----------
IP Address : 24.64.238.193 [ S0106000cf1e85077.cg.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : Calgary, AB -
Latitude : 51°08'33" North
Longitude : 114°08'33" West

----Port 21 -----------
IP Address : 202.108.12.7 [ 202.108.12.7 ]
ISP : CNCGROUP Beijing province network
Organization : CNCGROUP Beijing Province Network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

----Port 22 -----------
IP Address : 212.204.181.15 [ cc573055-b.wolve1.fr.home.nl ]
ISP : Essent Kabelcom B.V.
Organization : Essent Kabelcom B.V. B.V.
Location : NL, Netherlands
City : Nijmegen, 03 -
Latitude : 51°83'33" North
Longitude : 5°86'67" East

IP Address : 61.146.178.13 [ 61.146.178.13 ]
ISP : Data Communication Division
Organization : ChinaNet Guangdong Province Network
Location : CN, China
City : Guangzhou, 30 -
Latitude : 23°11'67" North
Longitude : 113°25'00" East

IP Address : 65.19.156.160 [ 65.19.156.160 ]
ISP : Hurricane Electric
Organization : Joe's Web Hosting
Location : JP, Japan
City : Osaka, 32 -
Latitude : 34°66'67" North
Longitude : 135°50'00" East

IP Address : 202.106.62.52 [ 202.106.62.52 ]
ISP : CNCGROUP Beijing province network
Organization : CNCGROUP Beijing Province Network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

IP Address : 208.115.34.232 [ 208.115.34.232 ]
ISP : -
Organization : Bocacom.net LLC
Location : US, United States
City : Boca Raton, FL 33431
Latitude : 26°38'18" North
Longitude : 80°10'46" West

----Port 25 -----------
IP Address : 61.31.167.78 [ 61-31-167-78.dynamic.tfn.net.tw ]
ISP : Taiwan Fixed Network CO.,LTD.
Organization : Taiwan Fixed Network CO.,LTD.
Location : TW, Taiwan
City : Taipei, 03 -
Latitude : 25°03'92" North
Longitude : 121°52'50" East

----Port 1080 ----------
IP Address : 125.65.76.15 [ 125.65.76.15 ]
ISP : CHINANET Sichuan province network
Organization : SC-MY-XIWEISHUMA-LYD
Location : CN, China
City : Mianyang, 32 -
Latitude : 31°46'67" North
Longitude : 104°76'67" East

IP Address : 222.239.255.43 [ 222.239.255.43 ]
ISP : Hanaro Telecom, Inc.
Organization : Hanaro Telecom, Inc.
Location : KR, Korea, Republic of
City : Seoul, 11 -
Latitude : 37°56'64" North
Longitude : 126°99'97" East

----Port 1433 ----------
IP Address : 60.248.124.139 [ 60-248-124-139.HINET-IP.hinet.net ]
ISP : CHTD, Chunghwa Telecom Co.,Ltd.
Organization : Chunghwa Telecom Data communication Business Group
Location : TW, Taiwan
City : Taipei, 03 -
Latitude : 25°03'92" North
Longitude : 121°52'50" East

IP Address : 69.149.1.231 [ adsl-69-149-1-231.dsl.rcsntx.swbell.net ]
ISP : SBC Internet Services
Organization : SBC Internet Services
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 218.28.119.230 [ pc0.zz.ha.cn ]
ISP : CNCGROUP Henan province network
Organization : CNCGROUP Henan province network
Location : CN, China
City : Henan, 24 -
Latitude : 37°89'97" North
Longitude : 112°18'72" East

----Port 1434 ----------
IP Address : 61.242.244.143 [ 61.242.244.143 ]
ISP : China United Telecommunications Corporation
Organization : China United Telecommunications Corporation
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

IP Address : 221.130.68.206 [ 221.130.68.206 ]
ISP : China Mobile Communications Corporation
Organization : China Mobile Communications Corporation - jiangsu
Location : CN, China
City : -, - -
Latitude : 35°00'00" North
Longitude : 105°00'00" East

----Port 2967 -----------
IP Address : 62.43.240.58 [ 62.43.240.58 ]
ISP : ONO
Organization : ONO
Location : ES, Spain
City : Madrid, 29 -
Latitude : 40°40'00" North
Longitude : 3°68'33" West

IP Address : 64.194.57.21 [ ims-64-194-57-21.imsday.com ]
ISP : Level 3 Communications
Organization : Time Warner Cable
Location : US, United States
City : Houston, TX -
Latitude : 29°77'55" North
Longitude : 95°41'52" West

IP Address : 218.66.104.217 [ 218.66.104.217 ]
ISP : Data Communication Division
Organization : Data Communication Division
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East

---Port 2968 ----------
IP Address : 69.22.217.135 [ user-12hdmc7.cable.mindspring.com ]
ISP : EarthLink
Organization : EarthLink
Location : US, United States
City : Cliffside Park, NJ 07010
Latitude : 40°82'03" North
Longitude : 73°98'71" West

----Port 3128 ---------
IP Address : 87.118.118.98 [ ns.km31021.keymachine.de ]
ISP : Keyweb AG
Organization : Keyweb AG IP Network
Location : DE, Germany
City : Erfurt, 15 -
Latitude : 50°98'33" North
Longitude : 11°03'33" East

----Port 4899 ---------
IP Address : 61.153.155.189 [ 61.153.155.189 ]
ISP : Data Communication Division
Organization : CHINANET-ZJ Ningbo node network
Location : CN, China
City : Ningbo, 02 -
Latitude : 29°87'50" North
Longitude : 121°54'19" East

IP Address : 59.163.49.6 [ 59.163.49.6.static.vsnl.net.in ]
ISP : Videsh Sanchar Nigam Ltd - India.
Organization : Videsh Sanchar Nigam Ltd
Location : IN, India
City : Bombay, 16 -
Latitude : 18°97'50" North
Longitude : 72°82'58" East

----Port 5900 ----------
IP Address : 82.101.190.13 [ 82.101.190.13 ]
ISP : IP-ADSL-ALGER
Organization : IP-ADSL-ALGER
Location : DZ, Algeria
City : Alger, 01 -
Latitude : 36°76'31" North
Longitude : 3°05'06" East

IP Address : 222.216.28.178 [ 222.216.28.178 ]
ISP : CHINANET Guangxi province network
Organization : CHINANET Guangxi province network
Location : CN, China
City : Nanning, 16 -
Latitude : 22°81'67" North
Longitude : 108°31'66" East

IP Address : 211.116.157.35 [ 211.116.157.35 ]
ISP : KRNIC
Organization : NEORO COM
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

IP Address : 218.95.184.104 [ 218.95.184.104 ]
ISP : Data Communication Division
Organization : CHINANET ningxia province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

----Port 7212 -------------
IP Address : 60.213.45.62 [ 60.213.45.62 ]
ISP : CNCGROUP Shandong province network
Organization : CNCGROUP Shandong province network
Location : CN, China
City : Jinan, 25 -
Latitude : 36°66'83" North
Longitude : 116°99'72" East

----Honey Pot Activity -----------
IP Activity : Surfed port 80 and attacked through port 1080
IP Address : 222.217.221.214 [ 222.217.221.214 ]
ISP : CHINANET Guangxi province network
Organization : CHINANET Guangxi province network
Location : CN, China
City : Nanning, 16 -
Latitude : 22°81'67" North
Longitude : 108°31'66" East

IP Activity : Surfed port 80
IP Address : 87.118.118.98 [ ns.km31021.keymachine.de ]
ISP : Keyweb AG
Organization : Keyweb AG IP Network
Location : DE, Germany
City : Erfurt, 15 -
Latitude : 50°98'33" North
Longitude : 11°03'33" East

IP Activity : Surfed port 80
IP Address : 213.55.79.250 [ 213.55.79.250 ]
ISP : Ethiopian Telecommuncation Corporation
Organization : Ethiopian Telecommunication corporation
Location : ET, Ethiopia
City : -, - -
Latitude : 8°00'00" North

Information about the Honey Pot

Information about the Honey Pot

Several people have asked about more information regarding our Honey pot. We have deployed our honey pot directly connected to the Internet with a non-descript basic webpage. In doing so, we are exposed to every computer probe and attack that finds its way to our IP. We are using turnkey cyber center software from Black Lab Security Systems that monitors and protects a standard workstation or server used as a honey pot. We do our best to protect the IP address of the honey pot to protect the integrity of what is detected. Cyber-probes and -attacks can be monitor in near-real time mode and quickly analyzed from the forensics evidenced gathered.

In simplest terms, enterprises would benefit from using a honey pot in on company registered IPs to analyze what probes and attacks are (1) finding enterprise systems directly connected to the Internet, (2) intruding enterprise’s demilitarized zone (DMZ), and (3) intruding an enterprises internal network or intranet.

Internal Network
Attacks to the internal network are the most serious and immediate action should be considered. Attacks, scans, and probes can come from both internal (e.g., the insider threat) or external.

Sunday, October 28, 2007

Cyber Center Report - October 27, 2007

BLSS Cyber Center Report - 27 October 2007
------------------------------------------
http://www.blacklabsecurity.com/

IMPORTANT - This report identifies the most significant computers suddenly broadcasting over the Internet.

China and Korea continue to probe/attack the U.S. with a new level of tenacity. All previous probes/attacks on China and Korean IPs continue on all reported ports. Last night's probes/attacks have reached an all-time high of new and significant computers now broadcasting on port 1026. Never before has the BLSS Cyber Center, detected so many "significant" computers, to suddenly start broadcasting (almost) at one time over port 1026. The computers now broadcasting on Port 1026 are the following:

1) Chevron Corporation
2) The British Petroleum Company
3) Hewlett-Packard
4) Wageningen University and Research Centre (NetherLands)
5) Two Computers Recorded as the property of the Department Of Defense
(DoD)
6) The "Societe Internationale de Telecommunications" (Europe)
7) The NIB (National Internet Backbone) Of India
8) The Japan Network Information Center- Japan
9) The Government of the Province of Ontario- Canada
10) The Cable And Wireless System Of Panama
11) Two computers that cannot be identified, which most likely belong to a government agency.
12) One computer which was traced to , but the trace was lost on the African Continent.

The other significant computer, is America On Line (AOL) which is now broadcasting over port 5900.

Other significant news is that CHINA IS AWARE of the BLSS Honey Pot and is now "surfing" probing and attacking the BLSS Honey Pot. China has NOT been successful (so far) utilizing their methods/programs against the BLSS Honey Pot. The BLSS Honey Pot is stopping all attacks by China. The Chinese IP is 219.153.5.169 located in Shanghai, China.

Other additional probes on port 1026 include Thailand, India, U.S., Japan, and the Ukraine. The Internet Assigned Numbers Authority (IANA) also probed port 1026 three times last night. Port 22; China (new site), Taiwan (new site). Port 1433; China (new site), Korea (new site). Port 1434; China (2 new sites). Port 4899; U.S. (new site). Port 5168; China (new site). Port 5900; U.S. (2 new sites - AOL reported above and Mikrotec Internet Services), Greece (new site). Honey Pot Activity; China "surfing" and unsuccessfully attacking the BLSS Honey Pot (reported above), One other "surf" located in the U.S. (Utah). No attack from the Utah "surf".

Below is a listing of the specific details on each port probe/attack and IP
address:

----Port 1026 ----------------
IP Address : 203.151.151.246 [ 203.151.151.246 ]
ISP : Internet Thailand Company Limited
Organization : Internet Thailand Company Limited
Location : TH, Thailand
City : -, - -
Latitude : 15°00'00" North
Longitude : 100°00'00" East

IP Address : 64.184.56.105 [ ip56-105.dyn.comteck.com ]
ISP : Indiana Fiber Network, LLC
Organization : Sweetser Telephone Co.
Location : US, United States
City : Sweetser, IN 46987
Latitude : 40°56'95" North
Longitude : 85°76'68" West

IP Address : 63.28.160.72 [ 1Cust72.an4.nyc41.da.uu.net ]
ISP : UUNET Technologies
Organization : UUNET Technologies
Location : US, United States
City : Ashburn, VA 20147
Latitude : 39°03'35" North
Longitude : 77°48'38" West

IP Address : 61.16.186.68 [ hw-static-68-186-16-61.direct.net.in ]
ISP : Direct Internet
Organization : Hotwire
Location : IN, India
City : New Delhi, 07 -
Latitude : 28°60'00" North
Longitude : 77°20'00" East

IP Address : 97.127.86.68 [ 97.127.86.68 ]
ISP : No Record (Not recorded)

IP Address : 61.119.81.22 [ 61.119.81.22 ]
ISP : Nippon Telecommunication Network Co.,Ltd.
Organization : NTT Communications Corporation
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East

IP Address : 174.220.153.83 [ 174.220.153.83 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv : CA
PostalCode : 90292-6695
Country: : US

IP Address : 137.224.244.14 [ 137.224.244.14 ]
ISP : Wageningen University and Research Centre
Organization : Wageningen University and Research Centre
Location : NL, Netherlands
City : Wageningen, 03 -
Latitude : 51°96'67" North
Longitude : 5°66'67" East

IP Address : 161.103.43.111 [ 161.103.43.111 ]
ISP : The British Petroleum Company p.l.c (BP)
Organization : The British Petroleum Company p.l.c (BP)
Location : US, United States
City : Cleveland, OH 44128
Latitude : 41°43'79" North
Longitude : 81°53'66" West

IP Address : 30.126.167.170 [ 30.126.167.170 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : DoD Network Information Center
OrgID: : DNIC
Address: : 3990 E. Broad Street
City: : Columbus
StateProv: : OH
PostalCode: : 43218
Country: : US

IP Address : 133.210.238.95 [ 133.210.238.95 ]
ISP : -
Organization : -
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East
OrgName: : Japan Network Information Center
OrgID: : JNIC
Address: : Kokusai-kougyou-Kanda Bldg 6F
Address: : 2-3-4 Uchikanda
City: : Chiyoda-ku
StateProv : Tokyo
PostalCode : 101-0047
Country: : JP

IP Address : 190.34.233.95 [ 190.34.233.95 ]
ISP : -
Organization : Cable & Wireless Panama
Location : PA, Panama
City : -, - -
Latitude : 9°00'00" North
Longitude : 80°00'00" West

IP Address : 36.186.62.69 [ 36.186.62.69 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 105.113.251.184 [ 105.113.251.184 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 191.186.213.173 [ 191.186.213.173 ]
ISP : No Record (Not Recorded)

IP Address : 57.236.39.178 [ 57.236.39.178 ]
ISP : SITA-Societe Internationale de Telecommunications
Organization : SITA-Societe Internationale de Telecommunications
Location : EU, Europe
City : -, - -
Latitude : 47°00'00" North
Longitude : 8°00'00" East

IP Address : 146.29.139.39 [ 146.29.139.39 ]
ISP : Chevron Corporation
Organization : Chevron Corporation
Location : US, United States
City : San Ramon, CA 94583
Latitude : 37°78'06" North
Longitude : 121°99'04" West

IP Address : 31.28.22.227 [ 31.28.22.227 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 117.243.53.225 [ 117.243.53.225 ]
ISP : -
Organization : NIB (National Internet Backbone)
Location : IN, India
City : New Delhi, 07 -
Latitude : 28°60'00" North
Longitude : 77°20'00" East

IP Address : 142.106.73.19 [ 142.106.73.19 ]
ISP : Government of the Province of Ontario
Organization : Government of the Province of Ontario
Location : CA, Canada
City : Toronto, ON m5h3b7
Latitude : 43°66'67" North
Longitude : 79°41'68" West

IP Address : 16.180.25.196 [ 16.180.25.196 ]
ISP : HEWLETT-PACKARD COMPANY
Organization : Hewlett-Packard Company
Location : US, United States
City : Palo Alto, CA 94304
Latitude : 37°37'62" North
Longitude : 122°18'26" West

IP Address : 41.29.76.81 [ 41.29.76.81 ]
ISP : No Record (Not Recorded), But known to be somewhere in Africa
: Was Directed To The AfriNIC Whois server

IP Address : 77.91.184.1 [ 77-91-184-1.client.telesystems.ua ]
ISP : -
Organization : Telesystems of Ukraine LLC
Location : UA, Ukraine
City : Kiev, 13 -
Latitude : 50°43'33" North
Longitude : 30°51'67" East

----Port 22 ------------------
IP Address : 210.202.199.132 [
TC210-202-199-132.vdslpro.static.apol.com.tw ]
ISP : Asia Pacific On-line Services Inc.
Organization : Jeng Wu Jie Automatous Co., Ltd.
Location : TW, Taiwan
City : Taichung, 04 -
Latitude : 24°14'33" North
Longitude : 120°68'14" East

IP Address : 218.92.205.106 [ 218.92.205.106 ]
ISP : Data Communication Division
Organization : CHINANET jiangsu province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

----Port 25 -------------------
IP Address : 125.225.22.110 [ 125-225-22-110.dynamic.hinet.net ]
ISP : CHTD, Chunghwa Telecom Co.,Ltd.
Organization : Chunghwa Telecom Data communication Business Group
Location : TW, Taiwan
City : Taipei, 03 -
Latitude : 25°03'92" North
Longitude : 121°52'50" East

----Port 1433 ----------------
IP Address : 210.51.187.88 [ 210.51.187.88 ]
ISP : CNCGROUP IP network
Organization : Beijing YiZhuang IDC of China Netcom
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

IP Address : 218.38.56.170 [ 218.38.56.170 ]
ISP : KRNIC
Organization : Hanaro Telecom, Inc.
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

----Port 1434 ----------------
IP Address : 218.108.70.246 [ 218.108.70.246 ]
ISP : WASU TV & Communication Holding Co.,Ltd.
Organization : wangJiangFeng
Location : CN, China
City : Chaoyang, 19 -
Latitude : 41°57'03" North
Longitude : 120°45'86" East

IP Address : 60.175.101.20 [ 60.175.101.20 ]
ISP : CHINANET Anhui province network
Organization : CHINANET Anhui province network
Location : CN, China
City : Hefei, 01 -
Latitude : 31°86'39" North
Longitude : 117°28'08" East

----Port 4899 ----------------
IP Address : 76.105.111.122 [ c-76-105-111-122.hsd1.ga.comcast.net ]
ISP : -
Organization : Comcast Cable
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

----Port 5168 ----------------
IP Address : 58.246.107.14 [ 58.246.107.14 ]
ISP : CNC Group ShangHai province network
Organization : CNC Group ShangHai province network
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East

----Port 5900 -----------------
IP Address : 172.201.222.7 [ ACC9DE07.ipt.aol.com ]
ISP : America Online
Organization : America Online
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 80.76.56.66 [ dslcustomer66.vivodi.gr ]
ISP : Vivodi Telecommunications S.A.
Organization : Vivodi Telecommunications S.A.
Location : GR, Greece
City : Athens, 35 -
Latitude : 37°98'33" North
Longitude : 23°73'32" East

IP Address : 69.176.25.80 [ hld-dsl-69-176-25-80.mis.net ]
ISP : Mikrotec Internet Services
Organization : Mikrotec Internet Services
Location : US, United States
City : Lexington, KY 40505
Latitude : 38°06'15" North
Longitude : 84°45'66" West

----Honey Pot Activity ---------------
IP Address : 219.153.5.169 [
169.5.153.219.broad.cq.cq.dynamic.163data.com.cn ]
ISP : Data Communication Division
Organization : Data Communication Division
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East

IP Address : 216.83.145.130 [ 216.83.145.130.afcity.net ]
ISP : Fibernet Corporation
Organization : American Fork City
Location : US, United States
City : American Fork, UT 84003
Latitude : 40°39'30" North
Longitude : 111°78'38" West

Cyber Center Report - October 26, 2007

BLSS Cyber Center Report - 26 October 2007
------------------------------------------
http://www.blacklabsecurity.com/

Last night's probes/attacks were just as consistent and with the same sustained frequency as the 25 October 2005 BLSS Cyber Center Report. The severity and frequency of all previously reported probes/attacks (on all reported ports), from China and Korea remains consistent across the Internet.

One new IP in China (221.194.46.204) is tenacious in it's continuous probing of port 7212. The frequency is so high, that 221.194.46.204 performs a probe every 3-4 minutes.

New activity on Port 1026; The Internet Assigned Number Authority (IANA), performed 4 probes last night, with 4 different (new) IP addresses.

Two IP addresses recorded as the property of the Department Of Defense (DoD), located somewhere (approximately) in Colorado were detected probing on port 1026. One computer with an unknown IP (not recorded) was detected probing on port 1026. Again, it has been our experience that unknown IPs (not recorded) are the property of some government agency. One computer that is recorded to be within Apple Computer Corporation was detected probing port 1026. Additional probes detected on Port 1026 were from U.S. (4 other new sites), New Zealand (new site), Slovenia (new site), Canada (2 new sites), Germany (new site), Japan (new site), Australia (new site). Port 1027; Canada (new site). Port 1028; Canada (new site). Port 22; Philippines (new site), U.S. (new site).

Port 1433; China (2 new sites), Korea (new site), Port 1434; China (2 new sites). Port 2967; China (new site). Port 5900; Sweden (new site), China (new site), France (2 new sites). Port 7212; China (one new site, which was discussed above). Honey Port Activity; No attacks last night on the BLSS Honey Port. The BLSS Honey Pot was "surfed" by one IP in the U.S., and one IP in Spain from a University located in Madrid.

Below is a listing of the specific details on each port probe/attack and IP
address:

----Port 1026 ---------------
IP Address : 23.102.102.67 [ 23.102.102.67 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 131.239.20.104 [ host-131-239-20-104.customer.veroxity.net ]
ISP : Veroxity Technology Partners
Organization : Veroxity Technology Partners
Location : US, United States
City : Newtonville, MA 02460
Latitude : 42°35'22" North
Longitude : 71°20'98" West

IP Address : 106.201.119.31 [ 106.201.119.31 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 138.211.173.87 [ 138.211.173.87 ]
ISP : WAIARI
Organization : WAIARI
Location : NZ, New Zealand
City : -, - -
Latitude : 41°00'00" South
Longitude : 174°00'00" East

IP Address : 22.89.119.186 [ 22.89.119.186 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : DoD Network Information Center
OrgID: : DNIC
Address: : 3990 E. Broad Street
City: : Columbus
StateProv: : OH
PostalCode: : 43218
Country: : US

IP Address : 22.216.206.127 [ 22.216.206.127 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : DoD Network Information Center
OrgID: : DNIC
Address: : 3990 E. Broad Street
City: : Columbus
StateProv: : OH
PostalCode: : 43218
Country: : US

IP Address : 75.35.178.112 [ 75.35.178.112 ]
ISP : -
Organization : Aquila
Location : US, United States
City : Overland Park, KS 66214
Latitude : 38°96'43" North
Longitude : 94°71'35" West

IP Address : 12.122.135.214 [ 12.122.135.214 ]
ISP : AT&T WorldNet Services
Organization : AT&T WorldNet Services
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 153.5.22.199 [ cmb61-199.dial-up.arnes.si ]
ISP : Slovenia
Organization : Slovenia
Location : SI, Slovenia
City : Ljubljana, 04 -
Latitude : 46°05'53" North
Longitude : 14°51'44" East

IP Address : 24.64.138.179 [ S01060010dcf19f13.lb.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

IP Address : 171.61.227.28 [ 171.61.227.28 ]
ISP : No Record (Unknown)

IP Address : 213.69.88.54 [ 213.69.88.54 ]
ISP : MCI Deutschland
Organization : Gilat Europe GmbH
Location : DE, Germany
City : Backnang, 01 -
Latitude : 48°95'00" North
Longitude : 9°43'33" East

IP Address : 180.254.222.130 [ 180.254.222.130 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 204.205.236.130 [ 204.205.236.130 ]
ISP : Sprint
Organization : Sprint
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : Sprint
OrgID: : SPRN
Address: : 12502 Sunrise Valley Drive
City: : Reston
StateProv: : VA
PostalCode: : 20196
Country: : US

IP Address : 37.69.229.31 [ 37.69.229.31 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 120.121.232.78 [ 120.121.232.78 ]
OrgName: : Asia Pacific Network Information Centre
OrgID: : APNIC
Address: : PO Box 2131
City: : Milton
StateProv: : QLD
PostalCode: : 4064
Country: : AU

IP Address : 17.115.18.103 [ 17.115.18.103 ]
ISP : APPLE COMPUTER
Organization : APPLE COMPUTER
Location : US, United States
City : Cupertino, CA 95014
Latitude : 37°30'42" North
Longitude : 122°09'46" West

IP Address : 122.103.75.247 [ e3d247.BFL12.vectant.ne.jp ]
ISP : -
Organization : VECTANT Ltd.
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East

IP Address : 66.97.29.3 [ 66.97.29.3 ]
ISP : ORANO
Organization : ORANO
Location : CA, Canada
City : Toronto, ON m5c2x8
Latitude : 43°66'67" North
Longitude : 79°41'68" West

----Port 1027 ----------------
IP Address : 24.64.138.179 [ S01060010dcf19f13.lb.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

----Port 1028 -----------------
IP Address : 24.64.138.179 [ S01060010dcf19f13.lb.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

----Port 22 -----------------
IP Address : 125.252.66.222 [ ip-125-252-66-222.asianetcom.net ]
ISP : Asia Netcom Corporation
Organization : Worldwide Technologies Ltd. / Digitel
Location : PH, Philippines
City : Asia, H3 -
Latitude : 9°55'17" North
Longitude : 122°51'75" East

IP Address : 66.143.231.89 [ adsl-66-143-231-89.aasimsa.com ]
ISP : SBC Internet Services
Organization : Rosa Hilda Andrade
Location : US, United States
City : Columbus, KS 66725
Latitude : 37°14'93" North
Longitude : 94°88'93" West

----Port 1433 ---------------
IP Address : 218.26.89.141 [ 218.26.89.141 ]
ISP : China Network Communications Group Corporation
Organization : changzhi xxghw gov
Location : CN, China
City : Changzhi, 24 -
Latitude : 36°04'58" North
Longitude : 113°04'42" East

IP Address : 121.139.129.4 [ 121.139.129.4 ]
ISP : Korea Telecom
Organization : keieii(ju)
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

IP Address : 222.217.221.214 [ 222.217.221.214 ]
ISP : CHINANET Guangxi province network
Organization : CHINANET Guangxi province network
Location : CN, China
City : Nanning, 16 -
Latitude : 22°81'67" North
Longitude : 108°31'66" East

----Port 1434 ----------------
IP Address : 221.6.7.89 [ 221.6.7.89 ]
ISP : CNC Group Jiangsu province network
Organization : CNC Group Jiangsu province network
Location : CN, China
City : Nanjing, 04 -
Latitude : 32°06'17" North
Longitude : 118°77'78" East

IP Address : 220.165.8.32 [ 220.165.8.32 ]
ISP : Data Communication Division
Organization : CHINANET Yunnan province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

----Port 2967 -----------------
IP Address : 219.153.47.134 [
134.47.153.219.broad.cq.cq.dynamic.163data.com.cn ]
ISP : Data Communication Division
Organization : Data Communication Division
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East

----Port 5900 ---------------
IP Address : 85.224.178.107 [
c-6bb2e055.1111-1-64736c20.cust.bredbandsbolaget.se ]
ISP : Bredbandsbolaget AB
Organization : B2 customer network
Location : SE, Sweden
City : Hägersten, 26 -
Latitude : 59°30'00" North
Longitude : 17°96'67" East

IP Address : 124.132.3.222 [ 124.132.3.222 ]
ISP : CNC Group Shandong province network
Organization : CNC Group Shandong province network
Location : CN, China
City : Jinan, 25 -
Latitude : 36°66'83" North
Longitude : 116°99'72" East

IP Address : 91.121.24.215 [ ks39719.kimsufi.com ]
ISP : -
Organization : OVH SAS
Location : FR, France
City : Roubaix, B4 -
Latitude : 50°70'00" North
Longitude : 3°16'67" East

IP Address : 83.113.65.59 [ ALyon-156-1-146-59.w83-113.abo.wanadoo.fr ]
ISP : France Telecom
Organization : France Telecom
Location : FR, France
City : Lyon, B9 -
Latitude : 45°75'00" North
Longitude : 4°85'00" East

----Port 7212 ---------------
IP Address : 221.194.46.204 [ 221.194.46.204 ]
ISP : CNCGROUP Hebei province network
Organization : CNCGROUP Hebei province network
Location : CN, China
City : Hebei, 10 -
Latitude : 39°88'97" North
Longitude : 115°27'50" East

----Honey Pot Activity On Port 80 --------
IP Address : 72.71.221.66 [ pool-72-71-221-66.cncdnh.east.verizon.net ]
ISP : Verizon Internet Services
Organization : Verizon Internet Services
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 62.204.197.58 [ ccia-062-204-197-058.uned.es ]
ISP : Universidad Nacional de Educacion a Distancia
Organization : Universidad Nacional de Educacion a Distancia
Location : ES, Spain
City : Madrid, 29 -
Latitude : 40°40'00" North
Longitude : 3°68'33" West

Cyber Center Report - October 25, 2007

BLSS Cyber Center Report - 25 October 2007
------------------------------------------
http://www.blacklabsecurity.com/

Last night's probes/attacks were the worst we (BLSS), have detected since we started reporting Internet Activity. The severity and frequency of all previously reported probes/attacks (on all reported ports), from China, Korea, etc., has increased, along with more new IPs detected than ever previously reported. We have detected two new (active) ports, which are 8000 (China) and 23 (Germany). Port 1026; An interesting and astonishing observation, is that 5 separate probes were sent out from the Internet Assigned Numbers Authority (IANA) on five separate IP addresses. There were three IP addresses detected probing port 1026, which have no record. There is a high probability these three IPs (computers) belong to some government agency. An IP probe on port 1026 was detected from Ford Motor Company. An IP probe on port 1026 was detected from the U.S. Air Force. IP probes were detected on Port 1026 from Taiwan (new site), Argentina (new site), Germany (new site), Japan (new site), Venezuela (new site) and Canada (new site).
Port 22; Japan (new site), Korea (2 new sites). Port 1027; Canada (2 new sites), Port 1028; Canada (2 new sites). Port 1433; U.S. (new site). Port 1434; U.S. (new site), China (new site), Mexico (new site). Port 2967; U.S.
(new site), China (new site). Port 5168; China (new site). Port 5900; Mexico (new site), China (3 new sites), Spain (2 new sites), Korea (new site). Port 7212; Korea (new site). Honey Pot Activity; No attacks on BLSS Honey Pot. Two IPs "surfed" the Honey Pot via port 80; U.S. (new site), Latvia (new site).

Below is a listing of the specific details on each port probe/attack and IP
address:

------------------New ports detected ---------------------------

----Port 8000 ----------
IP Address : 218.3.134.250 [ 218.3.134.250 ]
ISP : Data Communication Division
Organization : Network Center of Fast China Shipbuilding institut
Location : CN, China
City : Zhenjiang, 04 -
Latitude : 32°20'92" North
Longitude : 119°43'42" East

----Port 23 -------------
IP Address : 62.75.222.56 [ rom109.server4you.de ]
ISP : intergenia AG
Organization : SERVER4YOU Dedicated Server Hosting
Location : DE, Germany
City : -, - -
Latitude : 51°00'00" North
Longitude : 9°00'00" East

-----------------Previously reportd ports with new IPs ------------

----Port 22--------------
IP Address : 121.1.133.193 [ w133193.ppp.asahi-net.or.jp ]
ISP : -
Organization : ASAHI Net,Inc.
Location : JP, Japan
City : Asahi, 04 -
Latitude : 35°71'67" North
Longitude : 140°65'00" East

IP Address : 218.234.32.131 [ 218.234.32.131 ]
ISP : Hanaro Telecom Co.
Organization : T&CSERVICE
Location : KR, Korea, Republic of
City : Seocho, 11 -
Latitude : 37°48'33" North
Longitude : 127°01'67" East

IP Address : 218.153.221.29 [ 218.153.221.29 ]
ISP : Korea Telecom
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

----Port 25 -------------
IP Address : 122.136.45.2 [ 122.136.45.2 ]
ISP : -
Organization : CNCGROUP Jilin province network
Location : CN, China
City : Changchun, 05 -
Latitude : 43°88'00" North
Longitude : 125°32'28" East

----Port 1026 -----------
IP Address : 168.215.6.124 [ 168-215-6-124.static.twtelecom.net ]
ISP : Time Warner Telecom
Organization : Time Warner Telecom
Location : US, United States
City : Littleton, CO 80124
Latitude : 39°52'90" North
Longitude : 104°90'50" West

IP Address : 181.94.48.142
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 23.196.161.161
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 111.47.93.216 [ 111.47.93.216 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 31.105.131.203 [ 31.105.131.203 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 163.22.15.95 [ ip095.puli15.ncnu.edu.tw ]
ISP : MOEC
Organization : Taichung Changhua Nantou Regional Network
Location : TW, Taiwan
City : Taichung, 04 -
Latitude : 24°14'33" North
Longitude : 120°68'14" East

IP Address : 79.237.38.69 [ 79.237.38.69 ]
ISP : -
Organization : Deutsche Telekom AG
Location : DE, Germany
City : -, - -
Latitude : 51°00'00" North
Longitude : 9°00'00" East

IP Address : 200.70.166.102 [ 200.70.166.102 ]
ISP : Telefonica Data Argentina S.A.
Organization : Telefonica Data Argentina S.A.
Location : AR, Argentina
City : Buenos Aires, 07 -
Latitude : 34°58'75" South
Longitude : 58°67'25" West

IP Address : 136.74.8.184 [ 136.74.8.184 ]
ISP : FORD MOTOR COMPANY
Organization : FORD MOTOR COMPANY
Location : US, United States
City : Dearborn, MI 48121
Latitude : 42°31'27" North
Longitude : 83°19'23" West

IP Address : 151.231.90.82 [ 151.231.90.82 ]
ISP : No Record Available

IP Address : 161.196.217.237 [ 161.196.217.237 ]
ISP : Compania Anonima Nacional de Telefonos de Venezuel
Organization : Compania Anonima Nacional de Telefonos de Venezuel
Location : VE, Venezuela
City : Caracas, 25 -
Latitude : 10°50'00" North
Longitude : 66°91'67" West

IP Address : 41.42.114.215 [ 41.42.114.215 ]
ISP : No Record Available

IP Address : 84.188.214.84 [ p54BCD654.dip.t-dialin.net ]
ISP : Deutsche Telekom AG
Organization : Deutsche Telekom AG
Location : DE, Germany
City : Berlin, 16 -
Latitude : 52°51'67" North
Longitude : 13°40'00" East

IP Address : 171.6.83.121 [ 171.6.83.121 ]
ISP : No Record Available

IP Address : 24.64.5.69 [ 24.64.5.69 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

IP Address : 63.179.244.236 [ 63.179.244.236 ]
ISP : Sprint
Organization : Sprint
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : Sprint
OrgID: : SPDN
Address: : 12502 Sunrise Valley Dr
City: : Reston
StateProv: : VA
PostalCode: : 20196
Country: : US

IP Address : 188.236.186.251 [ 188.236.186.251 ]
OrgName: : RIPE Network Coordination Centre
OrgID: : RIPE
Address: : P.O. Box 10096
City: : Amsterdam
StateProv: :
PostalCode: : 1001EB
Country: : NL

IP Address : 47.197.41.195 [ 47.197.41.195 ]
ISP : Bell-Northern Research
Organization : Nortel Networks
Location : CA, Canada
City : Ottawa, ON k1y4h7
Latitude : 45°41'67" North
Longitude : 75°70'00" West

IP Address : 24.64.63.248 [ 24.64.63.248 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

IP Address : 132.46.24.227 [ 132.46.24.227 ]
ISP : Columbus Air Force Base
Organization : Columbus Air Force Base
Location : US, United States
City : Columbus, MS 39710
Latitude : 33°51'63" North
Longitude : 88°46'01" West

IP Address : 121.107.129.235 [ KD121107129235.ppp-bb.dion.ne.jp ]
ISP : -
Organization : DION (KDDI CORPORATION)
Location : JP, Japan
City : Tokyo, 40 -
Latitude : 35°68'50" North
Longitude : 139°75'14" East

IP Address : 37.213.216.137 [ 37.213.216.137 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 15.4.16.227 [ 15.4.16.227 ]
ISP : HEWLETT-PACKARD COMPANY
Organization : Hewlett-Packard Company
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

----Port 1027 ---------------
IP Address : 24.64.5.69 [ 24.64.5.69 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

P Address : 24.64.63.248 [ 24.64.63.248 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

----Port 1028 ----------------
IP Address : 24.64.5.69 [ 24.64.5.69 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

P Address : 24.64.63.248 [ 24.64.63.248 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

----Port 1433 ------------
IP Address : 69.235.196.112 [ adsl-69-235-196-112.dsl.irvnca.pacbell.net ]
ISP : SBC Internet Services
Organization : SBC Internet Services
Location : US, United States
City : Los Angeles, CA -
Latitude : 34°04'16" North
Longitude : 118°29'88" West

----Port 1434 ------------
IP Address : 69.251.102.139 [ c-69-251-102-139.hsd1.md.comcast.net ]
ISP : Comcast Cable
Organization : Comcast Cable
Location : US, United States
City : Washington, DC -
Latitude : 38°90'97" North
Longitude : 77°02'31" West

IP Address : 219.147.233.30 [ 219.147.233.30 ]
ISP : Data Communication Division
Organization : CHINANET HEILONGJIANG PROVINCE NETWORK
Location : CN, China
City : Zhongshan, 07 -
Latitude : 25°53'61" North
Longitude : 118°78'97" East

IP Address : 148.221.46.92 [ dup-148-221-46-92.prodigy.net.mx ]
ISP : Uninet S.A. de C.V.
Organization : Uninet S.A. de C.V.
Location : MX, Mexico
City : Monterrey, 19 -
Latitude : 25°66'67" North
Longitude : 100°31'67" West

----Port 2967 ------------
IP Address : 58.38.3.178 [
178.3.38.58.broad.xw.sh.dynamic.163data.com.cn ]
ISP : CHINANET Shanghai province network
Organization : ChinaNet Shanghai Province Network
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East

IP Address : 69.200.229.199 [ cpe-69-200-229-199.nyc.res.rr.com ]
ISP : Road Runner
Organization : Road Runner
Location : US, United States
City : New York, NY -
Latitude : 40°76'19" North
Longitude : 73°97'63" West

----Port 5168 ------------
IP Address : 58.247.11.242 [ 58.247.11.242 ]
ISP : CNC Group ShangHai province network
Organization : CNC Group ShangHai province network
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East

----Port 5900 ------------
IP Address : 189.170.15.107 [ dsl-189-170-15-107.prod-infinitum.com.mx ]
ISP : -
Organization : Uninet S.A. de C.V.
Location : MX, Mexico
City : -, - -
Latitude : 23°00'00" North
Longitude : 102°00'00" West

IP Address : 124.226.234.15 [ 124.226.234.15 ]
ISP : CHINANET Guangxi province network
Organization : CHINANET Guangxi province network
Location : CN, China
City : Nanning, 16 -
Latitude : 22°81'67" North
Longitude : 108°31'66" East

IP Address : 217.127.100.8 [ 8.Red-217-127-100.staticIP.rima-tde.net ]
ISP : Telefonica de Espana
Organization : Red de servicios IP
Location : ES, Spain
City : Madrid, 29 -
Latitude : 40°40'00" North
Longitude : 3°68'33" West

IP Address : 80.59.142.164 [ 164.Red-80-59-142.staticIP.rima-tde.net ]
ISP : Telefonica de Espana
Organization : Telefonica de Espana
Location : ES, Spain
City : Viladecáns, 56 -
Latitude : 41°31'67" North
Longitude : 2°00'00" East

IP Address : 123.8.228.123 [ 123.8.228.123 ]
ISP : -
Organization : CNCGROUP Henan province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

IP Address : 211.174.179.32 [ 211.174.179.32 ]
ISP : KRNIC
Organization : ELIMNET-IDC
Location : KR, Korea, Republic of
City : Seoul, 11 -
Latitude : 37°56'64" North
Longitude : 126°99'97" East

IP Address : 124.224.128.140 [ 124.224.128.140 ]
ISP : CHINANET ningxia province network
Organization : CHINANET ningxia province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

----Port 7212 ------------
IP Address : 218.234.38.69 [ 218.234.38.69 ]
ISP : Hanaro Telecom Co.
Organization : Eunsan
Location : KR, Korea, Republic of
City : Seocho, 11 -
Latitude : 37°48'33" North
Longitude : 127°01'67" East

----Honey Pot Activity On Port 80 -------
IP Address : 209.128.104.84 [ 209-128-104-084.bayarea.net ]
ISP : Bay Area Internet Solutions
Organization : Go Click Media
Location : US, United States
City : Los Altos, CA 94024
Latitude : 37°34'95" North
Longitude : 122°11'63" West

IP Address : 159.148.97.48 [ 159.148.97.48 ]
ISP : LATNET
Organization : LATNET ISP
Location : LV, Latvia
City : Riga, 25 -
Latitude : 56°95'00" North
Longitude : 24°10'00" East

IP Address : 68.187.226.170 [ 68-187-226-170.dhcp.oxfr.ma.charter.com ]
ISP : CHARTER COMMUNICATIONS
Organization : CHARTER COMMUNICATIONS
Location : US, United States
City : Dudley, MA 01571
Latitude : 42°05'94" North
Longitude : 71°93'56" West

Cyber Security BLOG