Sunday, October 28, 2007

Cyber Center Report - October 21, 2007

Black Lab Security Cyber Center Report
Sunday, October 21, 2007 (9:17 AM CMT)

Black Lab Security Systems, Inc. (BLSS)
9250 Bendix Road, North Suite 225
Columbia, MD 21045
Toll Free: 888-352-1119
info@blacklabsecurity.com
http://www.blacklabsecuirty.com/


Summary of Overnight Internet Activity
--------------------------------------
All previously reported probes/attacks from China, on all reported ports still continue from China. All previously reported probes/attacks from Korea, on all reported ports still continue from Korea.

New probes/attacks on port 1026 from another unknown computer at 113.86.139.71. We can only conclude this is a government agency computer, which is intended to function on the Internet in a "stealth" environment, and is now broadcasting. Therefore, the computer must have been compromised because it is now broadcasting over the Internet. New probes/attacks on port 1433 from a new site in China, which is the Wuhan Institute of Science and Technology, and a probe/attack on port 1433 from inside the U.S., located in the Bronx, NY. New probes/attacks on port 1434 from Shanghai, China and Changsha, China. A new Probe/Attack on port 2968 was detected from Emeryville, CA. A new probe/attack on port 4715 was detected from East Northport, NY. A new probe/attack on port 4899 was detected from Portsmouth, VA. Port 25 continues to be probed/attacked from Taipei, Taiwan. BLSS Honey Pot Activity: One computer from within the U.S. attacked our honey pot for several hours last night. The attacking computer IP address was 74.138.235.20, located in Louisville, KY and executed programs in attempt to gain access by probing 59 different ports. The attempt to breach our honey pot was completely unsuccessful. None of the attempted exploits worked. The attacking computer ran programs against the following BLSS Honey Pot ports:

13722, 27665, 829, 863, 1369, 914, 838, 834, 5902, 236, 50002, 2011, 479, 940, 27001, 974, 871, 267, 3005, 5432, 326, 1534, 1370, 32777, 15, 950, 559, 6667, 4480, 715, 1420, 468, 18, 61441, 664, 292, 32770, 98, 749, 7070, 19150, 665, 5302, 502, 1139, 129, 227, 331, 599, 249, 225, 1650, 1520, 692, 2032, 6009, 930, 1353

Below is a listing of the specific details on each port probe/attack and IP
address:

----Port 1026
IP Address : 113.86.139.271
: No Record

----Port 1433
IP Address : 211.67.58.203 [ 211.67.58.203 ]
ISP : China Education and Research Network
Organization : Wuhan Institute of Science and Technology
Location : CN, China
City : Wuhan, 12 -
Latitude : 30°58'33" North
Longitude : 114°26'67" East

IP Address : 69.119.135.173 [ ool-457787ad.dyn.optonline.net ]
ISP : Optimum Online (Cablevision Systems)
Organization : Optimum Online (Cablevision Systems)
Location : US, United States
City : Bronx, NY -
Latitude : 40°84'99" North
Longitude : 73°87'69" West

----Port 1434
IP Address : 61.134.56.18 [ 61.134.56.18 ]
ISP : Data Communication Division
Organization : Data Communication Division
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East

IP Address : 58.20.228.52 [ 58.20.228.52 ]
ISP : CNC Group HuNan province network
Organization : CNC Group HuNan province network
Location : CN, China
City : Changsha, 11 -
Latitude : 28°17'92" North
Longitude : 113°11'36" East

----Port 2968
IP Address : 69.107.113.217 [ adsl-69-107-113-217.dsl.pltn13.pacbell.net ]
ISP : SBC Internet Services
Organization : SBC Internet Services
Location : US, United States
City : Emeryville, CA -
Latitude : 37°83'42" North
Longitude : 122°28'97" West

----Port 4715
IP Address : 69.118.128.82 [ ool-45768052.dyn.optonline.net ]
ISP : Optimum Online (Cablevision Systems)
Organization : Optimum Online (Cablevision Systems)
Location : US, United States
City : East Northport, NY 11731
Latitude : 40°86'18" North
Longitude : 73°31'51" West

----Port 25
IP Address : 122.116.17.133 [ 122-116-17-133.HINET-IP.hinet.net ]
ISP : -
Organization : Chunghwa Telecom Data communication Business Group
Location : TW, Taiwan
City : Taipei, 03 -
Latitude : 25°03'92" North
Longitude : 121°52'50" East

---4899
IP Address : 71.241.11.185 [ pool-71-241-11-185.norf.east.verizon.net ]
ISP : Verizon Internet Services
Organization : Verizon Internet Services
Location : US, United States
City : Portsmouth, VA -
Latitude : 36°83'39" North
Longitude : 76°34'00" West

----Attack On Honey Pot
IP Address : 74.138.235.20 [ 74-138-235-20.dhcp.insightbb.com ]
ISP : INSIGHT COMMUNICATIONS COMPANY, L.P.
Organization : Insight Communications Company
Location : US, United States
City : Louisville, KY -
Latitude : 38°20'85" North
Longitude : 85°69'18" West



###
Posted by at
Labels: , , , , , , , , , , , , , , , ,

1 comment:

Anonymous said...

I get these all the time. My security stops them, but how do I stop them forever? Can anyone help me?

Sunday, December 30, 2007 at 8:24:00 PM EST

Post a Comment

Subscribe to: Post Comments (Atom)