Cyber Center Report - October 22, 2007

Black Lab Security Cyber Center Report
Monday, October 22, 2007 (10:12 AM CMT)

Black Lab Security Systems, Inc. (BLSS)
9250 Bendix Road, North Suite 225
Columbia, MD 21045
Toll Free: 888-352-1119
info@blacklabsecurity.com
http://www.blacklabsecuirty.com/

Summary of Overnight Internet Activity
--------------------------------------

BLSS has detected and observed the worst night of probes/attacks since we started reporting internet activity. Last night was a new record (high) for new sites and new ports being probed/attacked. More sites have been established in China and Korea, continuously probing/attacking the U.S. Two U.S. Department Of Defense (DoD) computers were successfully breached, now broadcasting on port 1026. The DoD computers are; 1) IP address 11.104.193.153, located (approximately) in Colorado, which is part of the DoD Network Centric Operations, 2) IP Address 155.147.1.82, Director Of Logistics, located at Fort Rucker, AL. The California Institute Of Health is now broadcasting on port 1433.

The following new countries are probing/attacking on port 1026; China (new sites), Tunisia, Canada (new site), U.S. (new site) and Italy. Port 1027; China (new site), Canada (new site). Port 1028; Canada (new site). Port 21; UK (London). Port 22; UK (London), Port 25; Japan (Tokyo). Port 445; China (new site), U.S., (new site). Port 1433: U.S. (new site). Port 1434; India, Romania, China (2 new sites), Taiwan. Port 1080; China (new site), Korea (new site). Port 2967; China (new site). Port 4899; Turkey, China (new site). Port 5900; Italy, China (new site). Port 7212; Korea (new site).
Port 8180; Slovakia. The BLSS Honey Pot; Web surfed (only) by Australia and U.S. - no attempted attacks by web surfers on the BLSS honey pot.

Below is a listing of the specific details on each port probe/attack and IP
address:

----Port 1026
IP Address : 218.10.137.142 [ 218.10.137.142 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 221.209.110.20 [ 221.209.110.20 ]
ISP : CNCGROUP Heilongjiang province network
Organization : Mudanjiang Internet Division
Location : CN, China
City : Mudanjiang, 08 -
Latitude : 44°58'33" North
Longitude : 129°60'00" East

IP Address : 155.147.1.82 [ 155.147.1.82 ]
ISP : DIRECTORATE OF LOGISTICS
Organization : DIRECTORATE OF LOGISTICS
Location : US, United States
City : Fort Rucker, AL 36362
Latitude : 31°34'97" North
Longitude : 85°68'46" West

IP Address : 41.225.91.172 [ 41.225.91.172 ]
ISP : -
Organization : Agence Tunisienne Internet - ATI
Location : TN, Tunisia
City : -, - -
Latitude : 34°00'00" North
Longitude : 9°00'00" East

IP Address : 24.64.255.53 [ 24.64.255.53 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

IP Address : 8.63.130.197 [ 8.63.130.197 ]
ISP : Level 3 Communications
Organization : Level 3 Communications
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 11.104.193.153 [ 11.104.193.153 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName : DoD Network Information Center
OrgID : DNIC
Address : 3990 E. Broad Street
City : Columbus
StateProv : OH
PostalCode : 43218
Country : US

IP Address : 77.93.236.103 [ 77-93-236-103.dcpool.ip.kpnqwest.it ]
ISP : -
Organization : KPNQwest Italia S.p.a.
Location : IT, Italy
City : Milan, 09 -
Latitude : 45°46'67" North
Longitude : 9°20'00" East


----Port 1027
IP Address : 221.209.110.20 [ 221.209.110.20 ]
ISP : CNCGROUP Heilongjiang province network
Organization : Mudanjiang Internet Division
Location : CN, China
City : Mudanjiang, 08 -
Latitude : 44°58'33" North
Longitude : 129°60'00" East

IP Address : 24.64.255.53 [ 24.64.255.53 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

----Port 1028
IP Address : 24.64.255.53 [ 24.64.255.53 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West

-----Port 21
IP Address : 78.86.141.137 [ 78-86-141-137.zone2.bethere.co.uk ]
ISP : -
Organization : Be Un Limited
Location : GB, United Kingdom
City : London, H9 -
Latitude : 51°50'00" North
Longitude : 0°11'67" West

----Port 22
IP Address : 78.86.141.137 [ 78-86-141-137.zone2.bethere.co.uk ]
ISP : -
Organization : Be Un Limited
Location : GB, United Kingdom
City : London, H9 -
Latitude : 51°50'00" North
Longitude : 0°11'67" West

----Port 25
IP Address : 219.166.34.82 [ piano.tokyo-club.com ]
ISP : OCN Provided By NTT-Communications which is ISP
Organization : Tokyo Printing inc.
Location : JP, Japan
City : Tokyo, 40 -
Latitude : 35°68'50" North
Longitude : 139°75'14" East

----Port 445
IP Address : 124.114.116.18 [
18.116.114.124.broad.xa.sn.dynamic.163data.com.cn ]
ISP : CHINANET Shanxi(SN) province network
Organization : CHINANET Shanxi(SN) province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

IP Address : 69.128.208.251 [ lncswibas01-pool0-a251.lncswi.tds.net ]
ISP : TDS TELECOM
Organization : TDS TELECOM
Location : US, United States
City : Madison, WI -
Latitude : 43°07'14" North
Longitude : 89°39'32" West

----Port 1433
IP Address : 75.8.241.35 [ 75.8.241.35 ]
ISP : SBC Internet Services
Organization : Ca Inst Of Hlth Soc
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 69.121.3.83 [ ool-45790353.dyn.optonline.net ]
ISP : Optimum Online (Cablevision Systems)
Organization : Optimum Online (Cablevision Systems)
Location : US, United States
City : Mamaroneck, NY 10543
Latitude : 40°95'21" North
Longitude : 73°73'82" West

----Port 1434
IP Address : 203.94.243.191 [ 203.94.243.191 ]
ISP : Mahanagar Telephone Nigam Ltd., ISP Division, New
Organization : Mahanagar Telephone Nigam Ltd., ISP Division, New
Location : IN, India
City : New Delhi, 07 -
Latitude : 28°60'00" North
Longitude : 77°20'00" East

IP Address : 82.78.22.22 [ 82-78-22-22.rdsnet.ro ]
ISP : RCS & RDS SA
Organization : SC TELCOR COMMUNICATIONS SRL
Location : RO, Romania
City : Bucharest, 10 -
Latitude : 44°43'33" North
Longitude : 26°10'00" East

IP Address : 219.147.233.40 [ 219.147.233.40 ]
ISP : Data Communication Division
Organization : CHINANET HEILONGJIANG PROVINCE NETWORK
Location : CN, China
City : Zhongshan, 07 -
Latitude : 25°53'61" North
Longitude : 118°78'97" East

IP Address : 218.75.199.50 [ 218.75.199.50 ]
ISP : Data Communication Division
Organization : CHINANET-HN Zhuzhou node network
Location : CN, China
City : Hunan, 07 -
Latitude : 25°97'14" North
Longitude : 119°64'86" East

IP Address : 218.165.8.32 [ 218-165-8-32.dynamic.hinet.net ]
ISP : CHTD, Chunghwa Telecom Co.,Ltd.
Organization : Chunghwa Telecom Data communication Business Group
Location : TW, Taiwan
City : Taipei, 03 -
Latitude : 25°03'92" North
Longitude : 121°52'50" East

----Port 1080
IP Address : 222.169.226.169 [ 222.169.226.169 ]
ISP : CHINANET Jilin province network
Organization : CHINANET JILIN PROVINCE NETWORK
Location : CN, China
City : Changchun, 05 -
Latitude : 43°88'00" North
Longitude : 125°32'28" East

IP Address : 222.239.255.43 [ 222.239.255.43 ]
ISP : Hanaro Telecom, Inc.
Organization : Hanaro Telecom, Inc.
Location : KR, Korea, Republic of
City : Seoul, 11 -
Latitude : 37°56'64" North
Longitude : 126°99'97" East

----Port 2967
IP Address : 61.130.50.150 [ 61.130.50.150 ]
ISP : Data Communication Division
Organization : CHINANET-ZJ Quzhou node network
Location : CN, China
City : Quzhou, 02 -
Latitude : 28°95'93" North
Longitude : 118°86'86" East

---Port 4899
IP Address : 221.158.228.40 [ 221.158.228.40 ]
ISP : Korea Telecom
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

IP Address : 88.248.17.231 [ dsl88-248-4583.ttnet.net.tr ]
ISP : Turk Telekom
Organization : Turk Telekom
Location : TR, Turkey
City : Ankara, 68 -
Latitude : 39°92'72" North
Longitude : 32°86'44" East

----Port 5900
IP Address : 82.91.191.37 [
host37-191-static.91-82-b.business.telecomitalia.it ]
ISP : Telecom Italia Wireline Services
Organization : Telecom Italia Wireline Services
Location : IT, Italy
City : Chieti, 01 -
Latitude : 42°35'00" North
Longitude : 14°16'67" East

IP Address : 124.114.116.18 [
18.116.114.124.broad.xa.sn.dynamic.163data.com.cn ]
ISP : CHINANET Shanxi(SN) province network
Organization : CHINANET Shanxi(SN) province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

----8180
IP Address : 85.248.121.12 [ 85.248.121.12 ]
ISP : GTS INEC a.s.
Organization : LightStorm Communications s.r.o.
Location : SK, Slovakia
City : Bratislava, 02 -
Latitude : 48°15'00" North
Longitude : 17°11'67" East

----Port 7212
IP Address : 221.141.127.137 [ 221.141.127.137 ]
ISP : Hanaro Telecom, Inc.
Organization : Hanaro Telecom, Inc.
Location : KR, Korea, Republic of
City : Ilsan, 21 -
Latitude : 35°50'00" North
Longitude : 129°43'33" East

----Honey Port Web Surf
IP Address : 61.69.212.98 [ C-61-69-212-98.for.connect.net.au ]
ISP : AAPT Limited
Organization : AAPT Limited
Location : AU, Australia
City : Tuggeranong, 01 -
Latitude : 35°43'33" South
Longitude : 149°15'00" East

IP Address : 24.236.179.1 [ 24-236-179-1.dhcp.mrqt.mi.charter.com ]
ISP : CHARTER COMMUNICATIONS
Organization : CHARTER COMMUNICATIONS
Location : US, United States
City : Houghton, MI 49931
Latitude : 47°15'44" North
Longitude : 88°64'71" West


###