BLSS Cyber Center Report - 24 October 2007
------------------------------------------
Last night's probes/attacks were just as severe as the reports on the 22nd and 23rd of October. All previously reported probes/attacks from China and Korea continue (and increase in frequency, including all previously report ports, 7212, 1026, etc.). We have detected two new (active) ports, which are 5168 and 6588.
New Activity on Port 1026; U.S. (United States Postal Service), Merck and Co., Mexico, Netherlands and China (two new sites).
Port 22; U.S. (one new site), Port 1080; China (new site). Port 1433; South Africa, U.S. (Interesting observation; two U.S. termite control companies are now (both) broadcasting on port 1433). Port 1434; Oman (new site), China (new site). Port 2967; U.S. (2 new sites), China (new site), One IP address that cannot be identified (69.245.257.182). Port 5168; China (2 new sites). Port 5900; China (2 new sites), Spain, U.S. (2 new sites). Port 6588; Korea (new site). Reported probes from users of Comcast Cable ISP; China, Canada and Israel are probing Comcast Cable ISP. Another interesting observation, is that many of the U.S. IPs now broadcasting are from within Comcast Cable. BLSS Honey Pot Activity; Users "surfed" the honey pot. No honey pot attacks last night.
The BLSS honey pot was surfed in Nashville, TN, and from two sites within the United Kingdom (UK).
Below is a listing of the specific details on each port probe/attack and IP
address:
----Port 1026 -------------
IP Address : 56.241.240.196 [ 56.241.240.196 ]
ISP : United States Postal Service.
Organization : United States Postal Service.
Location : US, United States
City : Raleigh, NC 27668
Latitude : 35°79'77" North
Longitude : 78°62'53" West
IP Address : 186.242.205.146
OrgName: : Latin American and Caribbean IP address Regional Registry
OrgID: : LACNIC
Address: : Rambla Republica de Mexico 6125
City: : Montevideo
StateProv: :
PostalCode: : 11400
Country: : UY
IP Address : 95.229.160.163
OrgName: : RIPE Network Coordination Centre
OrgID: : RIPE
Address: : P.O. Box 10096
City: : Amsterdam
StateProv: :
PostalCode: : 1001EB
Country: : NL
IP Address : 54.108.221.74 [ 54.108.221.74 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : Merck and Co., Inc.
OrgID: : MERCKA
Address: : 126 East Lincoln Avenue
City: : Rahway
StateProv: : NJ
PostalCode: : 07095
Country: : US
IP Address : 59.56.27.170 [
170.27.56.59.broad.fz.fj.dynamic.163data.com.cn ]
ISP : chinanet fujian province network
Organization : chinanet fujian province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East
IP Address : 58.221.33.13 [ 58.221.33.13 ]
ISP : CHINANET jiangsu province network
Organization : CHINANET jiangsu province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East
----Port 22 ---------------
IP Address : 72.249.66.73 [ 72.249.66.73 ]
ISP : -
Organization : Colo4Dallas LP
Location : US, United States
City : Dallas, TX 75247
Latitude : 32°81'48" North
Longitude : 96°87'06" West
----Port 1080 -------------
IP Address : 219.153.5.169 [
169.5.153.219.broad.cq.cq.dynamic.163data.com.cn ]
ISP : Data Communication Division
Organization : Data Communication Division
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East
----Port 1433 -------------
IP Address : 216.135.181.59 [ user-vc8fd9r.biz.mindspring.com ]
ISP : EarthLink
Organization : Higgins Termite Inc
Location : US, United States
City : Rancho Cucamonga, CA -
Latitude : 34°14'60" North
Longitude : 117°57'99" West
IP Address : 196.30.221.68 [ 196.30.221.68 ]
ISP : Verizon South Africa
Organization : Verizon South Africa
Location : ZA, South Africa
City : Cape Town, 11 -
Latitude : 33°91'67" South
Longitude : 18°41'67" East
IP Address : 63.205.221.242 [ 63.205.221.242 ]
ISP : SBC Internet Services
Organization : Zap Termite & Pest Control
Location : US, United States
City : Stockton, CA -
Latitude : 37°98'61" North
Longitude : 121°29'98" West
----Port 1434 --------------
IP Address : 82.178.22.22 [ 82.178.22.22 ]
ISP : Oman
Organization : Muscat Ltd
Location : OM, Oman
City : Muscat, 06 -
Latitude : 23°61'33" North
Longitude : 58°59'33" East
IP Address : 220.191.252.62 [ 220.191.252.62 ]
ISP : Data Communication Division
Organization : Lishui Electronic Government Network
Location : CN, China
City : Lishui, 02 -
Latitude : 28°11'08" North
Longitude : 119°56'39" East
----Port 2967 --------------
IP Address : 69.136.183.203 [ c-69-136-183-203.hsd1.in.comcast.net ]
ISP : Comcast Cable
Organization : Comcast Cable
Location : US, United States
City : Eatontown, NJ -
Latitude : 40°30'39" North
Longitude : 74°07'03" West
IP Address : 69.245.257.182
: No Records Available
IP Address : 58.241.178.210 [ 58.241.178.210 ]
ISP : CNC Group Jiangsu province network
Organization : PEIXIANYINGYE-COM,XUZHOU,JIANGSU Province
Location : CN, China
City : Xuzhou, 04 -
Latitude : 34°26'69" North
Longitude : 117°19'16" East
IP Address : 69.125.171.226 [ ool-457dabe2.dyn.optonline.net ]
ISP : Optimum Online (Cablevision Systems)
Organization : Optimum Online (Cablevision Systems)
Location : US, United States
City : Hicksville, NY 11801
Latitude : 40°76'70" North
Longitude : 73°52'54" West
----Port 5168 --------------
IP Address : 61.130.134.66 [
66.134.130.61.broad.hz.zj.dynamic.163data.com.cn ]
ISP : Data Communication Division
Organization : CHINANET-ZJ Hangzhou node network
Location : CN, China
City : Hangzhou, 02 -
Latitude : 30°25'53" North
Longitude : 120°16'89" East
IP Address : 61.130.134.66 [
66.134.130.61.broad.hz.zj.dynamic.163data.com.cn ]
ISP : Data Communication Division
Organization : CHINANET-ZJ Hangzhou node network
Location : CN, China
City : Hangzhou, 02 -
Latitude : 30°25'53" North
Longitude : 120°16'89" East
----Port 5900 --------------
IP Address : 222.216.28.178 [ 222.216.28.178 ]
ISP : CHINANET Guangxi province network
Organization : CHINANET Guangxi province network
Location : CN, China
City : Nanning, 16 -
Latitude : 22°81'67" North
Longitude : 108°31'66" East
IP Address : 69.248.159.104 [ c-69-248-159-104.hsd1.nj.comcast.net ]
ISP : Comcast Cable
Organization : Comcast Cable
Location : US, United States
City : Cherry Hill, NJ -
Latitude : 39°90'84" North
Longitude : 74°99'83" West
IP Address : 70.8.51.83 [ h46083353.area4.spcsdns.net ]
ISP : Sprint PCS
Organization : Sprint PCS
Location : US, United States
City : West Bend, WI -
Latitude : 43°42'97" North
Longitude : 88°18'31" West
IP Address : 124.224.131.132 [ 124.224.131.132 ]
ISP : CHINANET ningxia province network
Organization : CHINANET ningxia province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East
IP Address : 80.24.234.121 [ 121.Red-80-24-234.staticIP.rima-tde.net ]
ISP : Telefonica Data Espana
Organization : Telefonica de Espana
Location : ES, Spain
City : Madrid, 29 -
Latitude : 40°40'00" North
Longitude : 3°68'33" West
----Port 6588 --------------
IP Address : 218.234.41.8 [ 218.234.41.8 ]
ISP : Hanaro Telecom Co.
Organization : SEOULMEDIA
Location : KR, Korea, Republic of
City : Seocho, 11 -
Latitude : 37°48'33" North
Longitude : 127°01'67" East
----Reported Probes Within Comcast Cable-------
IP Address : 24.64.106.160 [ S01060014bfe0176a.cg.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : Calgary, AB -
Latitude : 51°08'33" North
Longitude : 114°08'33" West
IP Address : 62.90.138.197 [ 62-90-138-197.interhost.co.il ]
ISP : Barak I.T.C
Organization : Barak I.T.C.
Location : IL, Israel
City : Tel Aviv-Yafo, 05 -
Latitude : 32°06'78" North
Longitude : 34°76'47" East
IP Address : 218.27.148.78 [ 218.27.148.78 ]
ISP : CNCGROUP Jilin province network
Organization : CNCGROUP Jilin province network
Location : CN, China
City : Changchun, 05 -
Latitude : 43°88'00" North
Longitude : 125°32'28" East
----Honey Pot Activity -------------
IP Address : 71.228.243.95 [ c-71-228-243-95.hsd1.tn.comcast.net ]
ISP : Comcast Cable
Organization : Comcast Cable
Location : US, United States
City : Nashville, TN -
Latitude : 36°14'58" North
Longitude : 86°78'44" West
IP Address : 81.100.113.6 [
spc1-pool7-0-0-cust261.cosh.broadband.ntl.com ]
ISP : NTL Internet
Organization : NTL Internet
Location : GB, United Kingdom
City : Borehamwood, K8 -
Latitude : 51°65'00" North
Longitude : 0°26'67" West
IP Address : 88.110.111.176 [ 88-110-111-176.dynamic.dsl.as9105.com ]
ISP : Tiscali UK Limited
Organization : Tiscali UK Ltd
Location : GB, United Kingdom
City : -, - -
Latitude : 54°00'00" North
Longitude : 2°00'00" West
Subscribe to:
Post Comments (Atom)
5 comments:
Dear All,
Im new in internet useage, but i received a breach attack today fro m one of the listed IPs above.
62.90.138.197.
port 59187
Can someone explain what it is all about exactly?
thx, brgds
D
I am the admin of the server 62.90.138.197, we are running regular sites there and never attacked anyone. I suspect that our server maybe got hacked. what kind of attack was from our server?
do you have time/date of the attack?
Hello I am from Brazil and the website selling clothing Abercrombie
I am very interested in doing business
I need to know how to get their products and how much
I await your reply thank you
I have no idea at all how or why I am not that computer savy, but I had a warning from google that the following ip address was looking at my gmail account? am i safe having now changed the password? help!!!
IP Address : 59.56.27.170 [
170.27.56.59.broad.fz.fj.dynamic.163data.com.cn ]
ISP : chinanet fujian province network
Organization : chinanet fujian province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East
can someone explain what CHINANET FUJIAN PROVINCE NETWORK is?? they ran over my site so many times making 404 errors that it actually hurt my search ranking?? I don't know why this is happening, but is it some sort of attack?? I left the site in the url, and if someone wants to see the records, please use the
Post a Comment