BLSS Cyber Center Report - 25 October 2007
------------------------------------------
http://www.blacklabsecurity.com/
Last night's probes/attacks were the worst we (BLSS), have detected since we started reporting Internet Activity. The severity and frequency of all previously reported probes/attacks (on all reported ports), from China, Korea, etc., has increased, along with more new IPs detected than ever previously reported. We have detected two new (active) ports, which are 8000 (China) and 23 (Germany). Port 1026; An interesting and astonishing observation, is that 5 separate probes were sent out from the Internet Assigned Numbers Authority (IANA) on five separate IP addresses. There were three IP addresses detected probing port 1026, which have no record. There is a high probability these three IPs (computers) belong to some government agency. An IP probe on port 1026 was detected from Ford Motor Company. An IP probe on port 1026 was detected from the U.S. Air Force. IP probes were detected on Port 1026 from Taiwan (new site), Argentina (new site), Germany (new site), Japan (new site), Venezuela (new site) and Canada (new site).
Port 22; Japan (new site), Korea (2 new sites). Port 1027; Canada (2 new sites), Port 1028; Canada (2 new sites). Port 1433; U.S. (new site). Port 1434; U.S. (new site), China (new site), Mexico (new site). Port 2967; U.S.
(new site), China (new site). Port 5168; China (new site). Port 5900; Mexico (new site), China (3 new sites), Spain (2 new sites), Korea (new site). Port 7212; Korea (new site). Honey Pot Activity; No attacks on BLSS Honey Pot. Two IPs "surfed" the Honey Pot via port 80; U.S. (new site), Latvia (new site).
Below is a listing of the specific details on each port probe/attack and IP
address:
------------------New ports detected ---------------------------
----Port 8000 ----------
IP Address : 218.3.134.250 [ 218.3.134.250 ]
ISP : Data Communication Division
Organization : Network Center of Fast China Shipbuilding institut
Location : CN, China
City : Zhenjiang, 04 -
Latitude : 32°20'92" North
Longitude : 119°43'42" East
----Port 23 -------------
IP Address : 62.75.222.56 [ rom109.server4you.de ]
ISP : intergenia AG
Organization : SERVER4YOU Dedicated Server Hosting
Location : DE, Germany
City : -, - -
Latitude : 51°00'00" North
Longitude : 9°00'00" East
-----------------Previously reportd ports with new IPs ------------
----Port 22--------------
IP Address : 121.1.133.193 [ w133193.ppp.asahi-net.or.jp ]
ISP : -
Organization : ASAHI Net,Inc.
Location : JP, Japan
City : Asahi, 04 -
Latitude : 35°71'67" North
Longitude : 140°65'00" East
IP Address : 218.234.32.131 [ 218.234.32.131 ]
ISP : Hanaro Telecom Co.
Organization : T&CSERVICE
Location : KR, Korea, Republic of
City : Seocho, 11 -
Latitude : 37°48'33" North
Longitude : 127°01'67" East
IP Address : 218.153.221.29 [ 218.153.221.29 ]
ISP : Korea Telecom
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East
----Port 25 -------------
IP Address : 122.136.45.2 [ 122.136.45.2 ]
ISP : -
Organization : CNCGROUP Jilin province network
Location : CN, China
City : Changchun, 05 -
Latitude : 43°88'00" North
Longitude : 125°32'28" East
----Port 1026 -----------
IP Address : 168.215.6.124 [ 168-215-6-124.static.twtelecom.net ]
ISP : Time Warner Telecom
Organization : Time Warner Telecom
Location : US, United States
City : Littleton, CO 80124
Latitude : 39°52'90" North
Longitude : 104°90'50" West
IP Address : 181.94.48.142
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 23.196.161.161
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 111.47.93.216 [ 111.47.93.216 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 31.105.131.203 [ 31.105.131.203 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 163.22.15.95 [ ip095.puli15.ncnu.edu.tw ]
ISP : MOEC
Organization : Taichung Changhua Nantou Regional Network
Location : TW, Taiwan
City : Taichung, 04 -
Latitude : 24°14'33" North
Longitude : 120°68'14" East
IP Address : 79.237.38.69 [ 79.237.38.69 ]
ISP : -
Organization : Deutsche Telekom AG
Location : DE, Germany
City : -, - -
Latitude : 51°00'00" North
Longitude : 9°00'00" East
IP Address : 200.70.166.102 [ 200.70.166.102 ]
ISP : Telefonica Data Argentina S.A.
Organization : Telefonica Data Argentina S.A.
Location : AR, Argentina
City : Buenos Aires, 07 -
Latitude : 34°58'75" South
Longitude : 58°67'25" West
IP Address : 136.74.8.184 [ 136.74.8.184 ]
ISP : FORD MOTOR COMPANY
Organization : FORD MOTOR COMPANY
Location : US, United States
City : Dearborn, MI 48121
Latitude : 42°31'27" North
Longitude : 83°19'23" West
IP Address : 151.231.90.82 [ 151.231.90.82 ]
ISP : No Record Available
IP Address : 161.196.217.237 [ 161.196.217.237 ]
ISP : Compania Anonima Nacional de Telefonos de Venezuel
Organization : Compania Anonima Nacional de Telefonos de Venezuel
Location : VE, Venezuela
City : Caracas, 25 -
Latitude : 10°50'00" North
Longitude : 66°91'67" West
IP Address : 41.42.114.215 [ 41.42.114.215 ]
ISP : No Record Available
IP Address : 84.188.214.84 [ p54BCD654.dip.t-dialin.net ]
ISP : Deutsche Telekom AG
Organization : Deutsche Telekom AG
Location : DE, Germany
City : Berlin, 16 -
Latitude : 52°51'67" North
Longitude : 13°40'00" East
IP Address : 171.6.83.121 [ 171.6.83.121 ]
ISP : No Record Available
IP Address : 24.64.5.69 [ 24.64.5.69 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
IP Address : 63.179.244.236 [ 63.179.244.236 ]
ISP : Sprint
Organization : Sprint
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : Sprint
OrgID: : SPDN
Address: : 12502 Sunrise Valley Dr
City: : Reston
StateProv: : VA
PostalCode: : 20196
Country: : US
IP Address : 188.236.186.251 [ 188.236.186.251 ]
OrgName: : RIPE Network Coordination Centre
OrgID: : RIPE
Address: : P.O. Box 10096
City: : Amsterdam
StateProv: :
PostalCode: : 1001EB
Country: : NL
IP Address : 47.197.41.195 [ 47.197.41.195 ]
ISP : Bell-Northern Research
Organization : Nortel Networks
Location : CA, Canada
City : Ottawa, ON k1y4h7
Latitude : 45°41'67" North
Longitude : 75°70'00" West
IP Address : 24.64.63.248 [ 24.64.63.248 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
IP Address : 132.46.24.227 [ 132.46.24.227 ]
ISP : Columbus Air Force Base
Organization : Columbus Air Force Base
Location : US, United States
City : Columbus, MS 39710
Latitude : 33°51'63" North
Longitude : 88°46'01" West
IP Address : 121.107.129.235 [ KD121107129235.ppp-bb.dion.ne.jp ]
ISP : -
Organization : DION (KDDI CORPORATION)
Location : JP, Japan
City : Tokyo, 40 -
Latitude : 35°68'50" North
Longitude : 139°75'14" East
IP Address : 37.213.216.137 [ 37.213.216.137 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 15.4.16.227 [ 15.4.16.227 ]
ISP : HEWLETT-PACKARD COMPANY
Organization : Hewlett-Packard Company
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
----Port 1027 ---------------
IP Address : 24.64.5.69 [ 24.64.5.69 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
P Address : 24.64.63.248 [ 24.64.63.248 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
----Port 1028 ----------------
IP Address : 24.64.5.69 [ 24.64.5.69 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
P Address : 24.64.63.248 [ 24.64.63.248 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
----Port 1433 ------------
IP Address : 69.235.196.112 [ adsl-69-235-196-112.dsl.irvnca.pacbell.net ]
ISP : SBC Internet Services
Organization : SBC Internet Services
Location : US, United States
City : Los Angeles, CA -
Latitude : 34°04'16" North
Longitude : 118°29'88" West
----Port 1434 ------------
IP Address : 69.251.102.139 [ c-69-251-102-139.hsd1.md.comcast.net ]
ISP : Comcast Cable
Organization : Comcast Cable
Location : US, United States
City : Washington, DC -
Latitude : 38°90'97" North
Longitude : 77°02'31" West
IP Address : 219.147.233.30 [ 219.147.233.30 ]
ISP : Data Communication Division
Organization : CHINANET HEILONGJIANG PROVINCE NETWORK
Location : CN, China
City : Zhongshan, 07 -
Latitude : 25°53'61" North
Longitude : 118°78'97" East
IP Address : 148.221.46.92 [ dup-148-221-46-92.prodigy.net.mx ]
ISP : Uninet S.A. de C.V.
Organization : Uninet S.A. de C.V.
Location : MX, Mexico
City : Monterrey, 19 -
Latitude : 25°66'67" North
Longitude : 100°31'67" West
----Port 2967 ------------
IP Address : 58.38.3.178 [
178.3.38.58.broad.xw.sh.dynamic.163data.com.cn ]
ISP : CHINANET Shanghai province network
Organization : ChinaNet Shanghai Province Network
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East
IP Address : 69.200.229.199 [ cpe-69-200-229-199.nyc.res.rr.com ]
ISP : Road Runner
Organization : Road Runner
Location : US, United States
City : New York, NY -
Latitude : 40°76'19" North
Longitude : 73°97'63" West
----Port 5168 ------------
IP Address : 58.247.11.242 [ 58.247.11.242 ]
ISP : CNC Group ShangHai province network
Organization : CNC Group ShangHai province network
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East
----Port 5900 ------------
IP Address : 189.170.15.107 [ dsl-189-170-15-107.prod-infinitum.com.mx ]
ISP : -
Organization : Uninet S.A. de C.V.
Location : MX, Mexico
City : -, - -
Latitude : 23°00'00" North
Longitude : 102°00'00" West
IP Address : 124.226.234.15 [ 124.226.234.15 ]
ISP : CHINANET Guangxi province network
Organization : CHINANET Guangxi province network
Location : CN, China
City : Nanning, 16 -
Latitude : 22°81'67" North
Longitude : 108°31'66" East
IP Address : 217.127.100.8 [ 8.Red-217-127-100.staticIP.rima-tde.net ]
ISP : Telefonica de Espana
Organization : Red de servicios IP
Location : ES, Spain
City : Madrid, 29 -
Latitude : 40°40'00" North
Longitude : 3°68'33" West
IP Address : 80.59.142.164 [ 164.Red-80-59-142.staticIP.rima-tde.net ]
ISP : Telefonica de Espana
Organization : Telefonica de Espana
Location : ES, Spain
City : Viladecáns, 56 -
Latitude : 41°31'67" North
Longitude : 2°00'00" East
IP Address : 123.8.228.123 [ 123.8.228.123 ]
ISP : -
Organization : CNCGROUP Henan province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East
IP Address : 211.174.179.32 [ 211.174.179.32 ]
ISP : KRNIC
Organization : ELIMNET-IDC
Location : KR, Korea, Republic of
City : Seoul, 11 -
Latitude : 37°56'64" North
Longitude : 126°99'97" East
IP Address : 124.224.128.140 [ 124.224.128.140 ]
ISP : CHINANET ningxia province network
Organization : CHINANET ningxia province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East
----Port 7212 ------------
IP Address : 218.234.38.69 [ 218.234.38.69 ]
ISP : Hanaro Telecom Co.
Organization : Eunsan
Location : KR, Korea, Republic of
City : Seocho, 11 -
Latitude : 37°48'33" North
Longitude : 127°01'67" East
----Honey Pot Activity On Port 80 -------
IP Address : 209.128.104.84 [ 209-128-104-084.bayarea.net ]
ISP : Bay Area Internet Solutions
Organization : Go Click Media
Location : US, United States
City : Los Altos, CA 94024
Latitude : 37°34'95" North
Longitude : 122°11'63" West
IP Address : 159.148.97.48 [ 159.148.97.48 ]
ISP : LATNET
Organization : LATNET ISP
Location : LV, Latvia
City : Riga, 25 -
Latitude : 56°95'00" North
Longitude : 24°10'00" East
IP Address : 68.187.226.170 [ 68-187-226-170.dhcp.oxfr.ma.charter.com ]
ISP : CHARTER COMMUNICATIONS
Organization : CHARTER COMMUNICATIONS
Location : US, United States
City : Dudley, MA 01571
Latitude : 42°05'94" North
Longitude : 71°93'56" West
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment