BLSS Cyber Center Report - 26 October 2007
------------------------------------------
http://www.blacklabsecurity.com/
Last night's probes/attacks were just as consistent and with the same sustained frequency as the 25 October 2005 BLSS Cyber Center Report. The severity and frequency of all previously reported probes/attacks (on all reported ports), from China and Korea remains consistent across the Internet.
One new IP in China (221.194.46.204) is tenacious in it's continuous probing of port 7212. The frequency is so high, that 221.194.46.204 performs a probe every 3-4 minutes.
New activity on Port 1026; The Internet Assigned Number Authority (IANA), performed 4 probes last night, with 4 different (new) IP addresses.
Two IP addresses recorded as the property of the Department Of Defense (DoD), located somewhere (approximately) in Colorado were detected probing on port 1026. One computer with an unknown IP (not recorded) was detected probing on port 1026. Again, it has been our experience that unknown IPs (not recorded) are the property of some government agency. One computer that is recorded to be within Apple Computer Corporation was detected probing port 1026. Additional probes detected on Port 1026 were from U.S. (4 other new sites), New Zealand (new site), Slovenia (new site), Canada (2 new sites), Germany (new site), Japan (new site), Australia (new site). Port 1027; Canada (new site). Port 1028; Canada (new site). Port 22; Philippines (new site), U.S. (new site).
Port 1433; China (2 new sites), Korea (new site), Port 1434; China (2 new sites). Port 2967; China (new site). Port 5900; Sweden (new site), China (new site), France (2 new sites). Port 7212; China (one new site, which was discussed above). Honey Port Activity; No attacks last night on the BLSS Honey Port. The BLSS Honey Pot was "surfed" by one IP in the U.S., and one IP in Spain from a University located in Madrid.
Below is a listing of the specific details on each port probe/attack and IP
address:
----Port 1026 ---------------
IP Address : 23.102.102.67 [ 23.102.102.67 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 131.239.20.104 [ host-131-239-20-104.customer.veroxity.net ]
ISP : Veroxity Technology Partners
Organization : Veroxity Technology Partners
Location : US, United States
City : Newtonville, MA 02460
Latitude : 42°35'22" North
Longitude : 71°20'98" West
IP Address : 106.201.119.31 [ 106.201.119.31 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 138.211.173.87 [ 138.211.173.87 ]
ISP : WAIARI
Organization : WAIARI
Location : NZ, New Zealand
City : -, - -
Latitude : 41°00'00" South
Longitude : 174°00'00" East
IP Address : 22.89.119.186 [ 22.89.119.186 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : DoD Network Information Center
OrgID: : DNIC
Address: : 3990 E. Broad Street
City: : Columbus
StateProv: : OH
PostalCode: : 43218
Country: : US
IP Address : 22.216.206.127 [ 22.216.206.127 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : DoD Network Information Center
OrgID: : DNIC
Address: : 3990 E. Broad Street
City: : Columbus
StateProv: : OH
PostalCode: : 43218
Country: : US
IP Address : 75.35.178.112 [ 75.35.178.112 ]
ISP : -
Organization : Aquila
Location : US, United States
City : Overland Park, KS 66214
Latitude : 38°96'43" North
Longitude : 94°71'35" West
IP Address : 12.122.135.214 [ 12.122.135.214 ]
ISP : AT&T WorldNet Services
Organization : AT&T WorldNet Services
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
IP Address : 153.5.22.199 [ cmb61-199.dial-up.arnes.si ]
ISP : Slovenia
Organization : Slovenia
Location : SI, Slovenia
City : Ljubljana, 04 -
Latitude : 46°05'53" North
Longitude : 14°51'44" East
IP Address : 24.64.138.179 [ S01060010dcf19f13.lb.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
IP Address : 171.61.227.28 [ 171.61.227.28 ]
ISP : No Record (Unknown)
IP Address : 213.69.88.54 [ 213.69.88.54 ]
ISP : MCI Deutschland
Organization : Gilat Europe GmbH
Location : DE, Germany
City : Backnang, 01 -
Latitude : 48°95'00" North
Longitude : 9°43'33" East
IP Address : 180.254.222.130 [ 180.254.222.130 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 204.205.236.130 [ 204.205.236.130 ]
ISP : Sprint
Organization : Sprint
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : Sprint
OrgID: : SPRN
Address: : 12502 Sunrise Valley Drive
City: : Reston
StateProv: : VA
PostalCode: : 20196
Country: : US
IP Address : 37.69.229.31 [ 37.69.229.31 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 120.121.232.78 [ 120.121.232.78 ]
OrgName: : Asia Pacific Network Information Centre
OrgID: : APNIC
Address: : PO Box 2131
City: : Milton
StateProv: : QLD
PostalCode: : 4064
Country: : AU
IP Address : 17.115.18.103 [ 17.115.18.103 ]
ISP : APPLE COMPUTER
Organization : APPLE COMPUTER
Location : US, United States
City : Cupertino, CA 95014
Latitude : 37°30'42" North
Longitude : 122°09'46" West
IP Address : 122.103.75.247 [ e3d247.BFL12.vectant.ne.jp ]
ISP : -
Organization : VECTANT Ltd.
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East
IP Address : 66.97.29.3 [ 66.97.29.3 ]
ISP : ORANO
Organization : ORANO
Location : CA, Canada
City : Toronto, ON m5c2x8
Latitude : 43°66'67" North
Longitude : 79°41'68" West
----Port 1027 ----------------
IP Address : 24.64.138.179 [ S01060010dcf19f13.lb.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
----Port 1028 -----------------
IP Address : 24.64.138.179 [ S01060010dcf19f13.lb.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
----Port 22 -----------------
IP Address : 125.252.66.222 [ ip-125-252-66-222.asianetcom.net ]
ISP : Asia Netcom Corporation
Organization : Worldwide Technologies Ltd. / Digitel
Location : PH, Philippines
City : Asia, H3 -
Latitude : 9°55'17" North
Longitude : 122°51'75" East
IP Address : 66.143.231.89 [ adsl-66-143-231-89.aasimsa.com ]
ISP : SBC Internet Services
Organization : Rosa Hilda Andrade
Location : US, United States
City : Columbus, KS 66725
Latitude : 37°14'93" North
Longitude : 94°88'93" West
----Port 1433 ---------------
IP Address : 218.26.89.141 [ 218.26.89.141 ]
ISP : China Network Communications Group Corporation
Organization : changzhi xxghw gov
Location : CN, China
City : Changzhi, 24 -
Latitude : 36°04'58" North
Longitude : 113°04'42" East
IP Address : 121.139.129.4 [ 121.139.129.4 ]
ISP : Korea Telecom
Organization : keieii(ju)
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East
IP Address : 222.217.221.214 [ 222.217.221.214 ]
ISP : CHINANET Guangxi province network
Organization : CHINANET Guangxi province network
Location : CN, China
City : Nanning, 16 -
Latitude : 22°81'67" North
Longitude : 108°31'66" East
----Port 1434 ----------------
IP Address : 221.6.7.89 [ 221.6.7.89 ]
ISP : CNC Group Jiangsu province network
Organization : CNC Group Jiangsu province network
Location : CN, China
City : Nanjing, 04 -
Latitude : 32°06'17" North
Longitude : 118°77'78" East
IP Address : 220.165.8.32 [ 220.165.8.32 ]
ISP : Data Communication Division
Organization : CHINANET Yunnan province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East
----Port 2967 -----------------
IP Address : 219.153.47.134 [
134.47.153.219.broad.cq.cq.dynamic.163data.com.cn ]
ISP : Data Communication Division
Organization : Data Communication Division
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East
----Port 5900 ---------------
IP Address : 85.224.178.107 [
c-6bb2e055.1111-1-64736c20.cust.bredbandsbolaget.se ]
ISP : Bredbandsbolaget AB
Organization : B2 customer network
Location : SE, Sweden
City : Hägersten, 26 -
Latitude : 59°30'00" North
Longitude : 17°96'67" East
IP Address : 124.132.3.222 [ 124.132.3.222 ]
ISP : CNC Group Shandong province network
Organization : CNC Group Shandong province network
Location : CN, China
City : Jinan, 25 -
Latitude : 36°66'83" North
Longitude : 116°99'72" East
IP Address : 91.121.24.215 [ ks39719.kimsufi.com ]
ISP : -
Organization : OVH SAS
Location : FR, France
City : Roubaix, B4 -
Latitude : 50°70'00" North
Longitude : 3°16'67" East
IP Address : 83.113.65.59 [ ALyon-156-1-146-59.w83-113.abo.wanadoo.fr ]
ISP : France Telecom
Organization : France Telecom
Location : FR, France
City : Lyon, B9 -
Latitude : 45°75'00" North
Longitude : 4°85'00" East
----Port 7212 ---------------
IP Address : 221.194.46.204 [ 221.194.46.204 ]
ISP : CNCGROUP Hebei province network
Organization : CNCGROUP Hebei province network
Location : CN, China
City : Hebei, 10 -
Latitude : 39°88'97" North
Longitude : 115°27'50" East
----Honey Pot Activity On Port 80 --------
IP Address : 72.71.221.66 [ pool-72-71-221-66.cncdnh.east.verizon.net ]
ISP : Verizon Internet Services
Organization : Verizon Internet Services
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
IP Address : 62.204.197.58 [ ccia-062-204-197-058.uned.es ]
ISP : Universidad Nacional de Educacion a Distancia
Organization : Universidad Nacional de Educacion a Distancia
Location : ES, Spain
City : Madrid, 29 -
Latitude : 40°40'00" North
Longitude : 3°68'33" West
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment