Monday, October 29, 2007

Cyber Center Report - October 28, 2007

BLSS Cyber Center Report - 28 October 2007
------------------------------------------
http://www.blacklabsecurity.com/

BLSS detected and observed the highest number of new computers suddenly broadcasting over the Internet to date. China and Korea continue to escalate their probes/attacks on all previously reported ports. The number of IPs in China and Korea probing/attacking the U.S. is rising substantially each night.

Please read this report carefully. Several government computers are now broadcasting over port 1026 UDP.

BLSS also detected and captured the forensics of multiple IP connections from China (Hebei, Beijing and 3 Harbin IP sites), Japan, and one site inside the U.S. from an Amateur Radio Digital Communications Group.

Several unauthorized files were detected from offshore sources (IPs) within the BLSS Honey Pot that included REGCODE.DLL and ADFSOCM.DLL.

The following IPs were connected to the BLSS Honey Pot when these files were received:

IP Address Location Port Protocol
------------- ----------- ----- --------
121.18.13.107 China - Hebei 7212 TCP
121.235.156.114 China - Beijing 1026 UDP
210.79.152.144 Japan 1026 UDP
221.208.208.91 China - Harbin 1027 UDP
202.97.238.202 China - Harbin 1027 UDP
221.208.208.101 China - Harbin 1026 UDP
44.139.107.99 U.S. 1026 UDP

(IP 44.139.107.99 is located somewhere (approx) in Colorado at an Armature Radio Digital Communications Station)

Several other key U.S. government computers are now suddenly broadcasting over port 1026 UDP;

Four computers from the Naval Ocean Systems Center:

1) 214.174.173.142
2) 33.14.45.142
3) 214.71.189.59
4) 214.84.88.214

One computer from the DoD Network Centric Operations:

1) 26.198.93.126

Several other computers now broadcasting on port 1026. from the U.S. there are; The IANA probed port 1026 a total number of eight times last night, from eight separate IP addresses, one computer from Hewlett-Packard Company, one computer from Cingular Wireless II, one computer from Road Runner, one computer from TDS Telecom, one computer the Buckeye Pipe Line Company.

Other countries probing on Port 1026; China (new site), Korea (2 new sites), Japan (2 new sites), Canada (4 new sites – one of these computers is from Nortel Networks Canada), Italy (new site), Germany (new site), New Zealand (new site), United Kingdom, (new site), “Societe Internationale de Telecomm (Europe), One IP Address which has no record and cannot be traced (most likely belongs to a government agency), Australia (new site). Port 1027; Canada (new site), Israel (new site). Port 1028; Canada (new site). Port 21; China (new site). Port 22; Netherlands (new site), China (2 new sites), Japan (new site), U.S. (new site). Port 25; Taiwan (new site). Port 1080; China (new site), Korea (new site). Port 1433; Taiwan (new site), U.S. (new site), China (new site). Port 1434; China (2 new sites, including China Mobile Comm Corp). Port 2967; Spain (new site), U.S. (new site), China (new site). Port 2968; U.S. (new site). Port 3128; Germany (new site). Port 4899; China (new site), India (new site). Port 5900; Algeria (new site), China (2 new sites), Korea (new site). Port 7212; China (new site). Honey Port Activity; China surfed port 80 and attacked through port 1080, three hours after the service pack update was attempted. The Chinese attack failed. Germany surfed port 80 and attempted no attack. Ethiopia surfed port 80 and attempted no attack.


----Service Pack Update Activated During The Following IP Connections -----
IP Address : 121.18.13.107 [ 121.18.13.107 ]
ISP : -
Organization : CNC Group Hebei province network
Location : CN, China
City : Hebei, 10 -
Latitude : 39°88'97" North
Longitude : 115°27'50" East

IP Address : 121.235.156.114 [
114.156.235.121.broad.wx.js.dynamic.163data.com.cn ]
ISP : -
Organization : CHINANET jiangsu province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

IP Address : 210.79.152.144 [ 144M61.rivo.mediatti.net ]
ISP : Mediatti Communications Inc.
Organization : Mediatti Communications,Inc.
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East

IP Address : 221.208.208.91 [ 221.208.208.91 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 202.97.238.202 [ 202.97.238.202 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 221.208.208.101 [ 221.208.208.101 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 44.139.107.99 [ 44.139.107.99 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: :Amateur Radio Digital Communications
OrgID: : ARDC
Address:
City:
StateProv:
PostalCode:
Country: : US

Below is a listing of the specific details on each port probe/attack and IP
address:

----Port 1026 ---------
IP Address : 110.223.103.15 [ 110.223.103.15 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 221.208.208.100 [ 221.208.208.100 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East

IP Address : 16.190.180.16 [ 16.190.180.16 ]
ISP : HEWLETT-PACKARD COMPANY
Organization : Hewlett-Packard Company
Location : US, United States
City : Palo Alto, CA 94304
Latitude : 37°37'62" North
Longitude : 122°18'26" West

IP Address : 122.43.240.241 [ 122.43.240.241 ]
ISP : -
Organization : POWERCOMM
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

IP Address : 214.174.173.142 [ 214.174.173.142 ]
ISP : Naval Ocean Systems Center
Organization : Naval Ocean Systems Center
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 155.164.42.223 [ 155.164.42.223 ]
ISP : Cingular Wireless II, LLC
Organization : Cingular Wireless II, LLC
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 77.148.5.226 [ 77.148.5.226 ]
ISP : -
Organization : freenet Cityline GmbH
Location : DE, Germany
City : Kiel, 10 -
Latitude : 54°33'33" North
Longitude : 10°13'33" East

IP Address : 142.217.35.43 [ 142-217-35-43.telebecinternet.net ]
ISP : Telebec
Organization : Telebec
Location : CA, Canada
City : Scarborough, ON -
Latitude : 43°75'00" North
Longitude : 79°20'00" West

IP Address : 91.81.75.23 [ 91.81.75.23 ]
ISP : -
Organization : Vodafone Omnitel N.V.
Location : IT, Italy
City : Ivrea, 12 -
Latitude : 45°46'67" North
Longitude : 7°86'67" East

IP Address : 24.64.238.193 [ S0106000cf1e85077.cg.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : Calgary, AB -
Latitude : 51°08'33" North
Longitude : 114°08'33" West

IP Address : 47.8.89.165 [ h165s89a8n47.user.nortelnetworks.com ]
ISP : Bell-Northern Research
Organization : Nortel Networks
Location : CA, Canada
City : Ottawa, ON k1y4h7
Latitude : 45°41'67" North
Longitude : 75°70'00" West

IP Address : 133.94.112.4 [ 133.94.112.4 ]
ISP : -
Organization : -
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East
OrgName: : Japan Network Information Center
OrgID: : JNIC
Address: : Kokusai-kougyou-Kanda Bldg 6F
Address: : 2-3-4 Uchikanda
City: : Chiyoda-ku
StateProv: : Tokyo
PostalCode: : 101-0047
Country: : JP

IP Address : 33.14.45.142 [ 33.14.45.142 ]
ISP : Naval Ocean Systems Center
Organization : Naval Ocean Systems Center
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 175.71.14.149 [ 175.71.14.149 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 121.135.156.114 [ 121.135.156.114 ]
ISP : Korea Telecom
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

IP Address : 210.79.52.144 [ 210.79.52.144 ]
ISP : Traced to Auckland, New Zealand and lost

IP Address : 44.139.107.99 [ 44.139.107.99 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : Amateur Radio Digital Communications
OrgID: : ARDC
Address:
City:
StateProv:
PostalCode:
Country: : US

IP Address : 82.26.217.87 [ client-82-26-217-87.glfd.adsl.virgin.net ]
ISP : NTL Internet
Organization : NTL Internet
Location : GB, United Kingdom
City : Rochdale, L2 -
Latitude : 53°61'67" North
Longitude : 2°15'00" West

IP Address : 214.71.189.59 [ 214.71.189.59 ]
ISP : Naval Ocean Systems Center
Organization : Naval Ocean Systems Center
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 57.14.29.60 [ 57.14.29.60 ]
ISP : SITA-Societe Internationale de Telecommunications
Organization : SITA-Societe Internationale de Telecommunications
Location : EU, Europe
City : -, - -
Latitude : 47°00'00" North
Longitude : 8°00'00" East

IP Address : 69.135.158.111 [ voip-69-135-158-111.neo.rr.com ]
ISP : Road Runner
Organization : Road Runner
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 121.110.92.53 [ KD121110092053.ppp-bb.dion.ne.jp ]
ISP : -
Organization : KDDI Corporation
Location : JP, Japan
City : Tokyo, 40 -
Latitude : 35°68'50" North
Longitude : 139°75'14" East

IP Address : 177.119.235.34 [ 177.119.235.34 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 174.28.137.177 [ 174.28.137.177 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 142.61.198.197 [ 142.61.198.197 ]
ISP : Canadian Research Network
Organization : Canadian Research Network
Location : CA, Canada
City : Toronto, ON m5s3j1
Latitude : 43°66'67" North
Longitude : 79°41'68" West

IP Address : 216.165.129.157 [ ns6.dns.tds.net ]
ISP : TDS TELECOM
Organization : TDS TELECOM
Location : US, United States
City : Madison, WI 53717
Latitude : 43°07'37" North
Longitude : 89°52'74" West

IP Address : 178.95.193.126 [ 178.95.193.126 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 26.198.93.126 [ 26.198.93.126 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : DoD Network Information Center
OrgID: : DNIC
Address: : 3990 E. Broad Street
City: : Columbus
StateProv: : OH
PostalCode: : 43218
Country: : US

IP Address : 209.197.186.202 [ hs-scarlett-209197186202.3web.net ]
ISP : Cybersurf
Organization : 3web Corp.
Location : CA, Canada
City : Calgary, AB t2e7p1
Latitude : 51°08'33" North
Longitude : 114°08'33" West

IP Address : 139.186.84.121 [ 139.186.84.121 ]
ISP : No Record (Unknown) No Trace Whatsoever

IP Address : 161.224.174.101 [ 161.224.174.101 ]
ISP : Buckeye Pipe Line Company
Organization : Buckeye Pipe Line Company
Location : US, United States
City : Emmaus, PA 18049
Latitude : 40°51'89" North
Longitude : 75°50'13" West

IP Address : 182.148.106.18 [ 182.148.106.18 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 108.85.32.236 [ 108.85.32.236 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 183.200.235.254 [ 183.200.235.254 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US

IP Address : 118.242.111.243 [ 118.242.111.243 ]
OrgName: : Asia Pacific Network Information Centre
OrgID: : APNIC
Address: : PO Box 2131
City: : Milton
StateProv: : QLD
PostalCode: : 4064
Country: : AU

IP Address : 214.84.88.214 [ 214.84.88.214 ]
ISP : Naval Ocean Systems Center
Organization : Naval Ocean Systems Center
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West


----Port 1027 -----------
IP Address : 24.64.238.193 [ S0106000cf1e85077.cg.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : Calgary, AB -
Latitude : 51°08'33" North
Longitude : 114°08'33" West

IP Address : 82.166.13.50 [ 82-166-13-50.barak-online.net ]
ISP : Barak I.T.C
Organization : Barak I.T.C
Location : IL, Israel
City : -, - -
Latitude : 31°50'00" North
Longitude : 34°75'00" East

----Port 1028 -----------
IP Address : 24.64.238.193 [ S0106000cf1e85077.cg.shawcable.net ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : Calgary, AB -
Latitude : 51°08'33" North
Longitude : 114°08'33" West

----Port 21 -----------
IP Address : 202.108.12.7 [ 202.108.12.7 ]
ISP : CNCGROUP Beijing province network
Organization : CNCGROUP Beijing Province Network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

----Port 22 -----------
IP Address : 212.204.181.15 [ cc573055-b.wolve1.fr.home.nl ]
ISP : Essent Kabelcom B.V.
Organization : Essent Kabelcom B.V. B.V.
Location : NL, Netherlands
City : Nijmegen, 03 -
Latitude : 51°83'33" North
Longitude : 5°86'67" East

IP Address : 61.146.178.13 [ 61.146.178.13 ]
ISP : Data Communication Division
Organization : ChinaNet Guangdong Province Network
Location : CN, China
City : Guangzhou, 30 -
Latitude : 23°11'67" North
Longitude : 113°25'00" East

IP Address : 65.19.156.160 [ 65.19.156.160 ]
ISP : Hurricane Electric
Organization : Joe's Web Hosting
Location : JP, Japan
City : Osaka, 32 -
Latitude : 34°66'67" North
Longitude : 135°50'00" East

IP Address : 202.106.62.52 [ 202.106.62.52 ]
ISP : CNCGROUP Beijing province network
Organization : CNCGROUP Beijing Province Network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

IP Address : 208.115.34.232 [ 208.115.34.232 ]
ISP : -
Organization : Bocacom.net LLC
Location : US, United States
City : Boca Raton, FL 33431
Latitude : 26°38'18" North
Longitude : 80°10'46" West

----Port 25 -----------
IP Address : 61.31.167.78 [ 61-31-167-78.dynamic.tfn.net.tw ]
ISP : Taiwan Fixed Network CO.,LTD.
Organization : Taiwan Fixed Network CO.,LTD.
Location : TW, Taiwan
City : Taipei, 03 -
Latitude : 25°03'92" North
Longitude : 121°52'50" East

----Port 1080 ----------
IP Address : 125.65.76.15 [ 125.65.76.15 ]
ISP : CHINANET Sichuan province network
Organization : SC-MY-XIWEISHUMA-LYD
Location : CN, China
City : Mianyang, 32 -
Latitude : 31°46'67" North
Longitude : 104°76'67" East

IP Address : 222.239.255.43 [ 222.239.255.43 ]
ISP : Hanaro Telecom, Inc.
Organization : Hanaro Telecom, Inc.
Location : KR, Korea, Republic of
City : Seoul, 11 -
Latitude : 37°56'64" North
Longitude : 126°99'97" East

----Port 1433 ----------
IP Address : 60.248.124.139 [ 60-248-124-139.HINET-IP.hinet.net ]
ISP : CHTD, Chunghwa Telecom Co.,Ltd.
Organization : Chunghwa Telecom Data communication Business Group
Location : TW, Taiwan
City : Taipei, 03 -
Latitude : 25°03'92" North
Longitude : 121°52'50" East

IP Address : 69.149.1.231 [ adsl-69-149-1-231.dsl.rcsntx.swbell.net ]
ISP : SBC Internet Services
Organization : SBC Internet Services
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West

IP Address : 218.28.119.230 [ pc0.zz.ha.cn ]
ISP : CNCGROUP Henan province network
Organization : CNCGROUP Henan province network
Location : CN, China
City : Henan, 24 -
Latitude : 37°89'97" North
Longitude : 112°18'72" East

----Port 1434 ----------
IP Address : 61.242.244.143 [ 61.242.244.143 ]
ISP : China United Telecommunications Corporation
Organization : China United Telecommunications Corporation
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

IP Address : 221.130.68.206 [ 221.130.68.206 ]
ISP : China Mobile Communications Corporation
Organization : China Mobile Communications Corporation - jiangsu
Location : CN, China
City : -, - -
Latitude : 35°00'00" North
Longitude : 105°00'00" East

----Port 2967 -----------
IP Address : 62.43.240.58 [ 62.43.240.58 ]
ISP : ONO
Organization : ONO
Location : ES, Spain
City : Madrid, 29 -
Latitude : 40°40'00" North
Longitude : 3°68'33" West

IP Address : 64.194.57.21 [ ims-64-194-57-21.imsday.com ]
ISP : Level 3 Communications
Organization : Time Warner Cable
Location : US, United States
City : Houston, TX -
Latitude : 29°77'55" North
Longitude : 95°41'52" West

IP Address : 218.66.104.217 [ 218.66.104.217 ]
ISP : Data Communication Division
Organization : Data Communication Division
Location : CN, China
City : Shanghai, 23 -
Latitude : 31°00'50" North
Longitude : 121°40'86" East

---Port 2968 ----------
IP Address : 69.22.217.135 [ user-12hdmc7.cable.mindspring.com ]
ISP : EarthLink
Organization : EarthLink
Location : US, United States
City : Cliffside Park, NJ 07010
Latitude : 40°82'03" North
Longitude : 73°98'71" West

----Port 3128 ---------
IP Address : 87.118.118.98 [ ns.km31021.keymachine.de ]
ISP : Keyweb AG
Organization : Keyweb AG IP Network
Location : DE, Germany
City : Erfurt, 15 -
Latitude : 50°98'33" North
Longitude : 11°03'33" East

----Port 4899 ---------
IP Address : 61.153.155.189 [ 61.153.155.189 ]
ISP : Data Communication Division
Organization : CHINANET-ZJ Ningbo node network
Location : CN, China
City : Ningbo, 02 -
Latitude : 29°87'50" North
Longitude : 121°54'19" East

IP Address : 59.163.49.6 [ 59.163.49.6.static.vsnl.net.in ]
ISP : Videsh Sanchar Nigam Ltd - India.
Organization : Videsh Sanchar Nigam Ltd
Location : IN, India
City : Bombay, 16 -
Latitude : 18°97'50" North
Longitude : 72°82'58" East

----Port 5900 ----------
IP Address : 82.101.190.13 [ 82.101.190.13 ]
ISP : IP-ADSL-ALGER
Organization : IP-ADSL-ALGER
Location : DZ, Algeria
City : Alger, 01 -
Latitude : 36°76'31" North
Longitude : 3°05'06" East

IP Address : 222.216.28.178 [ 222.216.28.178 ]
ISP : CHINANET Guangxi province network
Organization : CHINANET Guangxi province network
Location : CN, China
City : Nanning, 16 -
Latitude : 22°81'67" North
Longitude : 108°31'66" East

IP Address : 211.116.157.35 [ 211.116.157.35 ]
ISP : KRNIC
Organization : NEORO COM
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East

IP Address : 218.95.184.104 [ 218.95.184.104 ]
ISP : Data Communication Division
Organization : CHINANET ningxia province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East

----Port 7212 -------------
IP Address : 60.213.45.62 [ 60.213.45.62 ]
ISP : CNCGROUP Shandong province network
Organization : CNCGROUP Shandong province network
Location : CN, China
City : Jinan, 25 -
Latitude : 36°66'83" North
Longitude : 116°99'72" East

----Honey Pot Activity -----------
IP Activity : Surfed port 80 and attacked through port 1080
IP Address : 222.217.221.214 [ 222.217.221.214 ]
ISP : CHINANET Guangxi province network
Organization : CHINANET Guangxi province network
Location : CN, China
City : Nanning, 16 -
Latitude : 22°81'67" North
Longitude : 108°31'66" East

IP Activity : Surfed port 80
IP Address : 87.118.118.98 [ ns.km31021.keymachine.de ]
ISP : Keyweb AG
Organization : Keyweb AG IP Network
Location : DE, Germany
City : Erfurt, 15 -
Latitude : 50°98'33" North
Longitude : 11°03'33" East

IP Activity : Surfed port 80
IP Address : 213.55.79.250 [ 213.55.79.250 ]
ISP : Ethiopian Telecommuncation Corporation
Organization : Ethiopian Telecommunication corporation
Location : ET, Ethiopia
City : -, - -
Latitude : 8°00'00" North
Posted by at
Labels: , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)