BLSS Cyber Center Report - 31 October 2007
------------------------------------------
www.blacklabsecurity.com
The BLSS Cyber Center has detected new activity on port 53, one IP from Korea and IP from China. China and Korea still continue probing/attacking on all previously reported ports within an increased tenacity. Disabling port 7212 seems to prevent probes/attacks in successfully activating the Microsoft Service Pack Update (Software Updates) and Help Center Service system. The BLSS Cyber Center, however, will continue to monitor such probes/attacks to detect a possible "work-around" from China, Korea, etc.
Port 53; Korea (new site), China (new site). Port 1024; Russia (new site).
Port 1026; China (3 new sites), U.S. the IANA probed 5 times last night, Apple Computers, Hewlett-Packard, XO Communications, Japan (2 new site), Australia (new site), Korea (new site), Canada (new site). Port 1027; Canada (new site). Port 1028; Canada (new site). Port 21; China (new site). Port 22; U.S. (new site). Port 1433; Romania (new site), China (2 new sites), U.S. (new site). Port 1434; China (new site). Port 3128; Korea (new site).
Port 4899; Argentina (new site). Port 5900; China (new site), Korea (new site), Netherlands (new site), U.S. (2 new sites), Canada (2 new sites).
Honey Pot Activity; U.S. (new site). Port 80 surf only.
----Port 53 (new) ---------------
IP Address : 220.88.20.5 [ 220.88.20.5 ]
ISP : Korea Telecom
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East
IP Address : 221.136.24.36 [ 221.136.24.36 ]
ISP : NBIP CNC(Ningbo)info-Port co.,Ltd
Organization : NBIP TongLian(Ningbo)info-Port co.,Ltd
Location : CN, China
City : Ningbo, 02 -
Latitude : 29°87'50" North
Longitude : 121°54'19" East
----Port 1024 -------------------
IP Address : 81.29.241.22 [ 81.29.241.22 ]
ISP : LLC GlobalWholesaleTrade
Organization : LLC GlobalWholesaleTrade
Location : RU, Russian Federation
City : Moscow, 48 -
Latitude : 55°75'22" North
Longitude : 37°61'56" East
----Port 1026 -------------------
IP Address : 221.209.110.50 [ 221.209.110.50 ]
ISP : CNCGROUP Heilongjiang province network
Organization : Mudanjiang Internet Division
Location : CN, China
City : Mudanjiang, 08 -
Latitude : 44°58'33" North
Longitude : 129°60'00" East
IP Address : 221.208.208.100 [ 221.208.208.100 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East
IP Address : 221.208.208.92 [ 221.208.208.92 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East
IP Address : 106.26.68.11 [ 106.26.68.11 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 183.80.106.179 [ 183.80.106.179 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 126.122.46.85 [ softbank126122046085.bbtec.net ]
ISP : searched the APNIC whois database for an address t
Organization : Softbank BB Corp
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East
IP Address : 119.70.217.23 [ 119.70.217.23 ]
OrgName: : Asia Pacific Network Information Centre
OrgID: : APNIC
Address: : PO Box 2131
City: : Milton
StateProv: : QLD
PostalCode: : 4064
Country: : AU
IP Address : 60.45.233.13 [ p1013-ipbf10sinnagasak.nagasaki.ocn.ne.jp ]
ISP : NTT Communications Corporation
Organization : Open Computer Network
Location : JP, Japan
City : -, - -
Latitude : 36°00'00" North
Longitude : 138°00'00" East
IP Address : 184.180.230.100 [ 184.180.230.100 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 17.29.248.133 [ 17.29.248.133 ]
ISP : APPLE COMPUTER
Organization : APPLE COMPUTER
Location : US, United States
City : Cupertino, CA 95014
Latitude : 37°30'42" North
Longitude : 122°09'46" West
IP Address : 185.17.11.96 [ 185.17.11.96 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 16.10.71.38 [ 16.10.71.38 ]
ISP : HEWLETT-PACKARD COMPANY
Organization : Hewlett-Packard Company
Location : US, United States
City : Palo Alto, CA 94304
Latitude : 37°37'62" North
Longitude : 122°18'26" West
IP Address : 24.64.58.9 [ 24.64.58.9 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
IP Address : 110.180.202.35 [ 110.180.202.35 ]
OrgName: : Internet Assigned Numbers Authority
OrgID: : IANA
Address: : 4676 Admiralty Way, Suite 330
City: : Marina del Rey
StateProv: : CA
PostalCode: : 90292-6695
Country: : US
IP Address : 124.198.13.163 [ 124.198.13.163 ]
ISP : HAIonNet
Organization : campusmedia
Location : KR, Korea, Republic of
City : Seoul, 11 -
Latitude : 37°56'64" North
Longitude : 126°99'97" East
IP Address : 67.91.4.156 [ ip67-91-4-156.z4-91-67.customer.algx.net ]
ISP : XO Communications
Organization : XO Communications
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
----Port 1027 -------------
IP Address : 24.64.58.9 [ 24.64.58.9 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
----Port 1028 --------------
IP Address : 24.64.58.9 [ 24.64.58.9 ]
ISP : Shaw Communications
Organization : Shaw Communications
Location : CA, Canada
City : -, - -
Latitude : 60°00'00" North
Longitude : 95°00'00" West
----Port 21 ---------------
IP Address : 202.202.170.171 [ 202.202.170.171 ]
ISP : China Education and Research Network
Organization : Chongqing Three Geoges College
Location : CN, China
City : Chongqing, 33 -
Latitude : 29°56'28" North
Longitude : 106°55'28" East
----Port 22 ----------------
IP Address : 66.121.60.18 [ adsl-66-121-60-18.dsl.lsan03.pacbell.net ]
ISP : SBC Internet Services
Organization : SBC Internet Services
Location : US, United States
City : Inglewood, CA -
Latitude : 33°95'20" North
Longitude : 118°34'77" West
----Port 1433 ---------------
IP Address : 195.182.220.122 [ 195.182.220.122 ]
ISP : SC. CONDIV IMPEX SRL.
Organization : SC. CONDIV IMPEX SRL.
Location : RO, Romania
City : -, - -
Latitude : 46°00'00" North
Longitude : 25°00'00" East
IP Address : 60.218.104.190 [ 60.218.104.190 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN, China
City : Harbin, 08 -
Latitude : 45°75'00" North
Longitude : 126°65'00" East
IP Address : 71.162.124.178 [
static-71-162-124-178.bstnma.fios.verizon.net ]
ISP : Verizon Internet Services
Organization : DAVID DOHERTY
Location : US, United States
City : Winchester, MA 01890
Latitude : 42°45'47" North
Longitude : 71°15'02" West
----Port 1434 ---------------
IP Address : 58.242.184.222 [ 58.242.184.222 ]
ISP : CNC Group AnHui province network
Organization : CNC Group AnHui province network
Location : CN, China
City : Hefei, 01 -
Latitude : 31°86'39" North
Longitude : 117°28'08" East
----Port 3128 ---------------
IP Address : 61.85.202.38 [ 61.85.202.38 ]
ISP : Korea Telecom
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East
----Port 4899 ----------------
IP Address : 201.234.99.242 [ 201.234.99.242 ]
ISP : -
Organization : IMPSAT FIBER NETWORKS INC
Location : AR, Argentina
City : Buenos Aires, 07 -
Latitude : 34°58'75" South
Longitude : 58°67'25" West
----Port 5900 --------------------
IP Address : 202.96.155.134 [ 202.96.155.134 ]
ISP : CHINANET Guangdong province network
Organization : ChinaNet Guangdong Province Network
Location : CN, China
City : Guangzhou, 30 -
Latitude : 23°11'67" North
Longitude : 113°25'00" East
IP Address : 69.80.166.124 [ 69.80.166.124 ]
ISP : -
Organization : SUNY Brockport
Location : US, United States
City : Brockport, NY 14420
Latitude : 43°25'08" North
Longitude : 77°92'46" West
IP Address : 69.176.178.178 [ 69.176.178.178 ]
ISP : -
Organization : City West Cable & Telephone Corp.
Location : CA, Canada
City : Prince Rupert, BC v8j1l1
Latitude : 54°31'67" North
Longitude : 130°33'34" West
IP Address : 84.84.136.217 [ ip545488d9.speed.planet.nl ]
ISP : World Access / Planet Internet
Organization : Planet Technologies
Location : NL, Netherlands
City : Hattem, 03 -
Latitude : 52°46'67" North
Longitude : 6°06'67" East
IP Address : 76.181.103.166 [ cpe-76-181-103-166.columbus.res.rr.com ]
ISP : -
Organization : Road Runner
Location : US, United States
City : Greensboro, NC -
Latitude : 36°08'44" North
Longitude : 79°82'09" West
IP Address : 69.158.64.21 [ bas14-toronto12-1167998997.dsl.bell.ca ]
ISP : Bell Canada
Organization : Sympatico
Location : CA, Canada
City : Rexdale, ON -
Latitude : 43°71'67" North
Longitude : 79°56'67" West
IP Address : 221.148.61.236 [ 221.148.61.236 ]
ISP : Korea Telecom
Organization : (sa)hangugsaneobgyungjeyeunguwon
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East
----Honey Pot Activity --------
Activity : Port 80 surf only
IP Address : 168.91.1.189 [ 168.91.1.189 ]
ISP : IVYTech
Organization : IVYTech Community College of Indiana
Location : US, United States
City : Indianapolis, IN 46208
Latitude : 39°83'31" North
Longitude : 86°17'47" West
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment