BLSS Cyber Center Report - 1 Nov 2007
-------------------------------------
www.blacklabsecurity.com
China and Korea are still probing/attacking on all previously reported IPs and Ports with the same tenacity. There has been no decrease in the frequency of probes/attacks from China or Korea. However, within the last 24 hour period, we have detected the least number of new computers now broadcasting over the Internet. Over the past 24 hours, only (approx) 22 new computers have begun to broadcast over the Internet. It appears that disabling port 7212 does have a significant impact on China/Korea's ability to successfully penetrate a computer.
Port 1024; U.S. (new site). Port 1026; Korea (new site), U.S. No IANA Probe last night. This is the first time in several days that the U.S. IANA has NOT probed the Internet on port 1026. However, we did detect an Internet-wide probe of the "Latin American and Caribbean IP address Regional Registry", which is the equivalent of the U.S. IANA. We also detected a probe from the "Broadcasting Center Europe S.A." that is located in Luxembourg. This may be the Luxembourg equivalent to the U.S. IANA. We detected one U.S. DoD computer probing on port 1026. We detected two computers with no recorded (unknown) IP addresses probing on port 1026 (most likely some government agency computers). We detected a computer from J.P.
Morgan probing on port 1026. Other countries probing on port 1026; U.K. (Peat Marwick computer), France (new site), Brazil (new site). Port 22; China (new site). Port 1433; U.S. (2 new site), China (2 new sites). Port 1434; Croatia (new site). Port 2967; U.S. (new site). Port 5900; China (new sites), Chile (new site), Spain (new site), France (new site). Honey Pot Activity; None. No one surfed or attacked the Honey Pot.
The following is a list of new IPs detected and their associated ports;
----Port 1024 -------------
IP Address : 64.157.15.117 [ yui.desync.com ]
ISP : Level 3 Communications
Organization : CandidHosting
Location : US, United States
City : Tampa, FL 33602
Latitude : 27°95'78" North
Longitude : 82°46'22" West
----Port 1026 -------------
IP Address : 211.199.169.161 [ 211.199.169.161 ]
ISP : KRNIC
Organization : Korea Telecom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East
IP Address : 146.220.130.21 [ dummy.clt-ufa.net ]
ISP : Broadcasting Center Europe S.A.
Organization : Broadcasting Center Europe S.A.
Location : LU, Luxembourg
City : -, - -
Latitude : 49°75'00" North
Longitude : 6°16'67" East
OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Rambla Republica de Mexico 6125
City: Montevideo
StateProv:
PostalCode: 11400
Country: UY
IP Address : 22.189.227.141 [ 22.189.227.141 ]
ISP : -
Organization : -
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
OrgName: : DoD Network Information Center
OrgID: : DNIC
Address: : 3990 E. Broad Street
City: : Columbus
StateProv: : OH
PostalCode: : 43218
Country: : US
IP Address : 158.176.170.220 [ 158.176.170.220 ]
ISP : KPMG Peat Marwick
Organization : KPMG Peat Marwick
Location : GB, United Kingdom
City : Wales, C9 -
Latitude : 53°33'33" North
Longitude : 1°28'33" West
IP Address : 192.230.95.221 [ 192.230.95.221 ]
ISP : No Record (Unknown)
IP Address : 90.44.151.20 [ AOrleans-158-1-20-20.w90-44.abo.wanadoo.fr ]
ISP : France Telecom
Organization : France Telecom
Location : FR, France
City : Paris, A8 -
Latitude : 48°86'67" North
Longitude : 2°33'33" East
IP Address : 169.100.95.158 [ 169.100.95.158 ]
ISP : J.P. Morgan & Co.
Organization : JP Morgan Chase & Co
Location : US, United States
City : New York, NY 10271
Latitude : 40°70'87" North
Longitude : 74°01'04" West
IP Address : 192.186.30.157 [ 192.186.30.157 ]
ISP : No Record (Unknown)
IP Address : 200.245.134.68 [ 200.245.134.68 ]
ISP : EMBRATEL-EMPRESA BRASILEIRA DE TELECOMUNICAÇÕES SA
Organization : LABORATORIO SARDALINA LTDA.
Location : BR, Brazil
City : Diadema, 27 -
Latitude : 23°70'00" South
Longitude : 46°61'67" West
----Port 22 -----------------
IP Address : 59.42.254.53 [ 59.42.254.53 ]
ISP : CHINANET Guangdong province network
Organization : ChinaNet Guangdong Province Network
Location : CN, China
City : Guangzhou, 30 -
Latitude : 23°11'67" North
Longitude : 113°25'00" East
----Port 1433 ---------------
IP Address : 69.238.4.7 [ 69-238-4-7.absolutetechnologies.com ]
ISP : SBC Internet Services
Organization : Absolute Technologies
Location : US, United States
City : Yorba Linda, CA 92887
Latitude : 33°88'79" North
Longitude : 117°72'86" West
IP Address : 61.191.224.19 [ 61.191.224.19 ]
ISP : Data Communication Division
Organization : CHINANET Anhui province network
Location : CN, China
City : Hefei, 01 -
Latitude : 31°86'39" North
Longitude : 117°28'08" East
IP Address : 69.179.108.90 [ 69-179-108-90.dyn.centurytel.net ]
ISP : CenturyTel Internet Holdings
Organization : CenturyTel Internet Holdings
Location : US, United States
City : -, - -
Latitude : 38°00'00" North
Longitude : 97°00'00" West
IP Address : 125.76.215.14 [ 125.76.215.14 ]
ISP : CHINANET Shanxi(SN) province network
Organization : CHINANET Shanxi(SN) province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East
----Port 1434 ---------------
IP Address : 161.53.169.2 [ merkur.fesb.hr ]
ISP : Croatian Academic and Research Network (CARNet)
Organization : Croatian Academic and Research Network (CARNet)
Location : HR, Croatia
City : Zagreb, 21 -
Latitude : 45°80'00" North
Longitude : 16°00'00" East
----Port 2967 ----------------
IP Address : 69.122.209.109 [ ool-457ad16d.dyn.optonline.net ]
ISP : Optimum Online (Cablevision Systems)
Organization : Optimum Online (Cablevision Systems)
Location : US, United States
City : Westbury, NY -
Latitude : 40°75'70" North
Longitude : 73°58'14" West
----Port 5900 ----------------
IP Address : 124.224.131.247 [ 124.224.131.247 ]
ISP : CHINANET ningxia province network
Organization : CHINANET ningxia province network
Location : CN, China
City : Beijing, 22 -
Latitude : 39°92'89" North
Longitude : 116°38'83" East
IP Address : 190.160.48.168 [ 190.160.48.168 ]
ISP : -
Organization : VTR Banda Ancha S.A.
Location : CL, Chile
City : Santiago, 12 -
Latitude : 33°45'00" South
Longitude : 70°66'67" West
IP Address : 88.2.137.74 [ 74.Red-88-2-137.staticIP.rima-tde.net ]
ISP : Telefonica de Espana
Organization : Telefonica de Espana
Location : ES, Spain
City : Palma, 07 -
Latitude : 39°56'67" North
Longitude : 2°65'00" East
IP Address : 86.210.6.38 [ ANantes-256-1-87-38.w86-210.abo.wanadoo.fr ]
ISP : France Telecom
Organization : France Telecom
Location : FR, France
City : Nantes, B5 -
Latitude : 47°21'67" North
Longitude : 1°55'00" West
Thursday, November 1, 2007
Subscribe to:
Posts (Atom)