Attacks:
*******
Goupes or Companies(societies)
having tried to get on my hard disk by deceitful processes!
To see their characteristics:
***********
216.226.54.200
Invalid TCP Options attack ->
{medium}
Le 5-11-2003 à 15h18
IP visé : www.jacquesfortier.com
2876->http(80)
Invalid TCP Option 0x00000003
Hull???
Node Name : yoda.comerco.com
NET-216-226-32-0-1[8192]
OrgName: QuebecTel
Communication Inc.
OrgID: QBTL
Address: 6 rue Jules-A-Brillant
City: Rimouski
StateProv: QC
PostalCode: G5L-7E4
Country: CA
NetRange: 216.226.32.0 - 216.226.63.255
CIDR: 216.226.32.0/19
NetName: GTROTTER-2
NetHandle: NET-216-226-32-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: ALEXIS.GLOBETROTTER.NET
NameServer: TROTTEUR.GLOBETROTTER.QC.CA
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2001-02-20
Updated: 2001-09-26
TechHandle: DS538-ARIN
TechName: St-Amand, Denis
TechPhone: +1-418-722-2531
TechEmail: [email protected]
OrgTechHandle: ZQ9-ARIN
OrgTechName: Quebec Telephone
OrgTechPhone: +1-418-723-4562
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-11-04
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: QuebecTel Communication
Inc.
OrgID: QBTL
Address: 6 rue Jules-A-Brillant
City: Rimouski
StateProv: QC
PostalCode: G5L-7E4
Country: CA
Comment: Add a second e-mail
and ZQ9-ARIN came POC AD end T
Comment: for QBTL
RegDate: 1998-06-26
Updated: 2002-11-22
AdminHandle: ZQ9-ARIN
AdminName: Quebec Telephone
AdminPhone: +1-418-723-4562
AdminEmail: [email protected]
TechHandle: ZQ9-ARIN
TechName: Quebec Telephone
TechPhone: +1-418-723-4562
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-11-04
19:15
207.134.97.107 (48789) -> mon port
N°80 -> High
Net-207-134-98-0-1 [4096] le 09-08-2003
Telus Quebec Telus QC Canada
Node Name : mail.absorb-plus.com
OrgName: Telus Quebec
OrgID: TQUE
Address: 6, rue Jules-A-Brillant
Rimouski
City:
RIMOUSKI
StateProv: QC
PostalCode: G5L-7E4
Country: CA
NetRange: 207.134.96.0 - 207.134.111.255
CIDR: 207.134.96.0/20
NetName: TELUS-QC-207-134-96-0
NetHandle: NET-207-134-96-0-1
Parent: NET-207-134-0-0-1
NetType: Reallocated
Comment:
RegDate: 2003-02-20
Updated: 2003-02-20
OrgTechHandle: ZQ9-ARIN
OrgTechName: Quebec Telephone
OrgTechPhone: +1-418-723-4562
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-08-08
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Telus
Quebec
OrgID: TQUE
Address: 6, rue Jules-A-Brillant
Rimouski
City: RIMOUSKI
StateProv: QC
PostalCode: G5L-7E4
Country: CA
Comment:
RegDate: 2001-12-18
Updated: 2002-10-15
AdminHandle: ZQ9-ARIN
AdminName: Quebec Telephone
AdminPhone: +1-418-723-4562
AdminEmail: [email protected]
TechHandle: ZQ9-ARIN
TechName: Quebec Telephone
TechPhone: +1-418-723-4562
TechEmail: [email protected]
**********************
66.91.62.202:1545
Le 6-11-2003 à 13h11High
risk
TCP (Inbound) -> mon 27374
Default Block Backdoor/SudSeven
Trojan horse.
Oahu à Hawaii
cpe-66-91-62-202.hawaii.rr.com
NET-66-91-0-0-1[65536]
OrgName: ROADRUNNER
OrgID: RRWE
Address: 13241 Woodland Park
Road
City:
Herndon
StateProv: VA
PostalCode: 20171
Country: US
NetRange: 66.91.0.0 - 66.91.255.255
CIDR: 66.91.0.0/16
NetName: ROADRUNNER-HAWAII2
NetHandle: NET-66-91-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.RR.COM
NameServer: DNS2.RR.COM
NameServer: DNS3.RR.COM
NameServer: DNS4.RR.COM
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2001-03-29
Updated: 2003-02-11
TechHandle: ZS30-ARIN
TechName: ServiceCo LLC
TechPhone: +1-703-345-3416
TechEmail: [email protected]
OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: [email protected]
OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-10-16
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: ROADRUNNER
OrgID: RRWE
Address: 13241 Woodland Park
Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
Comment:
RegDate: 2000-10-05
Updated: 2003-03-24
AbuseHandle: ABUSE10-ARIN
AbuseName: Abuse
AbusePhone: +1-703-345-3416
AbuseEmail: [email protected]
AdminHandle: IPADD-ARIN
AdminName: IPADDREG
AdminPhone: +1-703-345-3151
AdminEmail: [email protected]
TechHandle: IPTEC-ARIN
TechName: IP Tech
TechPhone: +1-703-345-3416
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-10-16 19:15
66.75.73.208:3425
23h13 le 10-08-2003
Net-66-74-0-0-1[131072]
ROADRUNNER RR-West-2...
cpe-66-75-73-208.socal.rr.com
attempted to connect to my computer
using
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound)High risk
San Francisco? Californie ?
OrgName: ROADRUNNER
OrgID: RRWE
Address: 13241 Woodland Park
Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
NetRange: 66.74.0.0 - 66.75.255.255
CIDR: 66.74.0.0/15
NetName: RR-WEST-2BLK
NetHandle: NET-66-74-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.RR.COM
NameServer: DNS2.RR.COM
NameServer: DNS3.RR.COM
NameServer: DNS4.RR.COM
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2001-01-30
Updated: 2003-02-11
TechHandle: ZS30-ARIN
TechName: ServiceCo LLC
TechPhone: +1-703-345-3416
TechEmail: [email protected]
OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: [email protected]
OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-07-18
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: ROADRUNNER
OrgID: RRWE
Address: 13241 Woodland Park
Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
Comment:
RegDate: 2000-10-05
Updated: 2003-03-24
AbuseHandle: ABUSE10-ARIN
AbuseName: Abuse
AbusePhone: +1-703-345-3416
AbuseEmail: [email protected]
AdminHandle: IPADD-ARIN
AdminName: IPADDREG
AdminPhone: +1-703-345-3151
AdminEmail: [email protected]
TechHandle: IPTEC-ARIN
TechName: IP Tech
TechPhone: +1-703-345-3416
TechEmail: [email protected]
***********************
**************
220.255.246.252:4486
{2e Fois}
Le 09-11-2003 à 2h46
attempted to connect to my computer
using
Backdoor-g-1(1243)/ Trojan horse.
TCP (Inbound)High risk
220-0-0-0-1 [16777216]
Singapore en Malaisia
OrgName: Asia
Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU -> [Ausralie
?]
ReferralServer: whois://whois.apnic.net
NetRange: 220.0.0.0 - 220.255.255.255
CIDR: 220.0.0.0/8
NetName: APNIC6
NetHandle: NET-220-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS.RIPE.NET
NameServer: RS2.ARIN.NET
Comment: This IP address range
is not registered in the ARIN database.
Comment: For details, refer
to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or
http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE:
APNIC is the Regional Internet Registry
Comment: for the Asia Pacific
region. APNIC does not operate networks
Comment: using this IP address
range and is not able to investigate
Comment: spam or abuse reports
relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate:
Updated: 2002-09-11
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-10-17
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Asia Pacific Network
Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
Comment:
RegDate:
Updated: 2003-08-29
ReferralServer: whois://whois.apnic.net
AdminHandle: AWC12-ARIN
AdminName: APNIC Whois Contact
AdminPhone: +61 7 3858 3100
AdminEmail: [email protected]
TechHandle: AWC12-ARIN
TechName: APNIC Whois Contact
TechPhone: +61 7 3858 3100
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-10-17 19:15
++++++++++++++
220.24.33.9 : 1107
{1ère Fois}
Le 13-08-2003 à 5h03
attempted to connect to my computer
using
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound)High risk
YahooBB220024033009.b____
220-0-0-0-1 [16777216]
OrgName: Asia
Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU -> Australie
NetRange: 220.0.0.0 - 220.255.255.255
CIDR: 220.0.0.0/8
NetName: APNIC6
NetHandle: NET-220-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS.RIPE.NET
NameServer: RS2.ARIN.NET
Comment: This IP address range
is not registered in the ARIN database.
Comment: For details, refer
to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or
http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE:
APNIC is the Regional Internet Registry
Comment: for the Asia Pacific
region. APNIC does not operate networks
Comment: using this IP address
range and is not able to investigate
Comment: spam or abuse reports
relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate:
Updated: 2002-09-11
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-07-14
21:05
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Asia Pacific Network
Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
Comment:
RegDate:
Updated: 2002-09-11
AdminHandle: AWC12-ARIN
AdminName: APNIC Whois Contact
AdminPhone: +61 7 3858 3100
AdminEmail: [email protected]
TechHandle: AWC12-ARIN
TechName: APNIC Whois Contact
TechPhone: +61 7 3858 3100
TechEmail: [email protected]
*******************
68.34.244.101:2858
17h18 le 09-11-2003
attempted to connect to my computer
using
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound)High risk
Vers mon port 27374
NET-68-34-240-0-1[4096]
CustName: Comcast
Cable Communications, Inc.
Address: 3 Executive Campus
Address: 5th Floor
City:
Cherry Hill
StateProv: NJ -> New Jersey
PostalCode: 08002
Country: US
RegDate: 2003-03-18
Updated: 2003-03-18
NetRange: 68.34.240.0 - 68.34.255.255
CIDR: 68.34.240.0/20
NetName: PA-WEST-2
NetHandle: NET-68-34-240-0-1
Parent: NET-68-32-0-0-1
NetType: Reassigned
Comment: NONE
RegDate: 2003-03-18
Updated: 2003-03-18
TechHandle: IC161-ARIN
TechName: Comcast Cable Communications,
Inc.
TechPhone: +1-856-317-7300
TechEmail: [email protected]
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy
Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: [email protected]
OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications,
Inc.
OrgTechPhone: +1-856-317-7300
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-10-25 19:15
***********************
inetnum: 212.81.201.0
- 212.81.201.255
netname: SARE-DIAL
descr: Corporativos
ADSL BI
descr:
Zamudio
country: ES =>
Espagne
admin-c: AA122
tech-c: SM10-RIPE
rev-srv: ns1.sarenet.es
rev-srv: ns2.sarenet.es
status: ASSIGNED
PA
notify: [email protected]
mnt-by: MAINT-AS3262
remarks: INFRA-AW
changed: [email protected]
20020527
source: RIPE
*********************
65.234.44.166
1ière fois -> 21h26
le 29-11-03 (durant
un achat en ligne)
{2e
fois le 30-11-03 à 2h42 ... 0 -> 6588}
Invalid TCP Source Port Attack
b1ncfp25 => 0 -> 3128
1Cust 166.tnt13.chiego.da.uu.net
Chicago ? Illinois?
NET-65-224-0-0-1[1048576]
OrgName: UUNET
Technologies, Inc.
OrgID: UUDA
Address: 22001 Loudoun County
Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US
NetRange: 65.224.0.0 - 65.239.255.255
CIDR: 65.224.0.0/12
NetName: UUNET97DU-2BLK
NetHandle: NET-65-224-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: DIALDNS1.UU.NET
NameServer: DIALDNS2.UU.NET
NameServer: DIALDNS200.NS.UU.NET
NameServer: DIALDNS210.NS.UU.NET
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2001-01-11
Updated: 2002-05-14
TechHandle: OA12-ARIN
TechName: UUnet
Technologies, Inc., Technologies
TechPhone: +1-800-900-0241
TechEmail: [email protected]
OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: [email protected]
OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet
Technologies, Inc., Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: [email protected]
OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-11-18
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: UUNET
Technologies, Inc.
OrgID: UUDA
Address: 22001 Loudoun County
Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US
Comment:
RegDate: 1990-08-03
Updated: 2003-04-25
AbuseHandle: ABUSE3-ARIN
AbuseName: abuse
AbusePhone: +1-800-900-0241
AbuseEmail: [email protected]
AdminHandle: KERRM-ARIN
AdminName: Kerr, Mike
AdminPhone: +1-703-886-2251
AdminEmail: [email protected]
NOCHandle: OA12-ARIN
NOCName: UUnet Technologies,
Inc., Technologies
NOCPhone: +1-800-900-0241
NOCEmail: [email protected]
TechHandle: SWIPP-ARIN
TechName: swipper
TechPhone: +1-800-900-0241
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-11-18
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
++++++++++++++++++++++++++++++
OrgName: UUNET
Technologies, Inc.
OrgID: UUDA
Address: 22001 Loudoun County
Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US
NetRange: 67.192.0.0 - 67.255.255.255
CIDR: 67.192.0.0/10
NetName: UUNET01DU
NetHandle: NET-67-192-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: DIALDNS1.UU.NET
NameServer: DIALDNS2.UU.NET
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2001-09-13
Updated: 2002-03-25
TechHandle: OA12-ARIN
TechName: UUnet
Technologies, Inc., Technologies
TechPhone: +1-800-900-0241
TechEmail: [email protected]
OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: [email protected]
OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet
Technologies, Inc., Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: [email protected]
OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-06-24 21:05
OrgName: UUNET
Technologies, Inc.
OrgID: UUDA
Address: 22001 Loudoun County
Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US
Comment:
RegDate: 1990-08-03
Updated: 2003-04-25
AbuseHandle: ABUSE3-ARIN
AbuseName: abuse
AbusePhone: +1-800-900-0241
AbuseEmail: [email protected]
AdminHandle: KERRM-ARIN
AdminName: Kerr, Mike
AdminPhone: +1-703-886-2251
AdminEmail: [email protected]
NOCHandle: OA12-ARIN
NOCName: UUnet Technologies,
Inc., Technologies
NOCPhone: +1-800-900-0241
NOCEmail: [email protected]
TechHandle: SWIPP-ARIN
TechName: swipper
TechPhone: +1-800-900-0241
TechEmail: [email protected]
+++++++++++++++++++++++
207.247.91.26(2016) -> http(80)
le 18-08-2003 à 6h36
HTTP_IIS_ISAPI_EXTENSION Attack
Los Angeles?
OrgName: LDDS
WorldCom
OrgID: LDDS
Address: 22001 Loudoun County
Parkway
City:
Ashburn
StateProv: VA
PostalCode: 20147
Country: US
NetRange: 207.247.0.0 - 207.247.255.255
CIDR: 207.247.0.0/16
NetName: WCOM-PROD1
NetHandle: NET-207-247-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: AUTH10.NS.WCOM.COM
NameServer: AUTH20.NS.WCOM.COM
Comment: ADDRESSES WITHIN THIS
BLOCK
ARE NON-PORTABLE
RegDate: 1996-11-15
Updated: 1997-09-08
TechHandle: OA12-ARIN
TechName: UUnet
Technologies, Inc., Technologies
TechPhone: +1-800-900-0241
TechEmail: [email protected]
OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-08-06
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
LDDS Metromedia Communications (LDDS1)
LDDS WorldCom (LDDS)
LDDS WorldCom (LDDS)
++++++++++++++++++++++
Default Block Backdoor/SudSeven
Trojan horse.
TCP (Inbound) High risk
63.105.128.52:13254 (-> mon 27374)
le 18-08-2003 à 11h16
Node Name : 63.105.128.52.hcis.net
Atlanta? Georgie?
CustName: Heartland
Internet UU-63-
Address: 1412 Julianne Drive
City: Marion
StateProv: IL -> Illinois
PostalCode: 62959
Country: US
RegDate: 2000-06-07
Updated: 2003-05-30
NetRange: 63.105.128.0 - 63.105.129.255
CIDR: 63.105.128.0/23
NetName: UU-63-105-128
NetHandle: NET-63-105-128-0-1
Parent: NET-63-64-0-0-1
NetType: Reassigned
Comment:
RegDate: 2000-06-07
Updated: 2003-05-30
TechHandle: OA12-ARIN
TechName: UUnet
Technologies, Inc., Technologies
TechPhone: +1-800-900-0241
TechEmail: [email protected]
OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: [email protected]
OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet Technologies,
Inc., Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: [email protected]
OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: [email protected]
*********************
****************
62.56.189.237
Le 9-12-2003 à 6h11
Ivalid TCP Flags {0x0000001d}
b1ncfp25 -> 45857 -> http(80)
NETWORK -> 62.56.189.237 [1024]
inetnum: 62.56.188.0
- 62.56.191.255
netname: CIDR-TOGOTEL-01
descr: Togo
Telecom, Togo
country: TG ->
Togo
admin-c: YK20-RIPE
tech-c: YK20-RIPE
status: ASSIGNED
PA
notify: [email protected]
mnt-by: AS12491-MNT
changed: [email protected]
20021003
source: RIPE
***********************
67.66.7.27
Le 14-12-2003 à 20h38
Invalid TCP Source Port
b1ncfp25 -> 0 -> socks(1080)
Richardson, Texas, USA
rback12.rcsntx.SBC06706
adsl.rcsntx.swbell.net
NET-67-66-4-0-1[1024]
67.66.4.117 Invalid
TCP Source Port
(1ère fois): Le
31-12-2003 à 1h18
b1ncfp25 -> 0 -> http-proxy(8080)
(2e fois): Le 31-12-2003
à 12h26
b1ncfp25 -> 0 -> http(80)
(3e fois): Le
31-12-2003 à 15h27
b1ncfp25 -> 0 -> socks(1080)
CustName: rback12.rcsntx
Address: 2623 Camino Ramon
City: San
Ramon
StateProv: CA -> Californie
PostalCode: 94583
Country: US
RegDate: 2002-11-13
Updated: 2002-11-13
NetRange: 67.66.4.0 - 67.66.7.255
CIDR: 67.66.4.0/22
NetName: SBC067066004000021113
NetHandle: NET-67-66-4-0-1
Parent: NET-67-64-0-0-1
NetType: Reassigned
Comment: For Policy Abuse issues,
contact: [email protected]
Comment: For Technical issues,
contact: [email protected]
RegDate: 2002-11-13
Updated: 2002-11-13
TechHandle: ZS44-ARIN
TechName: IPAdmin-SBIS
TechPhone: +1-888-212-5411
TechEmail: [email protected]
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern
Bell Internet
OrgAbusePhone: +1-877-722-3755
OrgAbuseEmail: [email protected]
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern
Bell Internet Services
OrgNOCPhone: +1-888-212-5411
OrgNOCEmail: [email protected]
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-888-212-5411
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-11-19
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
[2° fois -> www.jacquesfortier.com
0 -> 3128
Le 15-12-2003 au matin -> tard. ]
[3° fois -> www.jacquesfortier.com
0 -> http-proxy(8080)
Le 15-12-2003 au matin -> tard. ]
*******************
62.195.25.1 : 2952
Le 17-12-2003 à 20h18
TCP (Inbound)
Backdoor-g-1(1243)
Default BlockBackdoor/Sub Seven
Trojan Horse
NETWORK 62.195.25.1[131072]
Apeldoor au Netherlands
UPC Netherlands
node-d-1901.a2000.nl
inetnum: 62.194.0.0
- 62.195.255.255
netname: NL-A2000-20001010
descr: UPC
Netherlands
descr:
Provider Local Registry
country:
NL -> Pays-Bas ou Hollande
admin-c: RIHU1-RIPE
tech-c: RIHU1-RIPE
status: ALLOCATED
PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: A2000-KTA-MNT
mnt-routes: A2000-KTA-MNT
changed: [email protected]
20001010
changed: [email protected]
20010115
changed: [email protected]
20011217
changed: [email protected]
20020419
changed: [email protected]
20020423
changed: [email protected]
20020603
changed: [email protected]
20020709
source: RIPE
*************************
68-187-147-246: 2526
TCP(Inbound) -> 27374
Omaha? Nebraska
Le 25-12-2003 à 7h19
c68.187.147.246.stc.mn.charter.com
NET-68-186-144-0-1 [4096]
OrgName: Charter
Communications
OrgID: CC04
Address: 12405 Powerscourt
Dr.
City: St.
Louis
StateProv: MO -> Missouri
PostalCode: 63131
Country: US
NetRange: 68.187.144.0 - 68.187.159.255
CIDR: 68.187.144.0/20
NetName: STCLD-MN-68-187-144
NetHandle: NET-68-187-144-0-1
Parent: NET-68-184-0-0-1
NetType: Reallocated
Comment:
RegDate: 2003-05-07
Updated: 2003-08-27
OrgAbuseHandle: ABUSE19-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-314-288-3111
OrgAbuseEmail: [email protected]
OrgTechHandle: IPADD1-ARIN
OrgTechName: IPAddressing
OrgTechPhone: +1-314-288-3889
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-12-04
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Charter Communications
OrgID: CC04
Address: 12405 Powerscourt
Dr.
City: St.
Louis
StateProv: MO
PostalCode: 63131
Country: US
Comment:
RegDate:
Updated: 2003-06-11
AbuseHandle: ABUSE19-ARIN
AbuseName: Abuse
AbusePhone: +1-314-288-3111
AbuseEmail: [email protected]
AdminHandle: IPADD1-ARIN
AdminName: IPAddressing
AdminPhone: +1-314-288-3889
AdminEmail: [email protected]
TechHandle: IPADD1-ARIN
TechName: IPAddressing
TechPhone: +1-314-288-3889
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-12-04 19:15
********************
211.178.82.245:2257
TCP (Inbound)
le 1-1-2004 à 22h11
-> mont port 27374
Koré
Hanaro Telecom Inc
NETWORK 211.178.82.245[512]
inetnum: 211.178.82.0
- 211.178.83.255
netname: HANANET-INFRA-KR
descr:
Hanaro Telecom Inc.
descr:
726-1 Janghang 2(i)-dong , Goyang-si Ilsan-gu
descr:
KYONGGI
descr:
411-837
country: KR
admin-c: IA2509-KR
tech-c: IM2437-KR
remarks: This IP
address space has been allocated to KRNIC.
remarks: For more
information, using KRNIC Whois Database
remarks: whois
-h whois.nic.or.kr
mnt-by: MNT-KRNIC-AP
remarks: This information
has been partially mirrored by APNIC from
remarks: KRNIC.
To obtain more specific information, please use the
remarks: KRNIC
whois server at whois.krnic.net.
changed: [email protected]
20031222
source: KRNIC
***************************
217.81.255.198:4293
-> mon port 27374
TCP (Inbound)
Le 5-1-2004 à 14h54
pD951FFC6dip.7-dialin.net
NETMORK 217.81.255.198[598016]
inetnum: 217.80.0.0
- 217.89.31.255
netname: DTAG-DIAL14
descr: Deutsche
Telekom AG
country: DE ->
Deutsche ou Allemagne
admin-c: DTIP
tech-c: DTST
status: ASSIGNED
PA
remarks: ************************************************************
remarks: * ABUSE
CONTACT: [email protected] IN CASE OF HACK ATTACKS, *
remarks: * ILLEGAL
ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. *
remarks: ************************************************************
mnt-by: DTAG-NIC
changed: [email protected]
20001026
changed: [email protected]
20030211
source: RIPE
*************************
68.32.248.225 ms-sql-s(1433)
Le 6-1-2004 à 4h10
TCP(Inbound)
--> mon port 27374
pcp03135902 pcs.mrdian01.ms.comcast.net
Houston? Texas US
NET-68-32-240-0-1[4096]
CustName: Comcast
Cable Communications, Inc.
Address: 3 Executive Campus
Address: 5th Floor
City:
Cherry Hill
StateProv: NJ -> New Jersey
PostalCode: 08002
Country: US
RegDate: 2003-03-18
Updated: 2003-03-18
NetRange: 68.32.240.0 - 68.32.255.255
CIDR:
68.32.240.0/20
NetName: MERIDIAN-1
NetHandle: NET-68-32-240-0-1
Parent: NET-68-32-0-0-1
NetType: Reassigned
Comment: NONE
RegDate: 2003-03-18
Updated: 2003-03-18
TechHandle: IC161-ARIN
TechName: Comcast Cable Communications,
Inc.
TechPhone: +1-856-317-7300
TechEmail: [email protected]
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and
Policy Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: [email protected]
OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications,
Inc.
OrgTechPhone: +1-856-317-7300
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-12-27
19:15
************************
81.9.138.36:2365 --> 27374
Le 9-1-2004 à 6h06 (Haut
Risque)
TCP(Inbound)
[8192]
cmr-81-9-138-36.telecable.es
inetnum: 81.9.128.0
- 81.9.159.255
netname:
TELECABLE
descr:
TeleCable
country:
ES -> Espagne
remarks: For security
related problems contact:
remarks: -
[email protected]
remarks: For problems
relating electronic mail abuse contact:
remarks: -
[email protected]
remarks: - Port
scanning related problems:
remarks: -
[email protected]
admin-c: JGC25-RIPE
tech-c: JPI9-RIPE
status: ASSIGNED
PA
mnt-by: SPTA-MNT
notify: [email protected]
source: RIPE
changed: [email protected]
20021015
********************
61.238.102.99:3372->
mon port 2737
[131072]
Le 10-1-2004 à 0h00 ->
TCP(Inbound]
Backdoor/SubSevenTrojan Horsed
Bloked
6123810299.ctinets.com
inetnum: 61.238.0.0
- 61.239.255.255
netname: CTIHK
descr: City
Telecom (H.K.) Ltd.
descr:
Internet Service Provider in Hong Kong
country: HK
-> Hong Kong
admin-c: CH134-AP
tech-c: SL113-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-HK-CTI
remarks: This object
can only be modified by APNIC hostmaster
remarks: If you
wish to modify this object details please
remarks: send email
to [email protected] with your organisation
remarks: account
name in the subject line.
changed: [email protected]
20031110
status: ALLOCATED
PORTABLE
source: APNIC
***************8
24.150.121.96:2946 -> 27374
Le 14-1-2004 à 13h55
-> TCP (Inbound)
d150-121-96.home.cgocable.net
CustName: Cogeco
Cable Solutions
Address: 950 Syscon Drive
City:
Burlington
StateProv: ON -> Ontario,
Canada
PostalCode: L7R 4S6
Country: CA
RegDate: 2002-01-09
Updated: 2002-01-09
NetRange: 24.150.112.0 - 24.150.127.255
CIDR: 24.150.112.0/20
NetName: CGOC-HALA2-1
NetHandle: NET-24-150-112-0-1
Parent: NET-24-150-0-0-1
NetType: Reassigned
Comment:
RegDate: 2002-01-09
Updated: 2002-01-09
TechHandle: IS7-ORG-ARIN
TechName: Cogeco Cable
TechPhone: +1-905-333-7055
TechEmail: [email protected]
OrgAbuseHandle: INTER3-ARIN
OrgAbuseName: Internet Abuse
OrgAbusePhone: +1-905-333-5343
OrgAbuseEmail: [email protected]
OrgTechHandle: INS2-ARIN
OrgTechName: IP Network Service
OrgTechPhone: +1-905-333-7055
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-12-31
19:15
******************
68.144.219.228
h68.144.219.228.cg.shawcable.net
NET-68-144-0-0-1[524288]
Le 17-01-2004 entre 0h et 5h30
OrgName: Shaw
Communications Inc.
OrgID: SHAWC
Address: Suite 800
Address: 630 - 3rd Ave.
SW
City: Calgary
StateProv: AB->Alberta
PostalCode: T2P-4L4
Country: CA->Canada
NetRange: 68.144.0.0 - 68.151.255.255
CIDR:
68.144.0.0/13
NetName: SHAW-COMM
NetHandle: NET-68-144-0-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: NS2SO.CG.SHAWCABLE.NET
NameServer: NS1SO.CG.SHAWCABLE.NET
Comment: ADDRESSES WITHIN
THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-06-03
Updated: 2003-12-16
OrgAbuseHandle: SHAWA-ARIN
OrgAbuseName: SHAW ABUSE
OrgAbusePhone: +1-403-750-7420
OrgAbuseEmail: [email protected]
OrgTechHandle: ZS178-ARIN
OrgTechName: Shaw High-Speed Internet
OrgTechPhone: +1-403-750-7428
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-15
19:15
# Enter ? for additional hints on searching
ARIN's WHOIS database.
OrgName: Shaw Communications
Inc.
OrgID: SHAWC
Address: Suite 800
Address: 630 - 3rd Ave.
SW
City:
Calgary
StateProv: AB
PostalCode: T2P-4L4
Country: CA
Comment:
RegDate: 2003-03-05
Updated: 2003-04-10
AbuseHandle: SHAWA-ARIN
AbuseName: SHAW ABUSE
AbusePhone: +1-403-750-7420
AbuseEmail: [email protected]
AdminHandle: ZS178-ARIN
AdminName: Shaw High-Speed Internet
AdminPhone: +1-403-750-7428
AdminEmail: [email protected]
TechHandle: ZS178-ARIN
TechName: Shaw High-Speed Internet
TechPhone: +1-403-750-7428
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-15
19:15
***********************
204.210.216.66:3638->27374
Le 18-1-2004 À 21h03
TCP(Inbound)
Chicago?
OrgName: Road
Runner
OrgID: RRMA
Address: 13241 Woodland Park
Road
City:
Herndon
StateProv: VA
PostalCode: 20171
Country: US
ReferralServer: rwhois://ipmt.rr.com:4321
NetRange: 204.210.0.0 - 204.210.255.255
CIDR: 204.210.0.0/16
NetName: ROAD-RUNNER-4
NetHandle: NET-204-210-0-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.RR.COM
NameServer: DNS2.RR.COM
NameServer: DNS3.RR.COM
NameServer: DNS4.RR.COM
Comment:
RegDate: 2000-06-09
Updated: 2002-08-22
TechHandle: ZS30-ARIN
TechName: ServiceCo LLC
TechPhone: +1-703-345-3416
TechEmail: [email protected]
OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: [email protected]
OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-16
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Road Runner
OrgID: RRMA
Address: 13241 Woodland Park
Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
Comment: Allocations for this
OrgID serve Road Runner residential customers out of the Columbus, OH,
Herndon, VA and Raleigh, NC RDCs.
RegDate:
Updated: 2003-10-30
ReferralServer: rwhois://ipmt.rr.com:4321
AbuseHandle: ABUSE10-ARIN
AbuseName: Abuse
AbusePhone: +1-703-345-3416
AbuseEmail: [email protected]
AdminHandle: IPADD-ARIN
AdminName: IPADDREG
AdminPhone: +1-703-345-3151
AdminEmail: [email protected]
TechHandle: IPTEC-ARIN
TechName: IP Tech
TechPhone: +1-703-345-3416
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-16
19:15
***************
67.126.115.128:3835 -> mon 27374
Le 18-01-2004 à 18h47
TCP(Inbound)
NET-67-126-114-0-1[512]
adsl-67-126-115-128.dsls.snfc21.pacbell.net
CustName: PPPoX Pool
- bras1.snfc21
Address: 268 Bush St #5000
City:
San Francisco
StateProv: CA->Californie
PostalCode: 94104
Country: US
RegDate: 2003-07-16
Updated: 2003-07-16
NetRange: 67.126.114.0 - 67.126.115.255
CIDR: 67.126.114.0/23
NetName: SBC067126114000030715
NetHandle: NET-67-126-114-0-1
Parent: NET-67-112-0-0-1
NetType: Reassigned
Comment: For Policy Abuse issues,
contact: [email protected]
Comment: For Technical issues,
contact: [email protected]
RegDate: 2003-07-16
Updated: 2003-07-16
TechHandle: PIA2-ORG-ARIN
TechName: IPAdmin-PBI
TechPhone: +1-888-212-5411
TechEmail: [email protected]
OrgAbuseHandle: APB2-ARIN
OrgAbuseName: Abuse - Pacific Bell
OrgAbusePhone: +1-888-212-5411
OrgAbuseEmail: [email protected]
OrgNOCHandle: SPBI-ARIN
OrgNOCName: Support - Pacific Bell
Internet
OrgNOCPhone: +1-888-212-5411
OrgNOCEmail: [email protected]
OrgTechHandle: PIA2-ORG-ARIN
OrgTechName: IPAdmin-PBI
OrgTechPhone: +1-888-212-5411
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-02
19:15
************************
142.217.183.108:3645 -> 27374
TCP(Inbound) Le
19-01-2004 à 7h42
ntl-183-108.telebecinternet.net
NET-142-217-0-0-1 [65536]
OrgName: Telebec
OrgID: TBEC
Address: 7151
rue Jean-Talon Est., Bureau 600
City:
Anjou
StateProv: Québec
PostalCode: H1M 3N8
Country: Canada
NetRange: 142.217.0.0 - 142.217.255.255
CIDR: 142.217.0.0/16
NetName: TELEBECNET
NetHandle: NET-142-217-0-0-1
Parent: NET-142-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.LINO.COM
NameServer: NS1.LINO.QC.CA
Comment: Use [email protected]
to report Spam, Abuse, Virus,
Comment: Copyright infringement,
Scanning, Hacking from this IP class range. Thank
Comment: You.
RegDate: 1992-10-28
Updated: 2003-01-13
AbuseHandle: IP1421-ARIN
AbuseName: IP-142-217-ABUSE
AbusePhone: +1-819-824-7300
AbuseEmail: [email protected]
NOCHandle: IP142-ARIN
NOCName: IP-142-217-ADMINSTRATOR
NOCPhone: +1-819-824-7300
NOCEmail: [email protected]
TechHandle: ML979-ARIN
TechName: Labrecque, Michel
TechPhone: +1-514-493-5558
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-12-20
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Telebec
OrgID: TBEC
Address: 7151 rue Jean-Talon
Est., Bureau 600
City: Anjou
StateProv: Quebec
PostalCode: H1M 3N8
Country: CA
Comment:
RegDate: 1992-10-28
Updated: 1997-05-01
# ARIN WHOIS database, last updated 2003-12-20
19:15
***************
142.166.15.12:(2955)
Le 21-01-2004 à 16h29
HTTP_IIS_ISAPI_Extension (risque
élevé)
NET-142-166-0-0-1[65536]
OrgName: Stentor
National Integrated Communications Network
OrgID: SNI1
Address: One Brunswick Square
City:
Saint John
StateProv: NB-> Nouveau-Brunswick
PostalCode: E2L 4K2
Country: CA ->
Canada
NetRange: 142.166.0.0 - 142.166.255.255
CIDR: 142.166.0.0/16
NetName: ALIANT-TEL-142-166
NetHandle: NET-142-166-0-0-1
Parent: NET-142-0-0-0-0
NetType: Direct Allocation
NameServer: OPAL.NBNET.NB.CA
NameServer: ONYX.NBNET.NB.CA
Comment:
RegDate: 1992-08-26
Updated: 2002-12-04
AbuseHandle: ABUSE24-ARIN
AbuseName: Abuse Contact
AbusePhone: +1-506-694-6270
AbuseEmail: [email protected]
NOCHandle: ZA161-ARIN
NOCName: Aliant Telecom
NOCPhone: +1-506-694-6270
NOCEmail: [email protected]
TechHandle: ZA161-ARIN
TechName: Aliant Telecom
TechPhone: +1-506-694-6270
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-17
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Stentor National Integrated
Communications Network
OrgID: SNI1
Address: One Brunswick Square
City: Saint
John
StateProv: NB
PostalCode: E2L 4K2
Country: CA
Comment:
RegDate: 1992-08-26
Updated: 2001-11-28
# ARIN WHOIS database, last updated 2004-01-17
19:15
************************
24.198.51.68:4066 ->
Backdoor-g-1(1243)
TCP (Inbound)
Road Runner RR-3-NORTH
Portland, ME(Maine), USA
ptd-24-198-51-68.maine.rr.com
NET-24-198-0-0-1[65536]
OrgName: Road
Runner
OrgID: RRNY
Address: 13241 Woodland Park
Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
ReferralServer: rwhois://ipmt.rr.com:4321
NetRange: 24.198.0.0 - 24.198.255.255
CIDR: 24.198.0.0/16
NetName: RR-3-NORTHEAST
NetHandle: NET-24-198-0-0-1
Parent: NET-24-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.RR.COM
NameServer: DNS2.RR.COM
NameServer: DNS3.RR.COM
NameServer: DNS4.RR.COM
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2001-08-03
Updated: 2002-11-25
TechHandle: ZS30-ARIN
TechName: ServiceCo LLC
TechPhone: +1-703-345-3416
TechEmail: [email protected]
OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: [email protected]
OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-21
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Road Runner
OrgID: RRNY
Address: 13241 Woodland Park
Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
Comment: Allocations for this
OrgID serve Road Runner residential customers out of the New York City,
NY and Syracuse, NY RDCs.
RegDate: 2000-09-28
Updated: 2003-11-03
ReferralServer: rwhois://ipmt.rr.com:4321
AbuseHandle: ABUSE10-ARIN
AbuseName: Abuse
AbusePhone: +1-703-345-3416
AbuseEmail: [email protected]
AdminHandle: IPADD-ARIN
AdminName: IPADDREG
AdminPhone: +1-703-345-3151
AdminEmail: [email protected]
TechHandle: IPTEC-ARIN
TechName: IP Tech
TechPhone: +1-703-345-3416
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-21
19:15
*******************
24.231.195.89:4823 -> 27374
TCP (Inbound)
à 4h15 le 24-1-2004
Chicago ? Michigan
24.231.195.89.bay.mi.chartermi.net
NET-24-231-128-0-1[32768]
OrgName: Charter
Communications
OrgID: CC04
Address: 12405 Powerscourt
Dr.
City: St.
Louis
StateProv: MO
PostalCode: 63131
Country: US
NetRange: 24.231.128.0 - 24.231.255.255
CIDR: 24.231.128.0/17
NetName: CHARTER-MI-5BLK
NetHandle: NET-24-231-128-0-1
Parent: NET-24-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CHARTERMI.NET
NameServer: NS2.CHARTERMI.NET
NameServer: NS3.CHARTERMI.NET
NameServer: NS4.CHARTERMI.NET
Comment:
RegDate: 2003-02-11
Updated: 2003-10-01
TechHandle: MC978-ARIN
TechName: Charter Communications
TechPhone: +1-800-545-8926
TechEmail: [email protected]
AbuseHandle: CCMR-ARIN
AbuseName: Charter Communications
AbusePhone: +1-800-545-8926
AbuseEmail: [email protected]
NOCHandle: MC978-ARIN
NOCName: Charter Communications
NOCPhone: +1-800-545-8926
NOCEmail: [email protected]
OrgAbuseHandle: ABUSE19-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-314-288-3111
OrgAbuseEmail: [email protected]
OrgTechHandle: IPADD1-ARIN
OrgTechName: IPAddressing
OrgTechPhone: +1-314-288-3889
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-12-28
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Charter Communications
OrgID: CC04
Address: 12405 Powerscourt
Dr.
City: St.
Louis
StateProv: MO
PostalCode: 63131
Country: US
Comment:
RegDate:
Updated: 2003-06-11
AbuseHandle: ABUSE19-ARIN
AbuseName: Abuse
AbusePhone: +1-314-288-3111
AbuseEmail: [email protected]
AdminHandle: IPADD1-ARIN
AdminName: IPAddressing
AdminPhone: +1-314-288-3889
AdminEmail: [email protected]
TechHandle: IPADD1-ARIN
TechName: IPAddressing
TechPhone: +1-314-288-3889
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-12-28
19:15
********************8
134.22.68.138:4482
TCP(iNBIUND)
9H35 lE 28-01-2004
dyn-68-138.tor.dsl.tht.net
NET-134-22-0-0-1[65536]
OrgName: Gandalf
Technologies Inc.
OrgID: GANDAL
Address: 130 Colonnade Road
South
City: Nepean
StateProv: ON-> Ontario
PostalCode:
Country: CA -> Canada
NetRange: 134.22.0.0 - 134.22.255.255
CIDR: 134.22.0.0/16
NetName: GANDALF
NetHandle: NET-134-22-0-0-1
Parent: NET-134-0-0-0-0
NetType: Direct Assignment
NameServer: TORONTO.TRENDS.CA
NameServer: NS.TRENDS.CA
NameServer: NS.THT.NET
Comment:
RegDate:
Updated: 2001-07-05
TechHandle: TE157-ARIN
TechName: EL Hassani, Tarek R
TechPhone: +1-613-592-3636
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-03
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Gandalf Technologies
Inc.
OrgID: GANDAL
Address: 130 Colonnade Road
South
City: Nepean
ON
StateProv:
PostalCode:
Country: CA
Comment:
RegDate:
Updated: 2001-07-05
# ARIN WHOIS database, last updated 2004-01-03
19:15
***********
61.84.144.84:2952
-> NetBus(12345)
Le 29-01-2004 à 23h04
TCP (Inbound)
NETWORK: 61.84.144.84[256]
inetnum: 61.84.144.0
- 61.84.144.255
netname: KORNET-INFRA000001-KR
descr: Korea
Telecom
descr:
206 Jungja-dong, Bundang-gu, Sungnam city, Gyunggi-do, Korea, 463-711
descr:
GYUNGGI
descr:
463-711
country: KR
admin-c: PY8419-KR
tech-c: KJ8523-KR
remarks: This IP
address space has been allocated to KRNIC.
remarks: For more
information, using KRNIC Whois Database
remarks: whois
-h whois.nic.or.kr
mnt-by: MNT-KRNIC-AP
remarks: This information
has been partially mirrored by APNIC from
remarks: KRNIC.
To obtain more specific information, please use the
remarks: KRNIC
whois server at whois.krnic.net.
changed: [email protected]
20040112
source: KRNIC
**********************8
200.179.254.91(4086)->http(80)
le 30-01-2004 à 10h42
HTTP_IIS_ISAPI_EXTENSION
Rio de Janeiro?
17925491.rjo.virtua.com.br
NET-200-0-0-0-1[16777216]
OrgName: Latin
American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City: Montevideo
StateProv:
PostalCode: 11500
Country: UY
-> Uruguay
ReferralServer: whois://whois.lacnic.net
NetRange: 200.0.0.0 - 200.255.255.255
CIDR: 200.0.0.0/8
NetName: LACNIC-200
NetHandle: NET-200-0-0-0-1
Parent:
NetType: Allocated to LACNIC
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.ORG
NameServer: NS.DNS.BR
NameServer: NS2.DNS.BR
Comment: This IP address range
is under LACNIC responsibility for further
Comment: allocations to users
in LACNIC region.
Comment: Please see http://www.lacnic.net/
for further details, or check the
Comment: WHOIS server located
at whois.lacnic.net
RegDate: 2002-07-27
Updated: 2003-06-12
TechHandle: LACNIC-ARIN
TechName: LACNIC Hostmaster
TechPhone: (+55) 11 5509-3522
TechEmail: [email protected]
OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Hostmaster
OrgTechPhone: (+55) 11 5509-3522
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-29
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Latin American and
Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City: Montevideo
StateProv:
PostalCode: 11500
Country: UY
Comment:
RegDate: 2002-07-27
Updated: 2003-08-29
ReferralServer: whois://whois.lacnic.net
AdminHandle: LACNIC-ARIN
AdminName: LACNIC Hostmaster
AdminPhone: (+55) 11 5509-3522
AdminEmail: [email protected]
TechHandle: LACNIC-ARIN
TechName: LACNIC Hostmaster
TechPhone: (+55) 11 5509-3522
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-29
19:15
************************
67.83.51.3 : 2019 -> 27374
TCP(Inbound) -> attaque de Haut
Risque
Washington? USA
Le 01-02-2004 à 9h00
NET-67-83-48-0-1[2049]
ool-43533303.dyn.optonline.net
CustName: Optimum
Online (Cablevision Systems)
Address: 111 New South Road
City: Hicksville
StateProv: NY -> New York
PostalCode: 11801
Country: US
RegDate: 2004-01-14
Updated: 2004-01-14
NetRange: 67.83.48.0 - 67.83.55.255
CIDR: 67.83.48.0/21
NetName: OOL-65FRHDNJ3-0821
NetHandle: NET-67-83-48-0-1
Parent: NET-67-80-0-0-1
NetType: Reassigned
Comment:
RegDate: 2004-01-14
Updated: 2004-01-14
TechHandle: OH4-ORG-ARIN
TechName: OOL Hostmaster
TechPhone: +1-516-803-3000
TechEmail: [email protected]
OrgAbuseHandle: OOLAB-ARIN
OrgAbuseName: OOL Hostmaster
OrgAbusePhone: +1-516-803-2400
OrgAbuseEmail: [email protected]
OrgTechHandle: OH4-ORG-ARIN
OrgTechName: OOL Hostmaster
OrgTechPhone: +1-516-803-3000
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-01-30 19:15
67.83.51.3 : netshow(1755)
-> 27374
le 2-2-2004 à 23h13 ( durant que je cliquait
sur Micrsoft Server... etc -> vers mon site])
********************
&&&&&&&&&&&&&&&&&&
***************************
149.98.160.87
Le 18-02-2004
NMap Nul Scan
-> b1ncfp25
de 14877 -> 18337
NET-149-98-0-0-1
OrgName: Eastman
Kodak Company
OrgID: EASTMA
Address: IP Management Services
Address: 1999 Lake Avenue
City: Rochester
StateProv: NY -> New York
PostalCode: 14650-2203
Country: US
NetRange: 149.98.0.0 - 149.98.255.255
8001
149.9../6
eHnl: E-4-8001de NT199---
aet E-4----
eTp: ietAsgmn
aeevr KS2KDKCMNmSre:EN0.OA.O
aeevr SKDKCMCMNmSre:N.OA.O
eDt: 930-0 19-33
pae: 031-1
rTcPoe +-8-2-00may ata oa opn Ogehhn: 1557440
rTcEal iamnkdkcm
ne o diinlhnso erhn RNsWOSdtbs.adtoa
it nsacigAI' HI aaae
rI: ATAKdkCmayOgD ESM
drs: 99Lk vnevcsAdes 19 aeAeu
iy ohse
otloe 45-23d:16020
omn: SCmet
pae: 030-7Udtd 20-61
diHnl:Z6-RN
diNm: EsmnKdkCmay
diEal iamnkdkcmmnmi: [email protected]
ehae ata oa opn EsmnKdkCmay
ehhn: 1557440
ehmi: [email protected]
RNWOSdtbs,ls pae 040-81:5
ne o diinlhnso erhn RNsWOSdtbs.
************
203.223.40.1(60354)
Le 4-3-2002 à 9h42
HTTP_IS_ISAPI_Extension attak
-> http(80) de b1ncfp25
NETWORK 203.223.40.1[4096]
inetnum: 203.223.32.0
- 203.223.47.255
netname: CAMNET
descr: Ministry
of Posts and Telecommunication Cambodia(MPTC)
descr:
WAT PHNOM, corner of streets 102/13,
descr:
Phnom Penh - CAMBODIA (Cambodge)
country: KH
admin-c: CM185-AP
tech-c: DC236-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-KH-CAMNET
changed: [email protected]
20010412
status: ALLOCATED
PORTABLE
source: APNIC
********************
212.235.53.119:3525 [8192]
3h27 le 7-3-2004
TCP (Inbound) attack
-->> NetBus(12345)
Netvision's cables services
DSL212-235-53-119.bb.net
Israël (IL)
**************
65.94.249.57(37321)
17h14 le 10-04-2004
TCP_Xmas_Scan => Low
TCP.
VISION_GLOBALE(192.168.0.124)
http(80)
NET-65-94-0-0-1
MTL-HSE-ppp207121.qc.sympatico.ca
65.94.249.231(47618) à
17h15 le 11-4-2004 (2e fois -> même chose)
MTL-HSE-ppp207295.qc.sympatico.ca
65.94.249.180(55063)
à 19h40 le 12-4-2004 (3e fois -> même chose)
MTL-HSE-ppp207244.qc.sympatico.ca
65.94.249.140(40022)
à 19h02 le 15-4-2004 (4e fois -> même chose)
MTL-HSE-ppp207458.qc.sympatico.ca
65.94.250.47(58707)
à 8h30 le 17-4-2004 (5e fois -> même chose)
MTL-HSE-ppp207365.qc.sympatico.ca
CustName: Bell Nexxia
(Prod)
Address: 671
De la Gauchetiere
City:
Montreal
StateProv: Quebec
PostalCode: H3B 2M8
Country: CA
RegDate: 2002-02-07
Updated: 2002-02-07
NetRange: 65.94.0.0 - 65.94.255.255
CIDR: 65.94.0.0/16
NetName: NEXXIA0130-CA
NetHandle: NET-65-94-0-0-1
Parent: NET-65-92-0-0-1
NetType: Reassigned
Comment:
RegDate: 2002-02-07
Updated: 2002-02-07
TechHandle: PD135-ARIN
TechName: Daoust, Philippe
TechPhone: +1-800-450-7771
TechEmail: [email protected]
OrgTechHandle: SYSAD1-ARIN
OrgTechName: Sys Admin
OrgTechPhone: +1-613-785-0886
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-03-18 19:15
http://securityresponse.symantec.com/avcenter/nis_ids/sigs/tcp_xmas_scan.html
Tcp_Xmas_Scan
Severity: Low
This attack poses a minor threat. Corrective action may not be possible or is not required.
Attack Category: Suspicious Activity
Anomalous network conditions or traffic patterns. A suspicious activity signature, for example, might detect two systems with identical IP addresses, a condition that indicates an attempted IP spoofing attack.
Description
This signature detects a TCP packet that contains a sequence number of zero, and with the FIN, URG, and PUSH bits set. Sending invalid combinations can result in DoS, Enumerations, and Reconnaissance.
Additional Information
There are reported incidents where legitimate traffic may cause an intrusion detection system to raise "false positive" alerts for this event.
Links
IDS144/SCAN_PROBE-FULL_XMAS_SCAN
http://www.whitehats.com/info/ids144
Vulnerable Components
None Listed
IDS144 "PROBE-FULL_XMAS_SCAN"
Platform(s): unix windows
device
Category: scan
Classification: Information
Gathering Attempt
CVE nomatch
Bugtraq nomatch
advICE 2000308
Summary
This event indicates that an intruder is scanning your computer for available TCP services by sending "Xmas-tree" packets. These packets have the a sequence number of zero and the SYN, FIN, ACK, URG, PSH, and RST flags set. This packet should never be seen in normal TCP operation.
How Specific
This event is specific to a vulnerability, but may have been caused by any of several possible exploits. Packet payload is not considered in the signatures used to detect this attack.
Trusting The Source IP Address
Although this event was caused by a TCP packet, the packet is not thought to be a part of an existing TCP session. Therefor the source IP address could be easily forged. It has been noted that the intruder is likely to expect or desire a response to their packets, so it may be likely that the source IP address is not spoofed.
False Positives
There are reported incidents where legitimate
traffic may cause an intrusion detection system to raise "false positive"
alerts for this event. The following details have been reported:
With the ack set to zero, and these options,
the packet is almost guaranteed to not occur naturally.
Protocol details... (ip header, tcp/udp/icmp
header, payload data)
Research details... (packet captures,
background, credits)
IDS Signatures... (dynamically generated
signatures for free and commercial IDS)
Copyright © 2001 Whitehats, Inc. All rights reserved.
******************
67.234.73.166 (1ière
fois)
67.234.73.61 (2re
fois)(Le 20-04-2004 à 13h01
Invalide TCP Source Port
18h54 le 13-04-2004
Dallas, Texas, USA
1Cust166.tnt28.dfw9.da.uu.net
NET-67-192-0-0-1 [4194304]
OrgName: UUNET
Technologies, Inc.
OrgID: UUDA
Address: 22001 Loudoun County
Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US
NetRange: 67.192.0.0 - 67.255.255.255
CIDR: 67.192.0.0/10
NetName: UUNET01DU
NetHandle: NET-67-192-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: DIALDNS1.UU.NET
NameServer: DIALDNS2.UU.NET
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2001-09-13
Updated: 2002-03-25
TechHandle: OA12-ARIN
TechName: UUnet Technologies, Inc.,
Technologies
TechPhone: +1-800-900-0241
TechEmail: [email protected]
OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: [email protected]
OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet Technologies, Inc.,
Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: [email protected]
OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-03-17
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: UUNET Technologies,
Inc.
OrgID: UUDA
Address: 22001 Loudoun County
Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US
Comment:
RegDate: 1990-08-03
Updated: 2003-04-25
AbuseHandle: ABUSE3-ARIN
AbuseName: abuse
AbusePhone: +1-800-900-0241
AbuseEmail: [email protected]
AdminHandle: KERRM-ARIN
AdminName: Kerr, Mike
AdminPhone: +1-703-886-2251
AdminEmail: [email protected]
NOCHandle: OA12-ARIN
NOCName: UUnet Technologies, Inc.,
Technologies
NOCPhone: +1-800-900-0241
NOCEmail: [email protected]
TechHandle: SWIPP-ARIN
TechName: swipper
TechPhone: +1-800-900-0241
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-03-17 19:15
*************************
216.236.142.146(50230)
Le 20-04-2004 à 21h21
URL_Directory_Tranversal (high)
New York ?
OrgName: EVEREST
BROADBAND NETWORKS
OrgID: EVER
Address: One Executive Drive,
Suite 170
City: Fort
Lee
StateProv: NJ -> New Jersey
PostalCode: 07024
Country: US
NetRange: 216.236.128.0 - 216.236.159.255
CIDR: 216.236.128.0/19
NetName: EBN-B1
NetHandle: NET-216-236-128-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EVERESTBROADBAND.COM
NameServer: NS2.EVERESTBROADBAND.COM
Comment: ADDRESSES WITHIN THIS
BLOCK ARE NON-PORTABLE
RegDate: 2000-11-17
Updated: 2001-07-10
TechHandle: ZE42-ARIN
TechName: Everest Broadband Networks
TechPhone: +1-201-346-1671
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-04-15
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
Ever Crypt Inc. (EVERC-1)
EVER FRESH FRUIT CO (EFF-3)
EVER PERFECT SYSTEMS (EPS-21)
EVER PERFECT SYSTEMS2 (EPS-43)
EVEREST BROADBAND NETWORKS (EVER)
# ARIN WHOIS database, last updated 2004-04-15
19:15
***********************8
61.153.235.162(3017) Le 21-4-4
à 7h40
HTTP_IIS_ISAPI_Extension
Chine
Chinanet-ZJ Jiaxing node Network
NETWORK 61.153.235.162[4096]
inetnum: 61.153.224.0
- 61.153.239.255
netname: CHINANET-ZJ-JX
descr:
CHINANET-ZJ Jiaxing node network
descr:
Zhejiang Telecom
country: CN
admin-c: CZ4-AP
tech-c: CJ55-AP
status: ALLOCATED
NON-PORTABLE
mnt-by: MAINT-CHINANET-ZJ
mnt-lower: MAINT-CN-CHINANET-ZJ-JX
changed: [email protected]
20031205
source: APNIC
***********************
216.223.107.128(2985)
MS_IIS_CGI_Decode_Cmd_
Execution
15h15 le 30-4-2004
medium
NET-216-223-64-0-1[16384]
OrgName: Greater
Sudbury Telecommunications Inc.
OrgID: GST-13
Address: 500 Regent
City:
Sudbury
StateProv: ON
PostalCode: P3E-3Y2
Country: CA
NetRange: 216.223.64.0 - 216.223.127.255
CIDR: 216.223.64.0/18
NetName: SUDBURYWIRED-2BLK
NetHandle: NET-216-223-64-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.GSTINETWORKS.COM
NameServer: NS2.GSTINETWORKS.COM
Comment: Reassignment information
can be found in ARIN's database
RegDate: 1999-04-27
Updated: 2004-03-16
OrgTechHandle: SUPPO81-ARIN
OrgTechName: support
OrgTechPhone: +1-705-675-0516
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-04-22
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Greater Sudbury Telecommunications
Inc.
OrgID: GST-13
Address: 500 Regent
City: Sudbury
StateProv: ON
PostalCode: P3E-3Y2
Country: CA
Comment:
RegDate: 2003-12-18
Updated: 2003-12-18
AdminHandle: ADMIN289-ARIN
AdminName: admin
AdminPhone: +1-705-675-0516
AdminEmail: [email protected]
TechHandle: SUPPO81-ARIN
TechName: support
TechPhone: +1-705-675-0516
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-04-22
19:15
**********************
221.115.198.242(2750)
Le 10-05-2004 à 23h11
MS_IIS_CGI_Decode_Cmd_Execution attack
NET-221-0-0-0-1[16777216]
[usen-221x115x198x242.ap-US01.usen.ad.jp
OrgName: Asia
Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City:
Milton
StateProv: QLD
PostalCode: 4064
Country: AU
-> Australie
ReferralServer: whois://whois.apnic.net
NetRange: 221.0.0.0 - 221.255.255.255
CIDR: 221.0.0.0/8
NetName: APNIC7
NetHandle: NET-221-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: NS.RIPE.NET
NameServer: TINNIE.ARIN.NET
Comment: This IP address range
is not registered in the ARIN database.
Comment: For details, refer
to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or
http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE:
APNIC is the Regional Internet Registry
Comment: for the Asia Pacific
region. APNIC does not operate networks
Comment: using this IP address
range and is not able to investigate
Comment: spam or abuse reports
relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate:
Updated: 2004-03-30
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-04-17
19:15
# Enter ? for additional hints on searching ARIN's
WHOIS database.
OrgName: Asia Pacific Network
Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
Comment:
RegDate:
Updated: 2004-03-01
ReferralServer: whois://whois.apnic.net
AdminHandle: AWC12-ARIN
AdminName: APNIC Whois Contact
AdminPhone: +61 7 3858 3100
AdminEmail: [email protected]
TechHandle: AWC12-ARIN
TechName: APNIC Whois Contact
TechPhone: +61 7 3858 3100
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-04-17 19:15