People...
I was wondering what kind of scans other people on fixed IP's get per day from log files.
I have cut out all the scans from dubious sources over the last three days and resolved the company and location names.
My firewall is not a public website and I don't advertise it to anyone, yet I get quite a few different scans ranging from a simple ping the host to RPC portmapping checking.
Here's some interesting viewing 8-)
---- 16/04/01 ----
(fn2.freenet.edmonton.ab.ca) Edmonton Community Network libary in Edmonton, Alberta
"ICMP request"
(goldencat.middlebury.edu) Middlebury College, Middlebury, Vermont
"ICMP request"
(goldencat.middlebury.edu) Middlebury College, Middlebury, Vermont
"Tried to view website port"
----17/04/01----
(203.247.218.1)The Korean Operations Research and Management Science Society; Seoul
"Tried to find DNS port"
(66.35.227.99) Exodus Communications Inc.SantaClara-8
"Tried to find DNS port"
(plp05.edv.uniovi.es) Universidad de Oviedo; Spain
"tried to find FTP port"
---- 18/04/01----
(211.237.86.173) "lucent Technologies in China or korea"
"RPC services scan"
(cengunix.ceng.fatih.edu.tr) "Fatih University in Turkey"
"Scanned for DNS port"
(wwws-a.ucl.ac.uk) UCL london Uni eng/IT
"ICMP request"
(dns1.tsfds.de) "T + S Datentechnik Freudenstadt Germany"
"Scanning for FTP port from DNS port"
(seosane.es.kr) ?? some Korea site
"Scanned for portmapper services from high port 1023<"
(ns01.ftghome.com) "Fusion Technology Group on the Wing.Net network"
"scanned for portmapper RPC from portmapper RPC port"
(hpma901.external.hp.com) "Hewlett-Packard Company"
"Icmp request"
(hsi5.asuk.net) ASUK service ISP
"scanned for portmapper RPC from portmapper RPC port"
"system broken into at 2am 18th, ISP has shut it down now"
(203.232.4.4) "Korea Telecom ISP, Nanum infomration tech"
"scanned for FTP port"
"scanned for RPC mapper from RPC mapper"
Anyone else get the same kind of scans or am I just a kiddy script magnet. ?
Cheers,
/Raz
|