Local Information - Detected Port Scans


The way this information is being collected is going through considerable change and there has been a lack of updates recently. We are in the process of bringing you a live and searchable database being updated by multiple Intrusion Detection Sensors. This will cover a much wider area and also give a more realistic analysis of scans.

You may ask, what is the purpose of this page? RHP Studios would like to show you the types of scans we receive, along with our clients, on a regular basis so that other businesses/individuals can modify their firewalls accordingly. The type of information we are going to include is useful to those who manage firewalls. This information has been pulled from firewall logs, portsentry, snort, and tcp dumps. Those pulled from Portsentry are automatically blocked and the count will remain at 1.

The IP addresses identified in "Originating IP" can easily be spoofed. You can block access at the firewall/router by IP address or filter the access to the port/service. The IP information is only included to differentiate between "mass port scans" and "targeted port scans" since each port scan is logged once per occurrence. A mass port scan targets entire ranges of networked computer systems whereas a targeted port scan would target only one individual computer. This information also shows that when a new vulnerability is found, within hours the scans for these vulnerabilities start and continue regularly for some time.

If you are the owner of one of the originating IP addresses that is static, and you feel this information is in error, please notify RHP Studios immediately via the contact link. This could indicate that someone other than you "Owns" your computer. These IP addresses have shown up on more than 1 system in which we manage and feel that the information is therefore accurate.

Security is vigilance.

Date
Time (GMT)
Type/Service
Count
Port
Originating IP
2001-03-27
12:32:33
RPC
1
111
202.96.137.37
2001-03-27
15:25:46
RPC
1
111
148.204.184.84
2001-03-28
00:55:05
FTP
2
21
128.121.2.138
2001-03-28
08:51:28
FTP
1
21
64.92.132.5
2001-03-28
13:40:45
RPC
1
111
24.240.212.131
2001-03-28
13:48:59
RPC
1
111
195.192.90.253
2001-03-28
18:25:37
DNS
1
53
207.228.250.34
2001-03-28
19:36:36
SOCKS
2
1080
64.40.50.30
2001-03-28
19:37:51
UDP
2
2511
64.40.50.30
2001-03-29
09:34:11
SMTP
2
25
65.33.41.221
2001-03-29
12:11:55
FTP
3
21
213.51.156.67
2001-03-30
08:26:50
TCP OS fingerprint
1
53
210.97.122.129
2001-03-30
19:15:18
DNS
2
53
210.204.3.1
2001-03-30
21:03:15
RPC
1
111
203.255.3.232
2001-03-31
01:29:13
SOCKS
3
1080
210.205.51.86
2001-03-31
01:44:34
DNS
2
53
139.130.214.208
2001-03-31
11:56:30
TCP OS fingerprint
1
6635
210.255.128.58
2001-03-31
21:06:20
RPC
1
111
211.184.80.129
2001-03-31
21:10:54
RPC
1
111
211.52.82.72
2001-03-31
21:29:37
SubSeven port probe
4
27374
24.141.86.143
2001-03-31
22:00:09
RPC
1
111
166.104.203.177
2001-04-01
03:06:30
FTP
3
21
207.91.104.3
2001-04-01
03:07:49
UDP
5
1285
207.91.104.3
2001-04-01
05:19:48
FTP
3
21
24.94.0.75
2001-04-01
15:59:52
SOCKS
2
1080
206.102.214.17
2001-04-02
05:11:51
SMTP
4
25
128.121.2.138
2001-04-02
05:13:06
UDP
10
1285
128.121.2.138
2001-04-02
08:17:45
DNS
3
53
211.4.245.19
2001-04-02
09:39:38
DNS
2
53
203.232.107.151
2001-04-02
13:54:40
TCP Port Probe
2
1008|10008
24.132.83.152
2001-04-02
15:02:43
SubSeven port probe
4
27374
24.112.184.248
2001-04-02
16:15:58
SubSeven port probe
2
27374
66.24.209.104
2001-04-02
16:37:00
NetBus port probe
4
12345
64.229.53.129
2001-04-02
18:33:55
TCP
2
515
195.86.248.76
2001-04-02
18:40:19
SubSeven port probe
4
27374
24.64.248.139
2001-04-02
18:49:01
TCP
1
515
202.70.24.24
2001-04-02
19:06:59
SubSeven port probe
1
27374
24.188.217.161
2001-04-02
20:01:42
TCP port probe
3
18207
24.185.21.71
2001-04-02
21:27:19
TCP port probe
4
18207
212.119.172.130
2001-04-02
21:39:56
TCP port probe
6
18207
209.222.190.56
2001-04-03
01:40:50
RPC TCP port probe
1
111
211.184.149.130
2001-04-03
03:01:54
TCP port probe
1
515
202.105.50.210
2001-04-03
14:31:53
RPC TCP port probe
2
111
192.153.157.239
2001-04-03
17:41:06
TCP port probe
3
515
4.3.82.190
2001-04-03
17:42:59
TCP port probe
1
515
64.105.23.170
2001-04-03
19:23:58
SubSeven port probe
1
27374
24.183.60.127
2001-04-04
00:00:53
RPC TCP port probe
1
111
210.115.127.15
2001-04-04
16:25:27
TCP port probe
2
515
4.3.82.190
2001-04-04
21:08:38
TCP port probe
4
12256
24.241.6.80
2001-04-04
21:14:12
TCP port probe
4
12256
206.141.203.78
2001-04-04
23:55:33
RPC TCP port probe
1
111
209.15.190.85
2001-04-05
05:59:05
RPC TCP port probe
2
111
216.223.48.52
2001-04-05
05:59:06
DNS TCP port probe
2
52
216.223.48.52
2001-04-05
06:24:29
SubSeven port probe
2
27374
24.183.188.45
2001-04-05
06:32:34
TCP port probe
2
515
140.112.175.56
2001-04-05
06:32:47
RPC TCP port probe
2
111
211.111.144.206

RHPS New IDS Server Reports

Beginning the 2nd week of April 2001, we implemented a new test Intrusion Detection System running on our RHPSecure Linux Operating System. We will post updates here, complete with packet header captures, tcp dumps, and related information.


Main Local News Index

Recommendations for all Maysville Area Computer Users

Top Viruses/Trojans/Worms found in last 12 months w/ descriptions

Maysville Linux Users Group


Keeping Your Data Safe!!!!


Copyright © 1998 - 2004 RHP Studios
All Rights Reserved!
Report errors to webmaster@rhpstudios.com
Last Updated on July 24,2004 @ 11:45 hrs EST