[CLUE-Tech] What would you all make of this?

cody at neosolv.net cody at neosolv.net
Tue Dec 18 16:35:14 MST 2001 

Should you have them, the actual log files would probably be more helpful 
in this analysis.  There are still tons of hosts out there 
infected/scanning due to code red and nimda, and those add unexpected 
web traffic and log entries.  Maybe that's the culprit?

cody



On Mon, 17 Dec 2001, Kevin Cullis wrote:

> Hi all,
> 
> Here's the stats from my web site, which currently only has a holder
> page on it, but here's the data from the web stats program:
> 
> Time	Date	Month	Bytes	Hits	Bytes	Domain
> 10:35:35	2	Dec	2001	2	21253	konserv.kalatehas.net
> 10:49:01	2	Dec	2001	2	21253	cpe002078cfbbf0.cpe.net.cable.rogers.com
> 10:50:39	2	Dec	2001	2	21253	pd90142a9.dip.t-dialin.net
> 10:51:38	2	Dec	2001	2	21253	atga34eay32ej.bc.hsia.telus.net
> 11:02:50	2	Dec	2001	2	21253	modemcable023.30-203-24.mtl.mc.videotron.ca
> 11:04:48	2	Dec	2001	2	21253	adsl-156-210-121.bct.bellsouth.net
> 11:07:32	2	Dec	2001	2	21253	pec-51-234.tnt8.me2.uunet.de
> 11:07:48	2	Dec	2001	2	21301	really.badf00d.org
> 11:11:01	2	Dec	2001	2	21253	h24-64-240-187.cg.shawcable.net
> 11:12:04	2	Dec	2001	2	21301	cache2.iskon.hr
> 11:13:32	2	Dec	2001	2	21253	ct819918-c.blmngtn1.in.home.com
> 11:28:31	2	Dec	2001	2	21253	cpe002078c9a54b.cpe.net.cable.rogers.com
> 11:30:45	2	Dec	2001	2	21253	adsl-64-164-10-178.dsl.snfc21.pacbell.net
> 11:31:33	2	Dec	2001	2	21253	ip134-053-218-180.s218.muohio.edu
> 11:37:51	2	Dec	2001	2	21253	styro.lib.muohio.edu
> 11:39:26	2	Dec	2001	2	21253	ras17-p76.rvt.netvision.net.il
> 11:41:57	2	Dec	2001	2	21253	h24-77-109-105.vc.shawcable.net
> 11:42:17	2	Dec	2001	2	21253	ci1895-a.lxintn1.ky.home.com
> 11:45:42	2	Dec	2001	2	21253	cj374301-b.indpdnce1.mo.home.com
> 12:00:16	2	Dec	2001	2	21253
> dialup-67.25.113.102.dial1.sanjose1.level3.net
> 12:11:22	2	Dec	2001	5	22643	209-239-217-82.lax.jps.net
> 12:12:56	2	Dec	2001	2	21277	inktomi1-bre.server.ntl.com
> 12:13:08	2	Dec	2001	3	21753	s7-236.r1.attbi.com
> 12:17:49	2	Dec	2001	2	21253	sdn-ar-013mokcitp258.dialsprint.net
> 12:18:50	2	Dec	2001	2	21301	cc820577-e.hwrd1.md.home.com
> 12:19:57	2	Dec	2001	2	21301	dsl-213-023-050-174.arcor-ip.net
> 12:21:15	2	Dec	2001	2	21253	24-216-166-10.hsacorp.net
> 12:22:14	2	Dec	2001	2	21253	tomas.guldheden.chalmers.se
> 12:24:23	2	Dec	2001	2	21253	cable-195-162-215-167.upc.chello.be
> 12:27:17	2	Dec	2001	1	13659	black-sheep.leeds.wwwcache.ja.net
> 12:27:25	2	Dec	2001	1	7642	olive.ulcc.wwwcache.ja.net
> 12:31:43	2	Dec	2001	3	21753	ep111.ips.paulbunyan.net
> 12:33:02	2	Dec	2001	3	21753	adsl-66-72-105-69.dsl.chcgil.ameritech.net
> 12:41:57	2	Dec	2001	2	21253	ppp-216-63-116-63.dialup.bumttx.swbell.net
> 12:47:59	2	Dec	2001	2	21253	dynaisdn7-156.knoware.nl
> 12:51:49	2	Dec	2001	1	13635	ppp-65-90-118-149.mclass.broadwing.net
> 12:56:48	2	Dec	2001	2	21253	proxy1.meijer.com
> 12:56:56	2	Dec	2001	2	21253	rdu57-8-204.nc.rr.com
> 12:58:36	2	Dec	2001	2	21253	adsl-65-69-60-93.dsl.stlsmo.swbell.net
> 13:02:40	2	Dec	2001	2	21301	adsl-63-202-183-186.dsl.snfc21.pacbell.net
> 13:30:35	2	Dec	2001	6	23253	modemcable100.140-200-24.mtl.mc.videotron.ca
> 13:34:06	2	Dec	2001	3	21777	pr7-ts.telepac.pt
> 13:40:12	2	Dec	2001	2	21253	t8o84p88.telia.com
> 13:59:18	2	Dec	2001	2	21253
> dialup-63.214.71.118.dial1.boston1.level3.net
> 14:36:16	2	Dec	2001	3	21801	invdnsmm2.sit.ac.nz
> 14:53:25	2	Dec	2001	2	21253	ipc379a705.dial.wxs.nl
> 15:24:58	2	Dec	2001	2	21253	cx545657-a.vista1.sdca.home.com
> 15:26:17	2	Dec	2001	2	21253	emo.res.cmu.edu
> 15:36:49	2	Dec	2001	2	21253	sdcax57-168.dialup.optusnet.com.au
> 16:03:46	2	Dec	2001	2	21253	213-187-162-164.dd.nextgentel.com
> 16:33:46	2	Dec	2001	2	21253	metc-06-106.rh.ncsu.edu
> 16:35:26	2	Dec	2001	2	21253	dax.kom.tuwien.ac.at
> 16:38:04	2	Dec	2001	2	21253	port54-17-37.adsl.win.co.nz
> 16:40:56	2	Dec	2001	2	21253	cpe0050baab20fc.cpe.net.cable.rogers.com
> 16:49:20	2	Dec	2001	2	21301	145.2-254.110.199.200.telemar.net.br
> 16:53:46	2	Dec	2001	2	21253	luck.canad.ro
> 16:58:35	2	Dec	2001	2	21253	cn794260-a.newcas1.de.home.com
> 17:00:47	2	Dec	2001	2	21253	mkc-65-31-214-214.kc.rr.com
> 17:39:26	2	Dec	2001	2	21253	cal044102.student.utwente.nl
> 17:41:06	2	Dec	2001	5	29826	adsl-83-156-71.mco.bellsouth.net
> 17:41:10	2	Dec	2001	2	21253	niamey.ockers.net
> 18:18:01	2	Dec	2001	3	21801	222.009.dsl.syd.iprimus.net.au
> 18:21:28	2	Dec	2001	2	21253	a143222.upc-a.chello.nl
> 18:57:48	2	Dec	2001	2	21253	242842hfc49.tampabay.rr.com
> 19:12:34	2	Dec	2001	2	21253	ts1-132.f1231.quebectel.com
> 19:26:23	2	Dec	2001	2	21253	cc2111348-a.strhg1.mi.home.com
> 19:27:41	2	Dec	2001	3	21753	max113.ectisp.net
> 19:31:11	2	Dec	2001	2	21253	horus.acceleration.net
> 19:33:25	2	Dec	2001	2	21253	adsl-156-132-43.bgk.bellsouth.net
> 19:49:49	2	Dec	2001	2	21301	freyja.nlanr.net
> 19:55:34	2	Dec	2001	2	21253	rdu162-246-221.nc.rr.com
> 20:13:34	2	Dec	2001	3	21753	cache-har.cableinet.co.uk
> 20:19:38	2	Dec	2001	5	22753	dsl092-166-078.wdc1.dsl.speakeasy.net
> 20:53:39	2	Dec	2001	2	21301	modemcable078.127-201-24.mtl.mc.videotron.ca
> 21:05:12	2	Dec	2001	2	21253	dc1-cache4.syd.dav.net.au
> 21:16:25	2	Dec	2001	2	21301	tc10-12.tc.nd.edu
> 21:47:38	2	Dec	2001	2	21253	wc07.ym.rnc.net.cable.rogers.com
> 22:01:44	2	Dec	2001	2	21253	ip-63.121.203.141.indigital.net
> 23:31:03	2	Dec	2001	2	21277	proxy2.rivrw1.nsw.optushome.com.au
> 23:33:37	2	Dec	2001	2	21253	modemcable057.67-200-24.mtl.mc.videotron.ca
> 23:55:26	2	Dec	2001	2	21301	modemcable215.12-130-66.mtl.mc.videotron.ca
> 
> ---------
> 
> Have I been tried to be hacked, at least for the most part?
> 
> Kevin
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>

More information about the clue-tech mailing list