[CLUE-Tech] What would you all make of this?
Mike Staver
staver at fimble.com
Tue Dec 18 16:41:06 MST 2001
Yeah, there are still TONS of hosts scanning, mostly idiots with
webservers running off of cable modems that don't even realize they are
running web servers.
cody at neosolv.net wrote:
>
> Should you have them, the actual log files would probably be more helpful
> in this analysis. There are still tons of hosts out there
> infected/scanning due to code red and nimda, and those add unexpected
> web traffic and log entries. Maybe that's the culprit?
>
> cody
>
> On Mon, 17 Dec 2001, Kevin Cullis wrote:
>
> > Hi all,
> >
> > Here's the stats from my web site, which currently only has a holder
> > page on it, but here's the data from the web stats program:
> >
> > Time Date Month Bytes Hits Bytes Domain
> > 10:35:35 2 Dec 2001 2 21253 konserv.kalatehas.net
> > 10:49:01 2 Dec 2001 2 21253 cpe002078cfbbf0.cpe.net.cable.rogers.com
> > 10:50:39 2 Dec 2001 2 21253 pd90142a9.dip.t-dialin.net
> > 10:51:38 2 Dec 2001 2 21253 atga34eay32ej.bc.hsia.telus.net
> > 11:02:50 2 Dec 2001 2 21253 modemcable023.30-203-24.mtl.mc.videotron.ca
> > 11:04:48 2 Dec 2001 2 21253 adsl-156-210-121.bct.bellsouth.net
> > 11:07:32 2 Dec 2001 2 21253 pec-51-234.tnt8.me2.uunet.de
> > 11:07:48 2 Dec 2001 2 21301 really.badf00d.org
> > 11:11:01 2 Dec 2001 2 21253 h24-64-240-187.cg.shawcable.net
> > 11:12:04 2 Dec 2001 2 21301 cache2.iskon.hr
> > 11:13:32 2 Dec 2001 2 21253 ct819918-c.blmngtn1.in.home.com
> > 11:28:31 2 Dec 2001 2 21253 cpe002078c9a54b.cpe.net.cable.rogers.com
> > 11:30:45 2 Dec 2001 2 21253 adsl-64-164-10-178.dsl.snfc21.pacbell.net
> > 11:31:33 2 Dec 2001 2 21253 ip134-053-218-180.s218.muohio.edu
> > 11:37:51 2 Dec 2001 2 21253 styro.lib.muohio.edu
> > 11:39:26 2 Dec 2001 2 21253 ras17-p76.rvt.netvision.net.il
> > 11:41:57 2 Dec 2001 2 21253 h24-77-109-105.vc.shawcable.net
> > 11:42:17 2 Dec 2001 2 21253 ci1895-a.lxintn1.ky.home.com
> > 11:45:42 2 Dec 2001 2 21253 cj374301-b.indpdnce1.mo.home.com
> > 12:00:16 2 Dec 2001 2 21253
> > dialup-67.25.113.102.dial1.sanjose1.level3.net
> > 12:11:22 2 Dec 2001 5 22643 209-239-217-82.lax.jps.net
> > 12:12:56 2 Dec 2001 2 21277 inktomi1-bre.server.ntl.com
> > 12:13:08 2 Dec 2001 3 21753 s7-236.r1.attbi.com
> > 12:17:49 2 Dec 2001 2 21253 sdn-ar-013mokcitp258.dialsprint.net
> > 12:18:50 2 Dec 2001 2 21301 cc820577-e.hwrd1.md.home.com
> > 12:19:57 2 Dec 2001 2 21301 dsl-213-023-050-174.arcor-ip.net
> > 12:21:15 2 Dec 2001 2 21253 24-216-166-10.hsacorp.net
> > 12:22:14 2 Dec 2001 2 21253 tomas.guldheden.chalmers.se
> > 12:24:23 2 Dec 2001 2 21253 cable-195-162-215-167.upc.chello.be
> > 12:27:17 2 Dec 2001 1 13659 black-sheep.leeds.wwwcache.ja.net
> > 12:27:25 2 Dec 2001 1 7642 olive.ulcc.wwwcache.ja.net
> > 12:31:43 2 Dec 2001 3 21753 ep111.ips.paulbunyan.net
> > 12:33:02 2 Dec 2001 3 21753 adsl-66-72-105-69.dsl.chcgil.ameritech.net
> > 12:41:57 2 Dec 2001 2 21253 ppp-216-63-116-63.dialup.bumttx.swbell.net
> > 12:47:59 2 Dec 2001 2 21253 dynaisdn7-156.knoware.nl
> > 12:51:49 2 Dec 2001 1 13635 ppp-65-90-118-149.mclass.broadwing.net
> > 12:56:48 2 Dec 2001 2 21253 proxy1.meijer.com
> > 12:56:56 2 Dec 2001 2 21253 rdu57-8-204.nc.rr.com
> > 12:58:36 2 Dec 2001 2 21253 adsl-65-69-60-93.dsl.stlsmo.swbell.net
> > 13:02:40 2 Dec 2001 2 21301 adsl-63-202-183-186.dsl.snfc21.pacbell.net
> > 13:30:35 2 Dec 2001 6 23253 modemcable100.140-200-24.mtl.mc.videotron.ca
> > 13:34:06 2 Dec 2001 3 21777 pr7-ts.telepac.pt
> > 13:40:12 2 Dec 2001 2 21253 t8o84p88.telia.com
> > 13:59:18 2 Dec 2001 2 21253
> > dialup-63.214.71.118.dial1.boston1.level3.net
> > 14:36:16 2 Dec 2001 3 21801 invdnsmm2.sit.ac.nz
> > 14:53:25 2 Dec 2001 2 21253 ipc379a705.dial.wxs.nl
> > 15:24:58 2 Dec 2001 2 21253 cx545657-a.vista1.sdca.home.com
> > 15:26:17 2 Dec 2001 2 21253 emo.res.cmu.edu
> > 15:36:49 2 Dec 2001 2 21253 sdcax57-168.dialup.optusnet.com.au
> > 16:03:46 2 Dec 2001 2 21253 213-187-162-164.dd.nextgentel.com
> > 16:33:46 2 Dec 2001 2 21253 metc-06-106.rh.ncsu.edu
> > 16:35:26 2 Dec 2001 2 21253 dax.kom.tuwien.ac.at
> > 16:38:04 2 Dec 2001 2 21253 port54-17-37.adsl.win.co.nz
> > 16:40:56 2 Dec 2001 2 21253 cpe0050baab20fc.cpe.net.cable.rogers.com
> > 16:49:20 2 Dec 2001 2 21301 145.2-254.110.199.200.telemar.net.br
> > 16:53:46 2 Dec 2001 2 21253 luck.canad.ro
> > 16:58:35 2 Dec 2001 2 21253 cn794260-a.newcas1.de.home.com
> > 17:00:47 2 Dec 2001 2 21253 mkc-65-31-214-214.kc.rr.com
> > 17:39:26 2 Dec 2001 2 21253 cal044102.student.utwente.nl
> > 17:41:06 2 Dec 2001 5 29826 adsl-83-156-71.mco.bellsouth.net
> > 17:41:10 2 Dec 2001 2 21253 niamey.ockers.net
> > 18:18:01 2 Dec 2001 3 21801 222.009.dsl.syd.iprimus.net.au
> > 18:21:28 2 Dec 2001 2 21253 a143222.upc-a.chello.nl
> > 18:57:48 2 Dec 2001 2 21253 242842hfc49.tampabay.rr.com
> > 19:12:34 2 Dec 2001 2 21253 ts1-132.f1231.quebectel.com
> > 19:26:23 2 Dec 2001 2 21253 cc2111348-a.strhg1.mi.home.com
> > 19:27:41 2 Dec 2001 3 21753 max113.ectisp.net
> > 19:31:11 2 Dec 2001 2 21253 horus.acceleration.net
> > 19:33:25 2 Dec 2001 2 21253 adsl-156-132-43.bgk.bellsouth.net
> > 19:49:49 2 Dec 2001 2 21301 freyja.nlanr.net
> > 19:55:34 2 Dec 2001 2 21253 rdu162-246-221.nc.rr.com
> > 20:13:34 2 Dec 2001 3 21753 cache-har.cableinet.co.uk
> > 20:19:38 2 Dec 2001 5 22753 dsl092-166-078.wdc1.dsl.speakeasy.net
> > 20:53:39 2 Dec 2001 2 21301 modemcable078.127-201-24.mtl.mc.videotron.ca
> > 21:05:12 2 Dec 2001 2 21253 dc1-cache4.syd.dav.net.au
> > 21:16:25 2 Dec 2001 2 21301 tc10-12.tc.nd.edu
> > 21:47:38 2 Dec 2001 2 21253 wc07.ym.rnc.net.cable.rogers.com
> > 22:01:44 2 Dec 2001 2 21253 ip-63.121.203.141.indigital.net
> > 23:31:03 2 Dec 2001 2 21277 proxy2.rivrw1.nsw.optushome.com.au
> > 23:33:37 2 Dec 2001 2 21253 modemcable057.67-200-24.mtl.mc.videotron.ca
> > 23:55:26 2 Dec 2001 2 21301 modemcable215.12-130-66.mtl.mc.videotron.ca
> >
> > ---------
> >
> > Have I been tried to be hacked, at least for the most part?
> >
> > Kevin
> > _______________________________________________
> > CLUE-Tech mailing list
> > CLUE-Tech at clue.denver.co.us
> > http://clue.denver.co.us/mailman/listinfo/clue-tech
> >
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
http://www.fimble.com/staver
More information about the clue-tech
mailing list