[nsp-sec] ACK 2828 ATLAS identified SSH brute forcers
Yiming Gong
yiming.gong at xo.com
Mon Oct 6 09:46:15 EDT 2008
sent the following IPs to our abuse team, thanks!
2828 | 199.125.184.68 | US | XO-AS15 - XO Communications
2828 | 67.152.82.140 | US | XO-AS15 - XO Communications
Regards!
Yiming
Jose Nazario wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> from the past 24h (sorry no timestamps), sorted by ASN.
>
> Bulk mode; whois.cymru.com [2008-10-03 23:37:32 +0000]
> 209 | 67.130.150.4 | US | ASN-QWEST - Qwest Communications
> Corporation
> 1239 | 65.76.247.230 | US | SPRINTLINK - Sprint
> 1659 | 163.27.218.65 | TW | ERX-TANET-ASN1 Tiawan Academic Network
> (TANet) Information Center
> 1785 | 209.252.127.2 | US | AS-PAETEC-NET - PaeTec Communications,
> Inc.
> 1785 | 216.64.71.227 | US | AS-PAETEC-NET - PaeTec Communications,
> Inc.
> 2519 | 116.58.176.126 | JP | VECTANT VECTANT Ltd.
> 2611 | 193.190.117.236 | BE | BELNET BELNET Autonomous System
> 2819 | 194.213.34.10 | CZ | GTSCZ GTS NOVERA (GTS CZ)
> 2828 | 199.125.184.68 | US | XO-AS15 - XO Communications
> 2828 | 67.152.82.140 | US | XO-AS15 - XO Communications
> 2878 | 92.252.154.126 | RU | MVC-AS VolgaTelecom Ulyanovsk branch
> autonomous system
> 3215 | 217.128.11.25 | FR | AS3215 France Telecom - Orange
> 3269 | 82.63.162.187 | IT | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 88.40.238.138 | IT | ASN-IBSNAZ TELECOM ITALIA
> 3301 | 213.180.84.221 | SE | TELIANET-SWEDEN TeliaNet Sweden
> 3561 | 165.193.24.212 | US | SAVVIS - Savvis
> 3561 | 165.193.24.215 | US | SAVVIS - Savvis
> 3561 | 64.41.168.251 | US | SAVVIS - Savvis
> 3595 | 207.210.78.184 | US | GNAXNET-AS - Global Net Access, LLC
> 3661 | 137.189.34.66 | HK | ERX-CUHKNET The Chinese University of
> Hong Kong
> 3741 | 196.212.80.174 | ZA | IS
> 3741 | 196.35.169.178 | ZA | IS
> 3786 | 211.115.80.33 | KR | LGDACOM LG DACOM Corporation
> 3786 | 211.53.208.34 | KR | LGDACOM LG DACOM Corporation
> 4134 | 116.10.195.218 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 116.52.147.246 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 122.224.226.132 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 202.102.63.162 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 218.19.140.21 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 218.20.188.141 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 218.22.27.132 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 218.87.16.140 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 222.215.119.33 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 58.210.237.107 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 58.211.139.57 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 61.184.136.12 | CN | CHINANET-BACKBONE No.31,Jin-rong Street
> 4323 | 66.162.4.54 | US | TWTC - tw telecom holdings, inc.
> 4515 | 202.82.197.62 | HK | ERX-STAR Star Internet Services Ltd.
> 4515 | 202.82.202.142 | HK | ERX-STAR Star Internet Services Ltd.
> 4515 | 210.176.26.185 | HK | ERX-STAR Star Internet Services Ltd.
> 4538 | 202.120.80.222 | CN | ERX-CERNET-BKB China Education and
> Research Network Center
> 4538 | 202.201.0.246 | CN | ERX-CERNET-BKB China Education and
> Research Network Center
> 4538 | 210.34.14.211 | CN | ERX-CERNET-BKB China Education and
> Research Network Center
> 4621 | 202.28.123.253 | TH | UNSPECIFIED UNINET-TH
> 4670 | 202.30.198.49 | KR | HYUNDAI-KR Shinbiro
> 4670 | 58.180.32.36 | KR | HYUNDAI-KR Shinbiro
> 4713 | 222.151.71.130 | JP | OCN NTT Communications Corporation
> 4713 | 61.199.196.219 | JP | OCN NTT Communications Corporation
> 4716 | 210.255.209.55 | JP | POWEREDCOM KDDI Corporation
> 4755 | 203.200.95.133 | IN | TATACOMM-AS TATA Communications
> formerly VSNL is Leading ISP
> 4766 | 125.141.145.145 | KR | KIXS-AS-KR Korea Telecom
> 4766 | 218.149.85.17 | KR | KIXS-AS-KR Korea Telecom
> 4766 | 220.86.211.240 | KR | KIXS-AS-KR Korea Telecom
> 4766 | 221.144.12.121 | KR | KIXS-AS-KR Korea Telecom
> 4775 | 203.177.131.37 | PH | GLOBE-TELECOM-AS Globe Telecom, Inc.
> 4788 | 60.49.12.1 | MY | TMNET-AS-AP TM Net, Internet Service
> Provider
> 4788 | 60.53.138.74 | MY | TMNET-AS-AP TM Net, Internet Service
> Provider
> 4788 | 60.54.36.88 | MY | TMNET-AS-AP TM Net, Internet Service
> Provider
> 4802 | 203.59.134.36 | AU | ASN-IINET iiNet Limited
> 4808 | 121.52.209.78 | CN | CHINA169-BJ CNCGROUP IP network
> China169 Beijing Province Network
> 4808 | 61.50.219.244 | CN | CHINA169-BJ CNCGROUP IP network
> China169 Beijing Province Network
> 4808 | 61.50.219.245 | CN | CHINA169-BJ CNCGROUP IP network
> China169 Beijing Province Network
> 4812 | 116.228.51.109 | CN | CHINANET-SH-AP China Telecom (Group)
> 4812 | 222.73.0.101 | CN | CHINANET-SH-AP China Telecom (Group)
> 4835 | 117.34.70.106 | CN | CHINANET-IDC-SN China Telecom (Group)
> 4837 | 125.46.36.89 | CN | CHINA169-BACKBONE CNCGROUP China169
> Backbone
> 4837 | 202.99.122.132 | CN | CHINA169-BACKBONE CNCGROUP China169
> Backbone
> 4837 | 202.99.122.136 | CN | CHINA169-BACKBONE CNCGROUP China169
> Backbone
> 4837 | 218.25.54.152 | CN | CHINA169-BACKBONE CNCGROUP China169
> Backbone
> 4837 | 218.28.4.61 | CN | CHINA169-BACKBONE CNCGROUP China169
> Backbone
> 4837 | 221.192.132.47 | CN | CHINA169-BACKBONE CNCGROUP China169
> Backbone
> 4837 | 221.6.33.218 | CN | CHINA169-BACKBONE CNCGROUP China169
> Backbone
> 4837 | 58.244.204.88 | CN | CHINA169-BACKBONE CNCGROUP China169
> Backbone
> 4837 | 61.168.222.136 | CN | CHINA169-BACKBONE CNCGROUP China169
> Backbone
> 4847 | 219.232.41.149 | CN | CNIX-AP China Networks Inter-Exchange
> 4847 | 59.108.230.182 | CN | CNIX-AP China Networks Inter-Exchange
> 5396 | 84.253.142.219 | IT | MC-link Spa
> 5416 | 77.69.240.200 | BH | BATELCO-BH
> 5617 | 83.13.4.59 | PL | TPNET Polish Telecom_s commercial IP
> network
> 5617 | 83.18.233.221 | PL | TPNET Polish Telecom_s commercial IP
> network
> 6429 | 200.27.104.99 | CL | Telmex Chile Internet S.A.
> 6429 | 200.27.109.99 | CL | Telmex Chile Internet S.A.
> 6458 | 190.56.167.198 | GT | Telgua
> 6503 | 148.243.165.6 | MX | Avantel, S.A.
> 6503 | 148.245.173.248 | MX | Avantel, S.A.
> 6830 | 213.47.4.252 | AT | UPC UPC Broadband
> 7004 | 200.91.25.227 | CL | CTC Transmisiones Regionales S.A.
> 7530 | 210.231.212.101 | JP | IRI Internet Research Institute, Inc.
> 7629 | 203.131.125.60 | PH | INFOCOM-AS-AP INFOCOM Technologies, Inc.
> 8167 | 189.10.167.35 | BR | TELESC - Telecomunicacoes de Santa
> Catarina SA
> 8167 | 189.73.63.76 | BR | TELESC - Telecomunicacoes de Santa
> Catarina SA
> 8220 | 80.169.193.69 | GB | COLT COLT Telecommunications
> 8560 | 217.160.171.193 | DE | ONEANDONE-AS 1&1 Internet AG
> 8560 | 74.208.46.187 | US | ONEANDONE-AS 1&1 Internet AG
> 9308 | 211.151.46.252 | CN | CHINA-ABITCOOL Abitcool(China) Inc.
> 9308 | 58.83.131.68 | CN | CHINA-ABITCOOL Abitcool(China) Inc.
> 9318 | 211.206.123.172 | KR | HANARO-AS Hanaro Telecom Inc.
> 9370 | 202.222.17.118 | JP | SAKURA-B SAKURA Internet Inc.
> 9370 | 59.106.15.112 | JP | SAKURA-B SAKURA Internet Inc.
> 9371 | 210.188.207.9 | JP | SAKURA-C SAKURA Internet Inc.
> 9498 | 61.246.218.71 | IN | BBIL-AP BHARTI Airtel Ltd.
> 9800 | 61.240.238.204 | CN | UNICOM CHINA UNICOM
> 9976 | 211.112.95.8 | KR | ICNDP-AS-KR Korea Cable TV NamIncheon
> Broadcasting.co.ltd
> 9976 | 211.235.32.124 | KR | ICNDP-AS-KR Korea Cable TV NamIncheon
> Broadcasting.co.ltd
> 10024 | 203.92.78.38 | SG | LGA-AS-SG-AP LGA International
> 10077 | 202.56.120.147 | IN | HCL-INFINET-AS-1 HCL Infinet Limited
> 11426 | 24.106.214.146 | US | SCRR-11426 - Road Runner HoldCo LLC
> 11751 | 200.14.32.4 | BR | ICEP - INSTITUTO CYBER DE ENSINO E
> PESQUISA
> 11830 | 201.198.135.134 | CR | Instituto Costarricense de
> Electricidad y Telecom.
> 12322 | 88.191.92.121 | FR | PROXAD AS for Proxad/Free ISP
> 12357 | 217.130.107.144 | ES | COMUNITEL Comunitel Global Autonomous
> System
> 12452 | 194.6.223.243 | RU | PROVRU AS for Prov.RU
> 12615 | 78.108.248.18 | BG | GCN-AS GCN Bulgaria AS
> 12874 | 89.97.55.57 | IT | FASTWEB Fastweb Autonomous System
> 12883 | 213.130.28.24 | UA | FARLEP-AS Farlep-Internet ISP
> 13127 | 62.58.98.210 | NL | VERSATEL AS for the Trans-European
> Versatel IP Transport backbone
> 13213 | 83.170.115.113 | GB | UK2NET-AS UK-2 Ltd Autonomous System
> 13489 | 201.236.221.82 | CO | ORBITEL S.A. E.S.P.
> 13601 | 66.132.228.161 | US | ASN-INNERHOST - Peer 1 Dedicated Hosting
> 13768 | 72.51.35.218 | US | PEER1 - Peer 1 Network Inc.
> 14000 | 201.158.150.180 | MX | AXTEL, S.A. de C.V.
> 14259 | 200.75.13.38 | CL | Gtd Internet S.A.
> 15311 | 200.54.168.210 | CL | Telefonica Empresas
> 16047 | 194.9.69.61 | UA | MICROSYSTEM-AS JV Microsystem
> 16095 | 81.7.189.56 | DK | JAYNET jay.net a/s
> 17379 | 201.70.20.74 | BR | Intelig Telecomunica Ltda
> 17431 | 218.97.158.10 | CN | TONET Beijing TONEK Information
> Technology Development Company
> 17565 | 58.64.22.46 | TH | ADC-BUDDYB-AS Advance Datanetwork
> Communications Co.,Ltd. BuddyB service. Bangkok
> 17621 | 58.246.200.130 | CN | CNCGROUP-SH CNCGROUP IP network of
> Shanghai region MAN network
> 17770 | 202.124.176.227 | LK | SUNTEL-WOW Suntel Limited
> 17820 | 203.196.189.152 | IN | DIL-AP DIRECT INTERNET LTD.
> 17895 | 202.124.135.200 | PH | GLOBALREACH-AP Globalreach eBusiness
> Networks, Inc.
> 17964 | 218.249.201.2 | CN | DXTNET Beijing Dian-Xin-Tong Network
> Technologies Co., Ltd.
> 18239 | 210.75.208.10 | CN | CAPNET-AS-AP Beijing Capital Public
> Information Platform
> 18239 | 218.246.95.243 | CN | CAPNET-AS-AP Beijing Capital Public
> Information Platform
> 18239 | 218.246.95.244 | CN | CAPNET-AS-AP Beijing Capital Public
> Information Platform
> 18239 | 218.246.95.245 | CN | CAPNET-AS-AP Beijing Capital Public
> Information Platform
> 18239 | 218.246.95.246 | CN | CAPNET-AS-AP Beijing Capital Public
> Information Platform
> 18391 | 202.52.88.73 | SG | ISECUREP-AS-SG-AP ISecureP Holdings
> Pte Ltd
> 18503 | 63.113.54.120 | US | LOGICSOUTH - LogicSouth, Inc.
> 19291 | 66.179.71.145 | US | INFLOW19291 - Inflow Inc.
> 19400 | 167.236.0.80 | US | SPX-CORP-AS - SPX Corporation
> 19916 | 69.94.26.20 | US | ASTRUM-0001 - OLM LLC
> 20312 | 150.188.32.26 | VE | Centro Nacional de TecnologÃas de
> Información (CNTI)
> 20312 | 150.188.32.28 | VE | Centro Nacional de TecnologÃas de
> Información (CNTI)
> 20857 | 87.253.156.90 | NL | TRANSIP-AS TransIP BV
> 20876 | 80.72.89.93 | BG | EVRO-AS EVRO.NET
> 21229 | 80.95.75.141 | HU | TVNETWORK-AS TVNETWORK
> 21844 | 66.98.162.53 | US | THEPLANET-AS - ThePlanet.com Internet
> Services, Inc.
> 21844 | 66.98.252.49 | US | THEPLANET-AS - ThePlanet.com Internet
> Services, Inc.
> 21844 | 75.125.45.178 | US | THEPLANET-AS - ThePlanet.com Internet
> Services, Inc.
> 22047 | 200.104.90.58 | CL | VTR BANDA ANCHA S.A.
> 22724 | 200.105.238.234 | EC | PUNTONET S.A.
> 22773 | 98.168.250.229 | US | CCINET-2 - Cox Communications Inc.
> 24186 | 203.153.36.252 | IN | RAILTEL-AS-IN RailTel Corporation of
> India Ltd., Internet Service Provider, New Delhi
> 24282 | 203.142.195.73 | JP | KIR Kagoya Japan CO,LTD
> 24445 | 218.206.203.109 | CN | CMNET-V4HENAN-AS-AP Henan Mobile
> Communications Co.,Ltd
> 25904 | 24.249.83.2 | US | GULFCOAST - Cox Communications
> (CBS-Gulf-Coast)
> 26554 | 74.204.43.74 | US | US-SIGNAL - US Signal Corporation
> 26895 | 208.96.198.199 | US | CIMCO1 - CIMCO Communications, Inc.
> 27650 | 200.30.71.106 | CO | EMTEL S.A. E.S.P.
> 27699 | 189.19.0.131 | BR | TELECOMUNICACOES DE SAO PAULO S/A -
> TELESP
> 27699 | 200.232.164.89 | BR | TELECOMUNICACOES DE SAO PAULO S/A -
> TELESP
> 27845 | 190.6.166.84 | CO | Empresa Regional de Telecomunicaciones
> 28184 | 189.89.49.61 | BR |
> 29513 | 217.64.60.206 | FR | INITIALSONLINE Initial_s Online limited
> 30008 | 69.162.121.182 | US | COLOGUYS - ColoGuys
> 30513 | 204.8.46.244 | US | DYNAMIC-INTERNET - DYNAMIC INTERNET
> 31291 | 85.11.163.76 | BG | SKKNET-AS SKKNET LTD
> 31549 | 84.241.40.191 | IR | RASANA Aria Rasana Tadbir
> 32613 | 64.15.155.170 | CA | IWEB-AS - iWeb Technologies Inc.
> 33481 | 216.195.98.174 | US | BELWAVE-COMMUNICATIONS - BELWAVE
> COMMUNICATIONS
> 33490 | 76.27.247.140 | US | DNEO-OSP5 - Comcast Cable
> Communications, Inc.
> 33651 | 98.207.110.84 | US | DNEO-OSP7 - Comcast Cable
> Communications, Inc.
> 35612 | 88.149.158.70 | IT | NGI-AS NGI Spa
> 35916 | 204.15.73.116 | US | MULTA-ASN1 - MULTACOM CORPORATION
> 38356 | 121.52.209.78 | CN | TIMENET BeiJing Sincerity-times
> Network Technology Project Ltd.
> 39324 | 81.22.247.204 | FI | MEDIAM-AS Mediam Oy Autonomous System
> 39324 | 81.22.247.214 | FI | MEDIAM-AS Mediam Oy Autonomous System
> 39616 | 81.29.145.3 | CH | SWITCHWARD-AS Switchward LTD London
> 41126 | 89.111.180.179 | RU | CENTROHOST-AS JSC Centrohost
> 42237 | 89.248.108.162 | ES | INTERDOMINIOS Grupo Interdominios S.A.
> 43260 | 89.107.228.234 | TR | DGN DGN Teknoloji
> 44877 | 79.99.248.4 | JO | MAXIMALI-AS Vtel-Georgia
> 45223 | 202.44.53.70 | TH | WIN-AS-TH-AP World Internetwork
> Co.,Ltd , Thailand.
>
>
> -------------------------------------------------------------
> jose nazario, ph.d. <jose at arbor.net> security researcher, office of
> the CTO, arbor networks
> v: (734) 821 1427 http://asert.arbornetworks.com/
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list