[nsp-sec] Merak Mail server, TCP/32000 scanning

Yiming Gong yiming.gong at xo.com
Wed Sep 17 13:31:48 EDT 2008 

I took a look at my scan alert table, and the following are all the IPs
which were tagged as big SYN scanner on port 32000 in past 30 days, and
it appears 212.175.229.194 and 62.193.229.149 are also on Jose's list.

+-----------------+---------------------------+--------------+
| sip             | number of scanned targets | scanned port |
+-----------------+---------------------------+--------------+
| 72.55.188.177   |                      9646 | 32000        |
| 216.127.94.94   |                      5170 | 32000        |
| 212.179.112.221 |                      4255 | 32000        |
| 71.40.14.117    |                      3804 | 32000        |
| 65.39.135.245   |                      3613 | 32000        |
| 212.175.229.194 |                      3587 | 32000        |
| 75.125.129.235  |                      2827 | 32000        |
| 62.240.110.196  |                      2769 | 32000        |
| 75.125.185.130  |                      1640 | 32000        |
| 61.62.232.195   |                      1442 | 32000        |
| 210.65.220.250  |                      1391 | 32000        |
| 62.193.229.149  |                      1271 | 32000        |
| 74.55.92.2      |                      1192 | 32000        |
| 64.34.166.25    |                       551 | 32000        |
| 216.185.43.190  |                       262 | 32000        |
+-----------------+---------------------------+--------------+

Regards!

Yiming



Jose Nazario wrote:
> ----------- nsp-security Confidential --------
> 
> hosts that ATLAS has seen scanning on TCP/32000 in the past month,
> ranked by bytes seen from.
> 
> 29255   | 212.24.224.148   | ZAJIL-AS ZAJIL Autonomous Number in Saudi
> Arabia
> 33287   | 74.94.48.97      | DNEO-OSP4 - Comcast Cable Communications, Inc.
> 28963   | 62.193.229.149   | IPNG-UK-AS Amenworld Germany
> 42868   | 91.191.169.108   | NIOBE Niobe Bilisim Backbone AS
> 9121    | 212.175.229.194  | TTNET TTnet Autonomous System
> 4766    | 222.122.20.135   | KIXS-AS-KR Korea Telecom
> 21844   | 74.55.92.2       | THEPLANET-AS - ThePlanet.com Internet
> Services, Inc.
> 6939    | 65.19.131.226    | HURRICANE - Hurricane Electric, Inc.
> 6128    | 67.81.225.110    | CABLE-NET-1 - Cablevision Systems Corp.
> 21844   | 64.246.48.73     | THEPLANET-AS - ThePlanet.com Internet
> Services, Inc.
> 
> that's it.
> 
> -------------------------------------------------------------
> jose nazario, ph.d.     <jose at arbor.net>
> security researcher, office of the CTO,  arbor networks
> v: (734) 821 1427           http://asert.arbornetworks.com/
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________

More information about the nsp-security mailing list