[nsp-sec] Slow distributed SSH scan, list of IPs
Keith Schoenefeld
keith at schoenefeld.org
Fri Oct 30 09:27:51 EDT 2009
We had three taking part from AS38:
130.126.240.110
128.174.245.212
128.174.245.193
I haven't looked at the actual machines yet, but network data
indicates that they were all brute forced from 210.48.229.161
(210.48.229.161.static.zoot.jp) yesterday morning:
AS | IP | AS Name
2519 | 210.48.229.161 | VECTANT VECTANT Ltd.
-- KS
On Fri, Oct 30, 2009 at 7:22 AM, Kurt Jaeger <pi at nepustil.net> wrote:
> ----------- nsp-security Confidential --------
>
> Hi!
>
> Those hosts (and probably many more) are tacking part in a slow
> distributed SSH scan.
>
> Thanks for stomping them 8-}
>
> 81 | 198.85.237.251 | NCREN - MCNC
> 553 | 134.60.51.201 | BELWUE Landeshochschulnetz Baden-Wuerttemberg (BelWue)
> 559 | 147.88.216.3 | SWITCH SWITCH, Swiss Education and Research Network
> 701 | 65.203.97.98 | UUNET - MCI Communications Services, Inc. d/b/a Verizon Business
> 766 | 130.206.134.159 | REDIRIS RedIRIS Autonomous System
> 1221 | 203.58.188.17 | ASN-TELSTRA Telstra Pty Ltd
> 1790 | 65.171.232.106 | Sprint US
> 2200 | 193.48.225.253 | FR-RENATER Reseau National de telecommunications pour la Technologie
> 2500 | 203.178.135.60 | WIDE-BB WIDE Project
> 2611 | 164.15.44.45 | BELNET AS for BELNET, The Belgian National Research and Education Network
> 2698 | 205.237.127.180 | IASTATE-AS - Iowa State University
> 2819 | 195.39.14.210 | GTSCZ GTS NOVERA (GTS CZ)
> 2848 | 195.208.220.66 | MSU Moscow State University
> 2852 | 195.113.167.58 | CESNET2 CESNET, z.s.p.o.
> 2900 | 149.169.227.81 | WN-AZ-AS - Arizona Tri University Network
> 3209 | 88.64.168.53 | VODANET International IP-Backbone of Vodafone
> 3209 | 88.79.117.254 | VODANET International IP-Backbone of Vodafone
> 3215 | 217.128.75.167 | AS3215 France Telecom - Orange
> 3239 | 212.57.145.150 | RU-SURNET Uralsvyazinform, Chelyabinsk branch
> 3269 | 217.56.120.122 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 79.5.20.186 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 95.224.183.23 | ASN-IBSNAZ TELECOM ITALIA
> 3303 | 212.243.41.9 | SWISSCOM Swisscom (Switzerland) Ltd
> 3352 | 213.4.34.168 | TELEFONICA-DATA-ESPANA TELEFONICA DE ESPANA
> 3551 | 168.77.2.12 | Universidad Tecnologica de Panama
> 3551 | 168.77.2.15 | Universidad Tecnologica de Panama
> 3551 | 168.77.2.16 | Universidad Tecnologica de Panama
> 3701 | 140.211.11.40 | SAFARICOM Safaricom
> 3741 | 196.211.112.186 | IS
> 3741 | 212.22.160.38 | IS
> 3758 | 58.185.182.212 | ERX-SINGNET SingNet
> 3790 | 190.10.19.66 | RADIGRAFICA COSTARRICENSE
> 3816 | 190.69.241.106 | COLOMBIA TELECOMUNICACIONES S.A. ESP
> 3816 | 190.69.248.110 | COLOMBIA TELECOMUNICACIONES S.A. ESP
> 3900 | 206.127.26.158 | TEXASNET-ASN - Yokubaitis Holding Corporation
> 4134 | 115.168.70.179 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 119.146.160.134 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 125.71.206.102 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 125.88.122.71 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 218.17.55.166 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 218.17.55.167 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 218.30.57.219 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 220.162.241.11 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 222.210.17.151 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 58.60.106.121 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 59.40.185.215 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 61.131.208.44 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 61.178.24.107 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 61.191.40.57 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4181 | 69.129.84.242 | TDS-AS - TDS TELECOM
> 4230 | 200.252.244.203 | Embratel
> 4230 | 201.73.53.133 | Embratel
> 4766 | 118.32.11.247 | KIXS-AS-KR Korea Telecom
> 4766 | 59.17.234.34 | KIXS-AS-KR Korea Telecom
> 4766 | 61.74.75.60 | KIXS-AS-KR Korea Telecom
> 4766 | 61.74.75.61 | KIXS-AS-KR Korea Telecom
> 4788 | 219.95.175.173 | TMNET-AS-AP TM Net, Internet Service Provider
> 4808 | 124.65.184.14 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network
> 4812 | 61.172.200.198 | CHINANET-SH-AP China Telecom (Group)
> 4837 | 113.57.255.2 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 113.57.255.3 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 118.212.186.59 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 119.113.2.7 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 119.255.15.56 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 119.62.128.19 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 119.62.128.29 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 121.31.254.31 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 121.31.254.33 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 121.31.254.52 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 123.147.128.3 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 123.147.128.69 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 123.147.128.9 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 123.147.144.149 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 221.13.79.29 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 221.214.8.26 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 221.3.232.201 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 221.6.14.108 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 221.7.58.36 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 221.7.58.37 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 5387 | 84.237.119.29 | NSC Akademgorodok Internet Project
> 5610 | 90.182.48.56 | TO2-CZECH-REPUBLIC Telefonica O2, Czech Republic
> 6057 | 200.40.80.34 | Administracion Nacional de Telecomunicaciones
> 6147 | 190.41.19.161 | Telefonica del Peru S.A.A.
> 6315 | 166.70.99.194 | XMISSION - XMission, L.C.
> 6407 | 216.254.186.10 | PRIMUS-AS6407 - Primus Telecommunications Canada Inc.
> 6429 | 190.54.35.179 | Telmex Chile Internet S.A.
> 6471 | 200.111.13.242 | ENTEL CHILE S.A.
> 6471 | 200.111.188.178 | ENTEL CHILE S.A.
> 6724 | 85.214.128.163 | STRATO Strato AG
> 6724 | 85.214.45.18 | STRATO Strato AG
> 6724 | 85.214.51.49 | STRATO Strato AG
> 6724 | 85.214.66.160 | STRATO Strato AG
> 6724 | 85.214.95.191 | STRATO Strato AG
> 6830 | 213.47.68.11 | UPC UPC Broadband
> 6830 | 62.178.48.215 | UPC UPC Broadband
> 6830 | 80.98.254.243 | UPC UPC Broadband
> 6830 | 89.176.78.248 | UPC UPC Broadband
> 6849 | 82.207.102.225 | UKRTELNET JSC UKRTELECOM,
> 6849 | 82.207.106.77 | UKRTELNET JSC UKRTELECOM,
> 6867 | 147.52.242.39 | UCNET University of Crete
> 7015 | 75.147.27.85 | COMCAST-7015 - Comcast Cable Communications Holdings, Inc
> 7065 | 208.106.122.45 | SONOMA - Sonoma Interconnect
> 7132 | 66.141.50.26 | SBIS-AS - AT&T Internet Services
> 7132 | 75.1.218.106 | SBIS-AS - AT&T Internet Services
> 7132 | 99.22.236.1 | SBIS-AS - AT&T Internet Services
> 7151 | 209.128.108.123 | BAYAREA-AS - Bay Area Internet Solutions
> 7303 | 190.227.163.194 | Telecom Argentina S.A.
> 7303 | 200.71.236.131 | Telecom Argentina S.A.
> 7693 | 58.181.152.99 | COMNET-TH KSC Commercial Internet Co. Ltd.
> 7725 | 69.245.18.75 | COMCAST-7725 - Comcast Cable Communications Holdings, Inc
> 7725 | 71.199.176.82 | COMCAST-7725 - Comcast Cable Communications Holdings, Inc
> 7738 | 200.164.73.69 | Telecomunicacoes da Bahia S.A.
> 7843 | 64.183.168.162 | ADELPHIA-AS - Road Runner HoldCo LLC
> 8048 | 201.208.186.65 | CANTV Servicios, Venezuela
> 8048 | 201.248.48.195 | CANTV Servicios, Venezuela
> 8167 | 189.74.148.43 | TELESC - Telecomunicacoes de Santa Catarina SA
> 8167 | 200.181.165.133 | TELESC - Telecomunicacoes de Santa Catarina SA
> 8167 | 201.41.58.250 | TELESC - Telecomunicacoes de Santa Catarina SA
> 8190 | 135.196.243.201 | VIATEL Viatel European Backbone
> 8220 | 80.169.105.159 | COLT COLT Telecommunications
> 8404 | 80.218.173.8 | CABLECOM Cablecom GmbH
> 8404 | 80.219.209.135 | CABLECOM Cablecom GmbH
> 8437 | 62.218.145.182 | UTA-AS UTA.AT Backbone
> 8513 | 217.194.137.26 | SKYVISION SkyVision Network Services
> 8514 | 83.64.192.111 | INODE UPC Austria GmbH
> 8527 | 212.37.215.211 | INTERNETFR Internet Fr AS www.internet-fr.net (France)
> 8560 | 87.106.16.3 | ONEANDONE-AS 1&1 Internet AG
> 8560 | 87.106.184.136 | ONEANDONE-AS 1&1 Internet AG
> 8708 | 86.123.81.162 | RDSNET RCS & RDS S.A.
> 8767 | 62.245.152.237 | MNET-AS M-net AS
> 8968 | 213.217.182.225 | BT-ITALIA BT Italia (formerly Albacom) AS
> 8968 | 217.220.124.90 | BT-ITALIA BT Italia (formerly Albacom) AS
> 9112 | 150.254.166.189 | POZMAN-EDU
> 9121 | 212.175.47.29 | TTNET TTnet Autonomous System
> 9584 | 219.90.117.126 | GENESIS-AP Diyixian.com Limited
> 9800 | 220.199.6.85 | UNICOM CHINA UNICOM
> 9808 | 211.138.241.156 | CMNET-GD Guangdong Mobile Communication Co.Ltd.
> 9808 | 218.200.227.140 | CMNET-GD Guangdong Mobile Communication Co.Ltd.
> 10586 | 168.234.190.182 | OSI de Guatemala
> 10586 | 168.234.196.100 | OSI de Guatemala
> 10697 | 200.50.167.22 | Interlink S.R.L.
> 10881 | 200.17.223.202 | Universidade Federal do Parana
> 10933 | 72.44.179.26 | ATXNET-AS - ATX Telecommunications Services
> 11172 | 200.76.182.28 | Alestra
> 11426 | 71.71.245.150 | SCRR-11426 - Road Runner HoldCo LLC
> 11456 | 209.248.216.2 | NUVOX - NuVox Communications, Inc.
> 11664 | 190.3.107.130 | Techtel LMDS Comunicaciones Interactivas S.A.
> 12127 | 66.201.160.200 | Telefonica Moviles El Salvador S.A. de C.V.
> 12301 | 213.163.13.153 | INVITEL Invitel, Hungary
> 12332 | 77.34.4.178 | PRIMORYE-AS Far East Telecommunications Company
> 12353 | 77.54.87.98 | VODAFONE-PT Vodafone Portugal
> 12491 | 81.199.1.17 | IPPLANET-AS Gilat Satcom
> 12491 | 81.199.47.9 | IPPLANET-AS Gilat Satcom
> 12874 | 83.103.96.33 | FASTWEB Fastweb Autonomous System
> 12874 | 89.96.140.154 | FASTWEB Fastweb Autonomous System
> 12880 | 78.38.243.135 | DCI-AS DCI Autonomous System
> 13343 | 65.33.2.11 | SCRR-13343 - Road Runner HoldCo LLC
> 13367 | 76.17.182.127 | COMCAST-13367 - Comcast Cable Communications Holdings, Inc
> 14080 | 190.144.61.42 | Telmex Colombia S.A.
> 15366 | 217.70.139.42 | DNSNET DNS:NET GmbH & 1st communications GmbH Autonomous System
> 15802 | 80.227.150.70 | DU-AS1 Emirates Integrated Telecommunications Company PJSC (EITC-DU)
> 16422 | 66.178.48.195 | NEWSKIES-NETWORKS - New Skies Satellites, Inc.
> 16422 | 66.178.48.196 | NEWSKIES-NETWORKS - New Skies Satellites, Inc.
> 16814 | 200.68.120.101 | NSS S.A.
> 17666 | 202.9.107.106 | FREENET-MY-AS Free Net Business Solutions Sdn Bhd
> 17771 | 202.63.107.75 | SOUTHONLINE-AS-AP Southern Online Bio Technologies Limited
> 17849 | 121.200.67.50 | GINAMHANVIT-AS-KR hanvit ginam broadcasting comm.
> 17897 | 219.147.255.244 | CHINATELECOM-HLJ-AS-AP asn for Heilongjiang Provincial Net of CT
> 17964 | 168.160.249.216 | DXTNET Beijing Dian-Xin-Tong Network Technologies Co., Ltd.
> 18177 | 140.116.2.172 | NCKU-TW National Cheng Kung University
> 18881 | 201.22.164.37 | Global Village Telecom
> 18881 | 201.22.74.167 | Global Village Telecom
> 18881 | 201.47.63.154 | Global Village Telecom
> 19182 | 201.87.123.95 | Rede Ajato Ltda
> 19262 | 71.242.245.111 | VZGNI-TRANSIT - Verizon Internet Services Inc.
> 19262 | 96.250.103.91 | VZGNI-TRANSIT - Verizon Internet Services Inc.
> 19429 | 190.24.218.233 | ETB - Colombia
> 19429 | 201.245.114.222 | ETB - Colombia
> 20115 | 66.190.229.78 | CHARTER-NET-HKY-NC - Charter Communications
> 20773 | 87.230.11.201 | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
> 20773 | 87.230.78.177 | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
> 20825 | 95.222.165.23 | UNITYMEDIA Unitymedia NRW GmbH
> 20842 | 81.22.197.69 | FORMULAPLUS-AS Formula+ AS
> 20960 | 94.40.26.66 | TKTELEKOM-AS Telekomunikacja Kolejowa is an ISP operating in Poland
> 21309 | 77.89.22.56 | CASAWEB-AS ACANTHO SPA
> 23148 | 66.165.162.246 | TERREMARK Terremark
> 23498 | 69.77.184.20 | CDSI - Cogeco Data Services Inc.
> 24989 | 88.84.145.126 | IXEUROPE-DE-FRANKFURT-ASN IX Europe Germany AS
> 25525 | 213.189.21.153 | REASONNET-AS Reasonnet IP Networks B.V. number
> 27699 | 189.111.194.117 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
> 27699 | 189.111.232.230 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
> 27699 | 189.19.23.189 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
> 27699 | 201.26.169.150 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
> 28053 | 200.89.88.51 | ONEMAX S.A.
> 28290 | 189.36.243.30 | WB LINK Tecnologia e Comunicacao Ltda
> 28349 | 189.51.143.37 |
> 28573 | 189.100.162.125 | NET Servicos de Comunicao S.A.
> 28573 | 201.82.225.140 | NET Servicos de Comunicao S.A.
> 28634 | 201.62.79.32 | Life Servicos de Comunicacao Multimidia Ltda.
> 28668 | 189.50.111.5 | Silva e Silveira Provedor de Internet Ltda
> 28717 | 78.111.169.241 | ZENSYSTEMS-AS Zen Systems
> 29208 | 213.151.76.194 | DIALTELECOM-AS Dial Telecom, a.s.
> 32829 | 205.215.243.36 | PORT-NETWORKS-BALTIMORE - Port Networks, LLC
> 33491 | 75.149.75.118 | COMCAST-33491 - Comcast Cable Communications, Inc.
> 33657 | 69.255.225.39 | CMCS - Comcast Cable Communications, Inc.
> 33657 | 98.218.119.237 | CMCS - Comcast Cable Communications, Inc.
> 33662 | 74.95.221.229 | CMCS - Comcast Cable Communications, Inc.
> 33662 | 98.198.132.7 | CMCS - Comcast Cable Communications, Inc.
> 34301 | 195.242.89.99 | KFNETRO KFNET Romania
> 34692 | 80.78.144.43 | FREEBONE-CZ ASN for FREEBONE.CZ
> 36351 | 67.228.229.62 | SOFTLAYER - SoftLayer Technologies Inc.
> 36375 | 141.212.108.169 | UMICH-AS-5 - University of Michigan
> 39246 | 77.78.143.96 | LIULINNET Liulin Net Internet Services Network
> 39642 | 78.157.98.141 | DK-ESS-AS ESS Bredbaand A/S
> 45753 | 123.108.111.34 | NETSEC-HK Unit 1205-1207
>
> --
> MfG/Best regards, Kurt Jaeger 11 years to go !
> Dr.-Ing. Nepustil & Co. GmbH fon +49 7123 93006-0 pi at nepustil.net
> Rathausstr. 3 fax +49 7123 93006-99
> 72658 Bempflingen mob +49 171 3101372
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list