[nsp-sec] anyone got anything for 71.5.250.88
jose nazario
jose at arbor.net
Tue May 25 13:11:33 EDT 2010
On May 25, 2010, at 1:08 PM, Yiming Gong wrote:
> Anyone has anything for ip 71.5.250.88? We are having some
> interesting conversation with the customer behind it and we need
> some more evidence, thanks
via ATLAS some TCP/445 scan activity.
scan [{u'src': u'71.5.250.88', u'dport': u'445', u'proto': u'6',
u'cc': u'US', u'bytes': u'288', u'start': u'1274222400', u'pkts':
u'6', u'asn': u'2828'}, {u'src': u'71.5.250.88', u'dport': u'445',
u'proto': u'6', u'cc': u'US', u'bytes': u'336', u'start':
u'1274279700', u'pkts': u'7', u'asn': u'2828'}, {u'src':
u'71.5.250.88', u'dport': u'445', u'proto': u'6', u'cc': u'US',
u'bytes': u'288', u'start': u'1274334000', u'pkts': u'6', u'asn':
u'2828'}]
_____________________________
jose nazario, ph.d. jose at arbor.net
sr. manager of security research, arbor networks
http://asert.arbor.net/
More information about the nsp-security
mailing list