[nsp-sec] anyone got anything for 71.5.250.88
Yiming Gong
yiming.gong at xo.com
Tue May 25 13:16:51 EDT 2010
Thanks for looking into it Jose, i have some internal port 445 as well
as icmp 3/13 records for this ip, but apparently the ip is using slow
scan technique and more evidence is needed.
If folks have more stuff, please send them along, thanks.
Yiming
On 05/25/2010 12:11 PM, jose nazario wrote:
> On May 25, 2010, at 1:08 PM, Yiming Gong wrote:
>
>
>> Anyone has anything for ip 71.5.250.88? We are having some
>> interesting conversation with the customer behind it and we need
>> some more evidence, thanks
>>
>
> via ATLAS some TCP/445 scan activity.
>
> scan [{u'src': u'71.5.250.88', u'dport': u'445', u'proto': u'6',
> u'cc': u'US', u'bytes': u'288', u'start': u'1274222400', u'pkts':
> u'6', u'asn': u'2828'}, {u'src': u'71.5.250.88', u'dport': u'445',
> u'proto': u'6', u'cc': u'US', u'bytes': u'336', u'start':
> u'1274279700', u'pkts': u'7', u'asn': u'2828'}, {u'src':
> u'71.5.250.88', u'dport': u'445', u'proto': u'6', u'cc': u'US',
> u'bytes': u'288', u'start': u'1274334000', u'pkts': u'6', u'asn':
> u'2828'}]
>
> _____________________________
> jose nazario, ph.d. jose at arbor.net
> sr. manager of security research, arbor networks
> http://asert.arbor.net/
>
>
>
More information about the nsp-security
mailing list