[nsp-sec] anyone got anything for 71.5.250.88
Rob Thomas
robt at cymru.com
Tue May 25 15:58:52 EDT 2010
Hi, Yiming.
> Anyone has anything for ip 71.5.250.88? We are having some interesting
> conversation with the customer behind it and we need some more evidence,
> thanks
We see 71.5.250.88 launching TCP 445 scans since at least 2010-01-04 UTC
through 2010-05-24 00:03:53 UTC. We see probes from 71.5.250.88 to TCP
445 on at least 24065 distinct destination IP addresses.
71.5.250.88 appears to be a gateway of some sort, with both Windows and
Linux boxes behind it.
The only other traffic of note is traffic from a very few hosts to UDP
33435 on 71.5.250.8. I've no idea what that might be, and it may not be
causal.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
https://www.team-cymru.org/
"Say little and do much." M Avot 1:15
More information about the nsp-security
mailing list