[nsp-sec] distributed ftp bruteforce botnet
Mike Tancsa
mike at sentex.net
Fri Mar 9 12:22:20 EST 2012
Helping a customer clean up some abused web scripts, I noticed they were getting hammered with ftp brute force attempts from multiple IPs. Note the times are GMT-5 (sorry) and represents just a single instance of each of the IPs that were trying to brute force via ftp. I can provide more instances of the IPs if need be. As they are all trying the same account grn, I imagine its the same person/people controlling the remote bots. I am guessing they pick the userid based on the domain (in this case grn.com)
Bulk mode; whois.cymru.com [2012-03-09 17:13:28 +0000]
4134 | 110.80.135.241 | 110.80.128.0/19 | CN | apnic | 2009-04-02 | 2012-03-3 21:06:54 GMT-5 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 113.80.102.202 | 113.80.0.0/16 | CN | apnic | 2008-11-03 | 2012-03-4 20:19:32 GMT-5 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 113.80.102.202 | 113.80.0.0/16 | CN | apnic | 2008-11-03 | 2012-03-4 20:19:32 GMT-5 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 60.166.13.234 | 60.166.0.0/16 | CN | apnic | 2004-07-21 | 2012-03-1 10:13:08 GMT-5 | CHINANET-BACKBONE No.31,Jin-rong Street
4230 | 189.3.151.114 | 189.3.0.0/16 | BR | lacnic | 2006-07-19 | 2012-03-8 05:52:46 GMT-5 | Embratel
4230 | 189.3.224.50 | 189.3.0.0/16 | BR | lacnic | 2006-07-19 | 2012-03-8 07:00:39 GMT-5 | Embratel
4230 | 189.43.182.238 | 189.43.0.0/16 | BR | lacnic | 2007-03-30 | 2012-03-8 07:25:05 GMT-5 | Embratel
4230 | 200.178.113.140 | 200.178.0.0/16 | BR | lacnic | 1995-01-04 | 2012-03-8 06:11:55 GMT-5 | Embratel
4230 | 200.182.149.131 | 200.182.0.0/16 | BR | lacnic | 1995-01-04 | 2012-03-7 16:50:04 GMT-5 | Embratel
4230 | 200.244.2.123 | 200.244.0.0/16 | BR | lacnic | 1995-01-04 | 2012-03-8 06:08:30 GMT-5 | Embratel
4230 | 200.248.96.134 | 200.248.0.0/16 | BR | lacnic | 1995-01-04 | 2012-03-7 22:18:59 GMT-5 | Embratel
4230 | 200.253.153.34 | 200.253.0.0/16 | BR | lacnic | 1995-01-04 | 2012-03-8 09:01:10 GMT-5 | Embratel
6713 | 41.142.44.144 | 41.142.40.0/21 | MA | afrinic | 2009-01-06 | 2012-03-7 17:12:17 GMT-5 | IAM-AS
6730 | 194.230.159.100 | 194.230.0.0/16 | CH | ripencc | 1996-01-23 | 2012-03-8 06:32:25 GMT-5 | SUNRISE Sunrise Communications AG
6739 | 84.123.191.219 | 84.123.0.0/16 | ES | ripencc | 2004-04-15 | 2012-03-7 17:14:02 GMT-5 | ONO-AS Cableuropa - ONO
7048 | 187.49.237.18 | 187.49.236.0/22 | BR | lacnic | 2008-11-13 | 2012-03-8 09:20:58 GMT-5 | Fastlane Internet Brazil
7657 | 118.93.161.65 | 118.93.0.0/16 | NZ | apnic | 2007-08-24 | 2012-03-7 17:04:35 GMT-5 | VODAFONE-NZ-NGN-AS Vodafone NZ Ltd.
7738 | 187.13.27.76 | 187.13.0.0/19 | BR | lacnic | 2008-07-07 | 2012-03-8 07:15:36 GMT-5 | Telecomunicacoes da Bahia S.A.
7738 | 187.13.88.191 | 187.13.64.0/19 | BR | lacnic | 2008-07-07 | 2012-03-8 06:28:39 GMT-5 | Telecomunicacoes da Bahia S.A.
7738 | 187.43.242.24 | 187.43.224.0/19 | BR | lacnic | 2008-11-13 | 2012-03-7 16:37:47 GMT-5 | Telecomunicacoes da Bahia S.A.
7738 | 187.79.82.73 | 187.79.64.0/19 | BR | lacnic | 2009-05-13 | 2012-03-8 06:11:54 GMT-5 | Telecomunicacoes da Bahia S.A.
7738 | 189.104.21.226 | 189.104.0.0/19 | BR | lacnic | 2008-02-15 | 2012-03-7 15:53:49 GMT-5 | Telecomunicacoes da Bahia S.A.
7738 | 189.104.242.134 | 189.104.224.0/19 | BR | lacnic | 2008-02-15 | 2012-03-3 09:08:59 GMT-5 | Telecomunicacoes da Bahia S.A.
7738 | 189.107.221.98 | 189.107.192.0/19 | BR | lacnic | 2008-02-15 | 2012-03-7 18:22:44 GMT-5 | Telecomunicacoes da Bahia S.A.
7738 | 189.70.16.193 | 189.70.0.0/19 | BR | lacnic | 2007-09-11 | 2012-03-8 07:20:33 GMT-5 | Telecomunicacoes da Bahia S.A.
7738 | 201.79.184.117 | 201.79.160.0/19 | BR | lacnic | 2005-12-22 | 2012-03-8 08:57:56 GMT-5 | Telecomunicacoes da Bahia S.A.
8048 | 190.38.160.9 | 190.38.0.0/16 | VE | lacnic | 2006-06-05 | 2012-03-7 19:25:37 GMT-5 | CANTV Servicios, Venezuela
8167 | 177.1.12.118 | 177.1.0.0/18 | BR | lacnic | 2010-10-27 | 2012-03-7 17:23:39 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.4.105.156 | 187.4.64.0/18 | BR | lacnic | 2008-07-07 | 2012-03-7 23:13:10 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.4.200.185 | 187.4.192.0/18 | BR | lacnic | 2008-07-07 | 2012-03-8 07:53:21 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.5.127.33 | 187.5.64.0/18 | BR | lacnic | 2008-07-07 | 2012-03-7 15:48:11 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.52.11.152 | 187.52.0.0/18 | BR | lacnic | 2008-11-13 | 2012-03-7 20:47:54 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.52.199.76 | 187.52.192.0/18 | BR | lacnic | 2008-11-13 | 2012-03-7 18:47:45 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.53.84.160 | 187.53.64.0/18 | BR | lacnic | 2008-11-13 | 2012-03-7 16:03:03 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.55.195.193 | 187.55.192.0/18 | BR | lacnic | 2008-11-13 | 2012-03-7 20:51:06 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.55.214.133 | 187.55.192.0/18 | BR | lacnic | 2008-11-13 | 2012-03-7 18:57:46 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.55.22.153 | 187.55.0.0/18 | BR | lacnic | 2008-11-13 | 2012-03-8 06:07:32 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.7.242.31 | 187.7.192.0/18 | BR | lacnic | 2008-07-07 | 2012-03-7 17:06:57 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 187.7.58.237 | 187.7.0.0/18 | BR | lacnic | 2008-07-07 | 2012-03-7 20:36:13 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 189.10.133.72 | 189.10.128.0/18 | BR | lacnic | 2006-07-19 | 2012-03-7 15:58:50 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 189.11.84.24 | 189.11.64.0/18 | BR | lacnic | 2006-07-19 | 2012-03-7 18:43:04 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 189.31.100.109 | 189.31.64.0/18 | BR | lacnic | 2006-07-19 | 2012-03-7 16:18:56 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 189.31.22.95 | 189.31.0.0/18 | BR | lacnic | 2006-07-19 | 2012-03-7 17:18:19 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 189.73.220.240 | 189.73.192.0/18 | BR | lacnic | 2007-09-11 | 2012-03-8 09:15:56 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 189.73.88.178 | 189.73.64.0/18 | BR | lacnic | 2007-09-11 | 2012-03-8 07:17:19 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 189.75.9.98 | 189.75.0.0/18 | BR | lacnic | 2007-09-11 | 2012-03-8 07:31:53 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 200.180.181.95 | 200.180.128.0/17 | BR | lacnic | 1995-01-04 | 2012-03-7 17:20:35 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 200.180.249.122 | 200.180.128.0/17 | BR | lacnic | 1995-01-04 | 2012-03-8 07:59:09 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 200.181.192.233 | 200.181.128.0/17 | BR | lacnic | 1995-01-04 | 2012-03-8 00:27:39 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 200.181.253.33 | 200.181.128.0/17 | BR | lacnic | 1995-01-04 | 2012-03-7 16:46:50 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.11.108.177 | 201.11.64.0/18 | BR | lacnic | 2003-06-18 | 2012-03-7 16:51:27 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.11.176.30 | 201.11.128.0/18 | BR | lacnic | 2003-06-18 | 2012-03-7 16:23:46 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.11.241.234 | 201.11.192.0/18 | BR | lacnic | 2003-06-18 | 2012-03-7 17:08:45 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.15.220.3 | 201.15.192.0/18 | BR | lacnic | 2003-06-18 | 2012-03-8 06:48:05 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.2.1.3 | 201.2.0.0/18 | BR | lacnic | 2003-06-18 | 2012-03-8 07:36:59 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.25.54.106 | 201.25.0.0/18 | BR | lacnic | 2004-05-31 | 2012-03-7 19:29:57 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.67.183.136 | 201.67.128.0/18 | BR | lacnic | 2005-12-22 | 2012-03-7 20:17:58 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 201.89.153.208 | 201.89.128.0/18 | BR | lacnic | 2005-12-22 | 2012-03-7 17:17:15 GMT-5 | TELESC - Telecomunicacoes de Santa Catarina SA
9116 | 212.199.11.177 | 212.199.0.0/19 | IL | ripencc | 2000-07-26 | 2012-03-8 00:12:57 GMT-5 | GOLDENLINES-ASN 012 Smile Communications Main Autonomous System
9121 | 78.173.23.160 | 78.173.0.0/17 | TR | ripencc | 2007-05-01 | 2012-03-8 00:58:14 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 78.173.23.160 | 78.173.0.0/17 | TR | ripencc | 2007-05-01 | 2012-03-8 00:58:14 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 78.185.12.198 | 78.185.0.0/17 | TR | ripencc | 2007-05-01 | 2012-03-8 02:32:35 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 78.186.114.137 | 78.186.0.0/17 | TR | ripencc | 2007-05-01 | 2012-03-7 18:50:52 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 78.187.138.186 | 78.187.128.0/17 | TR | ripencc | 2007-05-01 | 2012-03-8 01:35:04 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 78.187.138.186 | 78.187.128.0/17 | TR | ripencc | 2007-05-01 | 2012-03-8 01:35:04 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 78.187.141.69 | 78.187.128.0/17 | TR | ripencc | 2007-05-01 | 2012-03-8 01:34:11 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 81.213.141.190 | 81.213.128.0/17 | TR | ripencc | 2002-10-15 | 2012-03-8 03:09:59 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 81.214.57.41 | 81.214.0.0/17 | TR | ripencc | 2002-10-15 | 2012-03-8 03:41:14 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 81.214.66.156 | 81.214.0.0/17 | TR | ripencc | 2002-10-15 | 2012-03-8 03:26:03 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 88.254.74.66 | 88.254.0.0/17 | TR | ripencc | 2005-10-27 | 2012-03-8 05:34:40 GMT-5 | TTNET Turk Telekomunikasyon Anonim Sirketi
10429 | 189.44.234.187 | 189.44.0.0/16 | BR | lacnic | 2007-03-30 | 2012-03-7 17:16:21 GMT-5 | Telefonica Empresas SA
11427 | 70.122.195.253 | 70.122.0.0/15 | US | arin | 2004-09-17 | 2012-03-8 00:31:07 GMT-5 | SCRR-11427 - Road Runner HoldCo LLC
11802 | 200.19.200.11 | 200.19.192.0/20 | BR | lacnic | 1994-05-25 | 2012-03-7 16:21:52 GMT-5 | CIASC
12271 | 66.108.213.30 | 66.108.128.0/17 | US | arin | 2001-04-13 | 2012-03-7 17:02:32 GMT-5 | SCRR-12271 - Road Runner HoldCo LLC
12542 | 213.22.228.133 | 213.22.192.0/18 | PT | ripencc | 1999-10-28 | 2012-03-7 15:52:20 GMT-5 | TVCABO-AS TVCABO Autonomous System
12542 | 79.168.212.155 | 79.168.192.0/18 | PT | ripencc | 2007-09-05 | 2012-03-7 16:23:32 GMT-5 | TVCABO-AS TVCABO Autonomous System
12542 | 81.84.60.48 | 81.84.0.0/18 | PT | ripencc | 2002-05-22 | 2012-03-7 16:53:42 GMT-5 | TVCABO-AS TVCABO Autonomous System
12542 | 85.138.66.223 | 85.138.64.0/18 | PT | ripencc | 2004-12-01 | 2012-03-7 17:22:36 GMT-5 | TVCABO-AS TVCABO Autonomous System
12542 | 85.139.134.110 | 85.139.128.0/18 | PT | ripencc | 2004-12-01 | 2012-03-7 16:30:00 GMT-5 | TVCABO-AS TVCABO Autonomous System
12542 | 89.152.141.42 | 89.152.128.0/18 | PT | ripencc | 2006-02-07 | 2012-03-7 16:40:45 GMT-5 | TVCABO-AS TVCABO Autonomous System
12542 | 89.155.205.182 | 89.155.192.0/18 | PT | ripencc | 2006-02-07 | 2012-03-7 16:06:17 GMT-5 | TVCABO-AS TVCABO Autonomous System
12542 | 94.132.121.202 | 94.132.64.0/18 | PT | ripencc | 2008-07-14 | 2012-03-7 19:33:32 GMT-5 | TVCABO-AS TVCABO Autonomous System
12542 | 94.133.247.74 | 94.133.192.0/18 | PT | ripencc | 2008-07-14 | 2012-03-7 20:46:03 GMT-5 | TVCABO-AS TVCABO Autonomous System
14868 | 200.195.187.122 | 200.195.184.0/21 | BR | lacnic | 1995-01-04 | 2012-03-7 21:42:08 GMT-5 | Companhia Paranaense de Energia - COPEL
15180 | 201.85.59.194 | 201.84.0.0/15 | BR | lacnic | 2005-12-22 | 2012-03-7 16:54:42 GMT-5 | Diveo do Brasil Telecomunicacoes Ltda
16735 | 189.112.168.9 | 189.112.0.0/16 | BR | lacnic | 2008-02-15 | 2012-03-7 16:55:11 GMT-5 | Companhia de Telecomunicacoes do Brasil Central
18881 | 177.17.81.238 | 177.17.80.0/21 | BR | lacnic | 2010-10-27 | 2012-03-8 06:28:14 GMT-5 | Global Village Telecom
18881 | 177.17.81.238 | 177.17.80.0/21 | BR | lacnic | 2010-10-27 | 2012-03-8 06:28:14 GMT-5 | Global Village Telecom
18881 | 177.18.184.114 | 177.18.160.0/19 | BR | lacnic | 2010-10-27 | 2012-03-8 08:27:59 GMT-5 | Global Village Telecom
18881 | 177.19.81.46 | 177.19.80.0/20 | BR | lacnic | 2010-10-27 | 2012-03-8 05:47:44 GMT-5 | Global Village Telecom
18881 | 177.19.81.46 | 177.19.80.0/20 | BR | lacnic | 2010-10-27 | 2012-03-8 05:47:44 GMT-5 | Global Village Telecom
18881 | 177.43.186.107 | 177.43.186.0/23 | BR | lacnic | 2011-01-05 | 2012-03-8 01:31:17 GMT-5 | Global Village Telecom
18881 | 177.98.245.135 | 177.98.224.0/19 | BR | lacnic | 2011-09-12 | 2012-03-8 09:28:47 GMT-5 | Global Village Telecom
18881 | 186.212.17.137 | 186.212.0.0/19 | BR | lacnic | 2010-03-03 | 2012-03-7 18:33:33 GMT-5 | Global Village Telecom
18881 | 186.212.17.137 | 186.212.0.0/19 | BR | lacnic | 2010-03-03 | 2012-03-7 18:33:33 GMT-5 | Global Village Telecom
18881 | 186.212.32.168 | 186.212.32.0/19 | BR | lacnic | 2010-03-03 | 2012-03-8 07:15:06 GMT-5 | Global Village Telecom
18881 | 186.215.80.254 | 186.215.64.0/19 | BR | lacnic | 2010-03-03 | 2012-03-8 06:51:43 GMT-5 | Global Village Telecom
18881 | 187.112.47.83 | 187.112.0.0/16 | BR | lacnic | 2009-09-14 | 2012-03-8 08:07:45 GMT-5 | Global Village Telecom
18881 | 187.59.14.174 | 187.59.0.0/18 | BR | lacnic | 2008-11-13 | 2012-03-8 07:52:31 GMT-5 | Global Village Telecom
18881 | 189.114.174.183 | 189.114.160.0/19 | BR | lacnic | 2008-02-15 | 2012-03-7 17:22:08 GMT-5 | Global Village Telecom
18881 | 189.58.182.104 | 189.58.176.0/20 | BR | lacnic | 2007-03-30 | 2012-03-8 08:07:56 GMT-5 | Global Village Telecom
18881 | 189.58.209.46 | 189.58.192.0/18 | BR | lacnic | 2007-03-30 | 2012-03-7 16:49:36 GMT-5 | Global Village Telecom
18881 | 201.22.142.34 | 201.22.128.0/18 | BR | lacnic | 2004-05-31 | 2012-03-7 16:40:25 GMT-5 | Global Village Telecom
18881 | 201.22.212.55 | 201.22.192.0/18 | BR | lacnic | 2004-05-31 | 2012-03-7 18:33:18 GMT-5 | Global Village Telecom
20978 | 46.104.73.93 | 46.104.64.0/20 | TR | ripencc | 2010-07-05 | 2012-03-7 16:14:59 GMT-5 | AVEA-TELEKOMUNIKASYON AVEA Iletisim Hizmetleri A.S.
22085 | 187.71.5.61 | 187.71.0.0/18 | BR | lacnic | 2009-05-13 | 2012-03-7 19:21:01 GMT-5 | Telet S.A.
22689 | 201.54.97.107 | 201.54.64.0/18 | BR | lacnic | 2005-08-02 | 2012-03-7 15:54:48 GMT-5 | Internet By Sercomtel Ltda
23650 | 222.186.20.49 | 222.186.20.0/24 | CN | apnic | 2004-02-23 | 2012-03-2 10:23:50 GMT-5 | CHINANET-JS-AS-AP AS Number for CHINANET jiangsu province backbone
23650 | 222.186.20.56 | 222.186.20.0/24 | CN | apnic | 2004-02-23 | 2012-03-2 12:35:01 GMT-5 | CHINANET-JS-AS-AP AS Number for CHINANET jiangsu province backbone
24698 | 78.130.8.48 | 78.130.0.0/17 | PT | ripencc | 2007-05-09 | 2012-03-7 16:34:54 GMT-5 | OPTIMUS-AS Optimus Portugal
24698 | 93.102.144.87 | 93.102.0.0/16 | PT | ripencc | 2008-03-10 | 2012-03-8 05:11:19 GMT-5 | OPTIMUS-AS Optimus Portugal
24698 | 93.102.150.219 | 93.102.0.0/16 | PT | ripencc | 2008-03-10 | 2012-03-7 15:55:36 GMT-5 | OPTIMUS-AS Optimus Portugal
24698 | 93.102.182.49 | 93.102.0.0/16 | PT | ripencc | 2008-03-10 | 2012-03-7 17:10:17 GMT-5 | OPTIMUS-AS Optimus Portugal
24698 | 93.102.51.180 | 93.102.0.0/18 | PT | ripencc | 2008-03-10 | 2012-03-8 07:34:22 GMT-5 | OPTIMUS-AS Optimus Portugal
26615 | 177.30.116.5 | 177.30.0.0/15 | BR | lacnic | 2010-10-27 | 2012-03-7 21:51:28 GMT-5 | Tim Celular S.A.
27699 | 177.9.57.158 | 177.9.0.0/17 | BR | lacnic | 2010-10-27 | 2012-03-7 16:24:33 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 187.10.113.145 | 187.10.0.0/16 | BR | lacnic | 2008-07-07 | 2012-03-7 17:25:24 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 187.10.113.145 | 187.10.0.0/16 | BR | lacnic | 2008-07-07 | 2012-03-7 17:25:24 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 187.35.94.141 | 187.34.0.0/15 | BR | lacnic | 2008-11-13 | 2012-03-7 17:40:53 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 187.56.20.199 | 187.56.0.0/16 | BR | lacnic | 2008-11-13 | 2012-03-7 17:43:40 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 189.111.131.208 | 189.110.0.0/15 | BR | lacnic | 2008-02-15 | 2012-03-8 05:12:48 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 189.111.162.251 | 189.110.0.0/15 | BR | lacnic | 2008-02-15 | 2012-03-7 19:28:27 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 189.47.102.73 | 189.47.0.0/16 | BR | lacnic | 2007-03-30 | 2012-03-7 20:38:36 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 200.158.207.188 | 200.158.192.0/19 | BR | lacnic | 1995-01-04 | 2012-03-7 17:50:28 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 201.13.33.76 | 201.13.0.0/17 | BR | lacnic | 2003-06-18 | 2012-03-8 05:31:51 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 201.26.48.122 | 201.26.0.0/17 | BR | lacnic | 2004-05-31 | 2012-03-7 16:37:48 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 201.68.20.41 | 201.68.0.0/17 | BR | lacnic | 2005-12-22 | 2012-03-7 16:12:54 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
27699 | 201.92.19.95 | 201.92.0.0/17 | BR | lacnic | 2005-12-22 | 2012-03-7 20:15:33 GMT-5 | TELECOMUNICACOES DE SAO PAULO S/A - TELESP
28141 | 187.49.67.138 | 187.49.66.0/23 | BR | lacnic | 2008-11-13 | 2012-03-8 06:35:10 GMT-5 |
28202 | 177.44.61.200 | 177.44.60.0/22 | BR | lacnic | 2011-01-05 | 2012-03-8 06:40:27 GMT-5 |
28205 | 187.85.254.164 | 187.85.248.0/21 | BR | lacnic | 2009-05-13 | 2012-03-7 16:36:57 GMT-5 |
28263 | 201.49.73.51 | 201.49.64.0/20 | BR | lacnic | 2005-08-02 | 2012-03-8 06:36:05 GMT-5 |
28281 | 189.14.155.182 | 189.14.144.0/20 | BR | lacnic | 2006-07-19 | 2012-03-8 06:27:16 GMT-5 | Adelphia Connection Ltda
28291 | 189.28.128.241 | 189.28.128.0/21 | BR | lacnic | 2006-07-19 | 2012-03-7 18:13:12 GMT-5 | Ministerio da Saude
28303 | 201.49.109.50 | 201.49.108.0/22 | BR | lacnic | 2005-08-02 | 2012-03-7 19:53:51 GMT-5 | ELETRONICA ITAKE LTDA
28303 | 201.49.114.18 | 201.49.112.0/22 | BR | lacnic | 2005-08-02 | 2012-03-7 21:22:19 GMT-5 | ELETRONICA ITAKE LTDA
28343 | 187.85.184.114 | 187.85.184.0/21 | BR | lacnic | 2009-05-13 | 2012-03-8 11:20:14 GMT-5 |
28343 | 187.85.187.210 | 187.85.184.0/21 | BR | lacnic | 2009-05-13 | 2012-03-8 05:53:41 GMT-5 |
28347 | 189.127.144.137 | 189.127.128.0/19 | BR | lacnic | 2008-02-15 | 2012-03-7 16:32:08 GMT-5 |
28573 | 187.104.129.144 | 187.104.128.0/19 | BR | lacnic | 2009-09-14 | 2012-03-8 06:03:05 GMT-5 | NET Servicos de Comunicao S.A.
28573 | 187.2.48.99 | 187.2.32.0/19 | BR | lacnic | 2008-07-07 | 2012-03-7 19:35:53 GMT-5 | NET Servicos de Comunicao S.A.
28573 | 187.22.219.127 | 187.22.192.0/19 | BR | lacnic | 2008-07-07 | 2012-03-7 23:26:23 GMT-5 | NET Servicos de Comunicao S.A.
28573 | 189.102.43.244 | 189.102.0.0/18 | BR | lacnic | 2008-02-15 | 2012-03-8 09:33:26 GMT-5 | NET Servicos de Comunicao S.A.
28573 | 189.32.36.23 | 189.32.32.0/19 | BR | lacnic | 2007-03-30 | 2012-03-7 16:41:14 GMT-5 | NET Servicos de Comunicao S.A.
28573 | 189.55.189.117 | 189.55.184.0/21 | BR | lacnic | 2007-03-30 | 2012-03-8 07:03:18 GMT-5 | NET Servicos de Comunicao S.A.
28573 | 189.63.241.222 | 189.63.240.0/21 | BR | lacnic | 2007-03-30 | 2012-03-8 07:08:57 GMT-5 | NET Servicos de Comunicao S.A.
28573 | 201.21.231.228 | 201.21.192.0/18 | BR | lacnic | 2004-05-31 | 2012-03-7 15:44:44 GMT-5 | NET Servicos de Comunicao S.A.
28573 | 201.53.218.146 | 201.53.192.0/18 | BR | lacnic | 2005-08-02 | 2012-03-7 21:53:42 GMT-5 | NET Servicos de Comunicao S.A.
28573 | 201.82.128.226 | 201.82.128.0/20 | BR | lacnic | 2005-12-22 | 2012-03-8 08:44:08 GMT-5 | NET Servicos de Comunicao S.A.
28590 | 201.54.9.186 | 201.54.0.0/20 | BR | lacnic | 2005-08-02 | 2012-03-8 05:25:48 GMT-5 | Neovia Telecomunicacoes S.A.
28613 | 201.54.33.206 | 201.54.32.0/21 | BR | lacnic | 2005-08-02 | 2012-03-8 17:47:00 GMT-5 | HUGHES TELECOMUNICAÇÕES DO BRASIL LTDA.
28644 | 201.55.81.250 | 201.55.80.0/20 | BR | lacnic | 2005-08-02 | 2012-03-8 06:40:21 GMT-5 | Brasilsite Telecomunicações Ltda
28649 | 200.236.247.250 | 200.236.224.0/19 | BR | lacnic | 1995-01-04 | 2012-03-7 15:55:20 GMT-5 | Desktop Online Informática Ltda
31126 | 93.126.172.142 | 93.126.172.0/24 | LB | ripencc | 2010-09-03 | 2012-03-8 03:07:13 GMT-5 | SODETEL-AS SODETEL SAL
31252 | 95.65.126.128 | 95.65.0.0/17 | MD | ripencc | 2008-10-28 | 2012-03-1 21:26:54 GMT-5 | STARNET-AS StarNet Moldova
42580 | 78.29.130.89 | 78.29.128.0/20 | PT | ripencc | 2007-09-27 | 2012-03-8 08:03:31 GMT-5 | CABOTVA Cabo TV Acoreana
42863 | 92.250.76.35 | 92.250.0.0/17 | PT | ripencc | 2007-11-20 | 2012-03-7 16:27:28 GMT-5 | TMN-AS TMN Autonomous System
42863 | 95.69.121.121 | 95.69.0.0/17 | PT | ripencc | 2008-11-14 | 2012-03-8 08:42:45 GMT-5 | TMN-AS TMN Autonomous System
42863 | 95.69.121.121 | 95.69.0.0/17 | PT | ripencc | 2008-11-14 | 2012-03-8 08:42:45 GMT-5 | TMN-AS TMN Autonomous System
44050 | 146.185.244.67 | 146.185.244.0/24 | RU | ripencc | 2011-07-13 | 2012-03-5 10:51:22 GMT-5 | PIN-AS Petersburg Internet Network LLC
51407 | 46.43.85.225 | 46.43.84.0/23 | PS | ripencc | 2010-08-16 | 2012-03-8 06:47:00 GMT-5 | MADA-AS Mada Alarab AS
52988 | 177.54.106.27 | 177.54.104.0/22 | BR | lacnic | 2011-01-05 | 2012-03-8 05:10:36 GMT-5 |
52988 | 177.54.106.27 | 177.54.104.0/22 | BR | lacnic | 2011-01-05 | 2012-03-8 05:10:36 GMT-5 |
53084 | 187.33.159.50 | 187.33.144.0/20 | BR | lacnic | 2008-11-13 | 2012-03-8 07:46:06 GMT-5 |
53128 | 187.122.200.48 | 187.122.192.0/19 | BR | lacnic | 2009-09-14 | 2012-03-7 18:21:39 GMT-5 |
53128 | 187.122.200.48 | 187.122.192.0/19 | BR | lacnic | 2009-09-14 | 2012-03-7 18:21:39 GMT-5 |
53203 | 201.62.45.173 | 201.62.32.0/20 | BR | lacnic | 2005-08-02 | 2012-03-8 07:24:55 GMT-5 |
262424 | 177.44.136.46 | 177.44.136.0/24 | BR | lacnic | 2011-01-05 | 2012-03-7 19:19:47 GMT-5 |
262673 | 187.73.78.224 | 187.73.64.0/19 | BR | lacnic | 2009-05-13 | 2012-03-8 08:08:30 GMT-5 |
here is a sample of what it looks like in the auth logs
Mar 8 03:13:38 ns5b ftpd[85248]: FTP LOGIN FAILED FROM 78.173.23.160, grn
Mar 8 03:14:12 ns5b ftpd[85379]: FTP LOGIN FAILED FROM s529cf00e.adsl.wanadoo.nl, grn
Mar 8 03:18:31 ns5b ftpd[86302]: FTP LOGIN FAILED FROM 201-68-20-41.dsl.telesp.net.br, grn
Mar 8 03:18:45 ns5b ftpd[86359]: FTP LOGIN FAILED FROM 201-54-97-107.sercomtel.com.br, grn
Mar 8 03:19:50 ns5b ftpd[86595]: FTP LOGIN FAILED FROM 88.245.162.90, grn
Mar 8 03:22:52 ns5b ftpd[87398]: FTP LOGIN FAILED FROM 93.102.182.49.rev.optimus.pt, grn
Mar 8 03:23:07 ns5b ftpd[87485]: FTP LOGIN FAILED FROM 189.58.209.46.dynamic.adsl.gvt.net.br, grn
Mar 8 03:23:41 ns5b ftpd[87670]: FTP LOGIN FAILED FROM 95.8.132.196, grn
Mar 8 03:25:56 ns5b ftpd[88246]: FTP LOGIN FAILED FROM 95.7.183.142, grn
Mar 8 03:26:03 ns5b ftpd[88292]: FTP LOGIN FAILED FROM 81.214.66.156, grn
Mar 8 03:27:32 ns5b ftpd[88701]: FTP LOGIN FAILED FROM 201.49.109.50, grn
Mar 8 03:29:30 ns5b ftpd[89193]: FTP LOGIN FAILED FROM a94-132-121-202.cpe.netcabo.pt, grn
Mar 8 03:29:51 ns5b ftpd[89306]: FTP LOGIN FAILED FROM 81.214.66.156, grn
Mar 8 03:32:13 ns5b ftpd[89977]: FTP LOGIN FAILED FROM 201.90.30.210, grn
Mar 8 03:34:38 ns5b ftpd[90605]: FTP LOGIN FAILED FROM ABordeaux-253-1-11-224.w82-125.abo.wanadoo.fr, grn
Mar 8 03:35:29 ns5b ftpd[90838]: FTP LOGIN FAILED FROM 187.54.127.160, grn
Mar 8 03:36:38 ns5b ftpd[91120]: FTP LOGIN FAILED FROM 212.199.11.177.static.012.net.il, grn
Mar 8 03:41:14 ns5b ftpd[92118]: FTP LOGIN FAILED FROM 81.214.57.41, grn
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the nsp-security
mailing list