Sigh, Squid's persistent attempts to establish a connection makes
some people think its a port scan attack.
Duane W.
---------- Forwarded message ----------
From: "Greg's Security Monitor" <gnb+gsm@itga.com.au>
To: probe@auscert.org.au, abuse@nlanr.net, postmaster@nlanr.net,
root@nlanr.net, security@nlanr.net
Subject: port scan attack from your system
Date: Tue, 29 Aug 2000 10:06:16 +1100
Sender: gnb@itga.com.au
The following port scan was detected from your system. This shows the
fingerprint of one of the well-known port-scanning cracker tools
and indicates someone looking for vulnerable systems to break into.
[ See, for example, http://www.cert.org/incident_notes/IN-98.02.html ]
Please discipline this user.
[The machine identified as 'ns' is ns.itga.com.au. (192.83.119.129,
202.53.40.210 202.53.40.212)
The machine identified as 'proxy' is proxy.itga.com.au. (202.53.40.211)]
[Timestamps are in GMT+1100]
Host 141.142.121.5 -> uc.cache.nlanr.net
Aug 28 20:08:19 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28640
Aug 28 20:08:20 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28642
Aug 28 20:08:20 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28643
Aug 28 20:08:21 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28644
Aug 28 20:08:22 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28645
Aug 28 20:08:22 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28646
Aug 28 20:08:23 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28647
Aug 28 20:08:23 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28648
Aug 28 20:08:24 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28649
Aug 28 20:08:24 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28650
Aug 28 20:08:25 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28651
Aug 28 20:08:25 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28653
Aug 28 20:08:25 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28658
Aug 28 20:08:26 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28661
Aug 28 20:08:26 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28662
Aug 28 20:08:27 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28663
Aug 28 20:08:27 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28666
Aug 28 20:08:28 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28667
Aug 28 20:08:28 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28670
Aug 28 20:08:29 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28671
Aug 28 20:08:29 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28677
Aug 28 20:08:30 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28681
Aug 28 20:08:30 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28683
Aug 28 20:08:31 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28688
Aug 28 20:08:31 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28690
Aug 28 20:08:32 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28696
Aug 28 20:08:32 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28697
Aug 28 20:08:33 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28700
Aug 28 20:08:33 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28701
Aug 28 20:08:34 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28702
Aug 28 20:08:34 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28703
Aug 28 20:08:35 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28704
Aug 28 20:08:35 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28705
Aug 28 20:08:37 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28707
Aug 28 20:08:38 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28710
Aug 28 20:08:38 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28711
Aug 28 20:08:38 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28712
Aug 28 20:08:39 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28713
Aug 28 20:08:39 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28716
Aug 28 20:08:40 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28718
Aug 28 20:08:40 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28720
Aug 28 20:08:41 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28721
Aug 28 20:08:41 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28724
Aug 28 20:08:42 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28726
Aug 28 20:08:42 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28729
Aug 28 20:08:43 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28730
Aug 28 20:08:43 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28732
Aug 28 20:08:44 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28734
Aug 28 20:08:44 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28735
Aug 28 20:08:44 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28737
Aug 28 20:08:45 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28738
Aug 28 20:08:45 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28741
Aug 28 20:08:46 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28743
Aug 28 20:08:49 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28743
Aug 28 20:08:49 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28751
Aug 28 20:08:50 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28752
Aug 28 20:08:50 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28754
Aug 28 20:08:51 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28756
Aug 28 20:08:51 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28758
Aug 28 20:08:52 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28760
Aug 28 20:08:52 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28763
Aug 28 20:08:53 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28764
Aug 28 20:08:53 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28765
Aug 28 20:08:54 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28769
Aug 28 20:08:54 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28770
Aug 28 20:08:55 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28771
Aug 28 20:08:55 proxy /kernel: Connection attempt to TCP 202.53.40.211:80 from 141.142.121.5:28772
AusCert Tags:
Source: 141.142.121.5
Port: tcp 80
re-distribute: yes
reply: no
timezone: GMT+1100
-----End of forwarded message-----
Received on Tue Aug 29 2000 - 00:45:28 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:35 MST