| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041110094752.665B139859@mail.icebear.net> From: full-disclosure at icebear.net (full-disclosure@...bear.net) Subject: could use some help with this logging Hi I was hoping someone could kinda help me.. I have some reporting from our firewall that produces the following output. I have to analyze this traffic but i have to confess that i can not make out if this traffic is malicious or not or what it is except for the obvious port 80 en port 443. I hope someone could give me some hints about the traffic regards Peter ---------------------- >From source address: [145.x.x.x] (339970 hits to 751 Destinations) * Destination: [66.235.181.59] (10066 hits to 11 ports) * 30816 (1020) * 32800 (1020) * 34840 (695) * 36896 (647) * 443 (1480) * 46992 (1033) * 47488 (702) * 51040 (696) * 51536 (1286) * 80 (1480) * Destination: [80.160.91.12] (4721 hits to 6 ports) * 11656 (1708) * 15768 (1345) * 17824 (689) * 443 (486) * 80 (486) * Destination: herning.hostero.pil.dk [195.41.47.100] (3936 hits to 6 ports) * 23400 (689) * 32488 (689) * 443 (429) * 58672 (1376) * 80 (429) * 9736 (324) * Destination: host-103-142-230-24.midco.net [24.230.142.103] (1937 hits to 3 ports) * 443 (115) * 54576 (1707) * 80 (115) * Destination: dhcp085150.res-hall.northwestern.edu [199.74.85.150] (1805 hits to 3 ports) * 36865 (1315) * 443 (245) * 80 (245) * Destination: bzq-82-81-199-233.cablep.bezeqint.net [82.81.199.233] (1753 hits to 3 ports) * 27447 (1225) * 443 (264) * 80 (264) * Destination: host243-217.eksjo.com [195.49.243.217] (1732 hits to 3 ports) * 443 (181) * 52238 (1370) * 80 (181) * Destination: syr-69-201-1-3.twcny.rr.com [69.201.1.3] (1727 hits to 3 ports) * 17067 (1379) * 443 (174) * 80 (174) * Destination: [202.199.162.97] (1712 hits to 3 ports) * 443 (188) * 49307 (1336) * 80 (188) * Destination: studentcnsat.ncl.ac.uk [128.240.4.237] (1712 hits to 3 ports) * 39793 (1376) * 443 (168) * 80 (168) * Destination: sm-pc314.sm.luth.se [130.240.3.87] (1705 hits to 3 ports) * 443 (163) * 51563 (1379) * 80 (163) * Destination: 68-185-51-218.wa.charter.com [68.185.51.218] (1699 hits to 3 ports) * 29253 (1356) * 443 (172) * 80 (171) * Destination: henz214-dharnisch-dellpc2.unl.edu [129.93.84.97] (1679 hits to 3 ports) * 44286 (1373) * 443 (153) * 80 (153) * Destination: ip68-13-164-36.om.om.cox.net [68.13.164.36] (1677 hits to 3 ports) * 13699 (1361) * 443 (158) * 80 (158) * Destination: 3E6B1B51.rev.stofanet.dk [62.107.27.81] (1669 hits to 3 ports) * 443 (155) * 5472 (1359) * 80 (155) * Destination: YahooBB220006060057.bbtec.net [220.6.60.57] (1659 hits to 3 ports) * 443 (148) * 44753 (1363) * 80 (148) * Destination: c-495070d5.027-317-73746f7.cust.bredbandsbolaget.se [213.112.80.73] (1658 hits to 3 ports) * 33435 (1374) * 443 (142) * 80 (142) * Destination: errorek.sh.cvut.cz [147.32.118.118] (1647 hits to 3 ports) * 13972 (1375) * 443 (136) * 80 (136) * Destination: 82-35-52-107.cable.ubr03.camd.blueyonder.co.uk [82.35.52.107] (1635 hits to 3 ports) * 443 (257) * 64553 (1121) * 80 (257) * Destination: c-24-125-75-142.va.client2.attbi.com [24.125.75.142] (1617 hits to 3 ports) * 443 (127) * 52838 (1363) * 80 (127) * Destination: YahooBB220026145016.bbtec.net [220.26.145.16] (1616 hits to 3 ports) * 15850 (1300) * 443 (158) * 80 (158) * Destination: ip-56.59.home-lan.fastnet.lv [80.81.59.56] (1584 hits to 3 ports) * 31202 (1242) * 443 (171) * 80 (171) * Destination: 24-205-105-48.rno-cres.charterpipeline.net [24.205.105.48] (1562 hits to 3 ports) * 443 (271) * 55645 (1020) * 80 (271) * Destination: rs-64-246-49-61.ev1.net [64.246.49.61] (1535 hits to 3 ports) * 443 (261) * 7856 (1013) * 80 (261) * Destination: modemcable128.159-203-24.mc.videotron.ca [24.203.159.128] (1528 hits to 3 ports) * 443 (76) * 59950 (1376) * 80 (76) * Destination: [212.179.162.1722] (1525 hits to 3 ports) * 34489 (1027) * 443 (249) * 80 (249) >From source address: [145.x.x.x] (236377 hits to 324 Destinations) * Destination: rs-64-246-49-61.ev1.net [64.246.49.61] (5936 hits to 7 ports) * 11912 (788) * 17944 (788) * 20480 (788) * 3760 (788) * 443 (998) * 7856 (788) * 80 (998) * Destination: [66.235.181.59] (5858 hits to 7 ports) * 15432 (788) * 20480 (789) * 34840 (788) * 36896 (789) * 443 (958) * 44968 (788) * 80 (958) * Destination: herning.hostero.pil.dk [195.41.47.100] (4664 hits to 6 ports) * 15776 (788) * 443 (756) * 63680 (788) * 7784 (788) * 80 (756) * 9736 (788) * Destination: pk47st119.uio.no [129.240.47.119] (1246 hits to 3 ports) * 3367 (788) * 443 (229) * 80 (229) * Destination: [220.234.32.84] (1234 hits to 3 ports) * 3661 (788) * 443 (223) * 80 (223) * Destination: c213-100-56-238.swipnet.se [213.100.56.238] (1230 hits to 3 ports) * 443 (221) * 46934 (788) * 80 (221) * Destination: rliex01.studbost.vxu.se [194.47.126.123] (1228 hits to 3 ports) * 443 (220) * 44378 (788) * 80 (220) * Destination: i222-150-141-238.s05.a008.ap.plala.or.jp [222.150.141.238] (1226 hits to 3 ports) * 443 (219) * 44764 (788) * 80 (219) * Destination: catv-d5de8038.catv.broadband.hu [213.222.128.56] (1224 hits to 3 ports) * 443 (218) * 80 (218) * 8014 (788) * Destination: [200.222.81.173] (1221 hits to 3 ports) * 443 (216) * 45805 (789) * 80 (216) * Destination: cablep-179-105-241.cablep.bezeqint.net [212.179.105.241] (1220 hits to 3 ports) * 443 (216) * 61365 (788) * 80 (216) * Destination: sr-145.srtb05.resnet.ubc.ca [128.189.142.145] (1220 hits to 3 ports) * 443 (216) * 55964 (788) * 80 (216) * Destination: [163.23.218.93] (1220 hits to 3 ports) * 14457 (788) * 443 (216) * 80 (216) * Destination: c-208672d5.02-66-73746f42.cust.bredbandsbolaget.se [213.114.134.32] (1219 hits to 3 ports) * 443 (215) * 54259 (789) * 80 (215) * Destination: rdu162-239-101.nc.rr.com [24.162.239.101] (1219 hits to 3 ports) * 443 (215) * 80 (215) * 9014 (789) * Destination: [83.209.5.16] (1217 hits to 3 ports) * 14657 (789) * 443 (214) * 80 (214) * Destination: [210.107.135.91] (1217 hits to 3 ports) * 443 (214) * 48383 (789) * 80 (214) * Destination: drzhangpc.cs.wright.edu [130.108.13.154] (1216 hits to 3 ports) * 24071 (788) * 443 (214) * 80 (214) * Destination: d5153A343.kabel.telenet.be [81.83.163.67] (1215 hits to 3 ports) * 36119 (789) * 443 (213) * 80 (213) * Destination: gislab4.csie.thu.edu.tw [140.128.101.74] (1214 hits to 3 ports) * 443 (213) * 57818 (788) * 80 (213) * Destination: cs2426239-108.satx.rr.com [24.26.239.108] (1212 hits to 3 ports) * 36519 (788) * 443 (212) * 80 (212) * Destination: bzq-218-158-130.cablep.bezeqint.net [81.218.158.130] (1210 hits to 3 ports) * 443 (211) * 80 (211) * 8303 (788) * Destination: orff.wiwi.uni-rostock.de [139.30.131.69] (1210 hits to 3 ports) * 443 (211) * 58252 (788) * 80 (211) * Destination: c906156e.virtua.com.br [201.6.21.110] (1210 hits to 3 ports) * 443 (211) * 6557 (788) * 80 (211) * Destination: pc-202-169-152-251.cable.kumin.ne.jp [202.169.152.251] (1210 hits to 3 ports) * 443 (211) * 64700 (788) * 80 (211) * Destination: CPE-65-30-247-82.mn.rr.com [65.30.247.82] (1209 hits to 3 ports) * 10791 (789) * 443 (210) * 80 (210) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041110/24358649/attachment.html
Powered by blists - more mailing lists