lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050814081536.4c6277c3@homebox.slave-tothe-box.net>
Date: Sun Aug 14 15:15:23 2005
From: jlay at slave-tothe-box.net (James Lay)
Subject: IMAP scans? Something going on I should know
	about?

Hey all!

Here's a snippet:

Aug 14 07:44:28 homebox kernel: New,invalid TCP: IN=eth0 OUT=
MAC=00:04:75:80:dc:08:00:0f:90:27:ef:34:08:00 SRC=24.80.174.230
DST=24.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=50579 DF
PROTO=TCP SPT=2796 DPT=143 WINDOW=64240 RES=0x00 SYN URGP=0 

Aug 14 07:44:29 homebox kernel: New,invalid TCP: IN=eth0 OUT=
MAC=00:04:75:80:dc:08:00:0f:90:27:ef:34:08:00 SRC=24.80.174.230
DST=24.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=50631 DF
PROTO=TCP SPT=2796 DPT=143 WINDOW=64240 RES=0x00 SYN URGP=0 

Aug 14 07:44:29 homebox kernel: New,invalid TCP: IN=eth0 OUT=
MAC=00:04:75:80:dc:08:00:0f:90:27:ef:34:08:00 SRC=24.80.174.230
DST=24.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=50673 DF
PROTO=TCP SPT=2796 DPT=143 WINDOW=64240 RES=0x00 SYN URGP=0 

Aug 14 07:59:08 homebox kernel: New,invalid TCP: IN=eth0 OUT=
MAC=00:04:75:80:dc:08:00:0f:90:27:ef:34:08:00 SRC=24.83.33.74
DST=24.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=15538 DF
PROTO=TCP SPT=4348 DPT=143 WINDOW=64240 RES=0x00 SYN URGP=0

Been seeing a fair amount of these this month:

August:	83 from 24 unique IP's
July:	1
June:	3
Jan, Feb, Mar, Apr, May:	0

Source IP list for August:
SRC=12.178.35.191
SRC=209.94.22.195
SRC=24.102.12.114
SRC=24.106.4.77
SRC=24.107.229.150
SRC=24.107.235.39
SRC=24.108.150.186
SRC=24.109.213.228
SRC=24.109.23.104
SRC=24.109.60.128
SRC=24.109.8.67
SRC=24.112.12.86
SRC=24.112.136.44
SRC=24.115.147.143
SRC=24.116.114.189
SRC=24.75.96.120
SRC=24.78.222.122
SRC=24.80.174.230
SRC=24.81.177.89
SRC=24.83.210.128
SRC=24.83.33.74
SRC=24.86.90.126
SRC=24.99.121.15
SRC=24.99.158.40
SRC=66.98.248.10

Anything going on out there that I've missed?  Thanks!

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ