what do the kiddies have now
Scott Gifford
sgifford at tir.com
Thu Jun 10 17:26:23 UTC 1999
Perhaps the RPC attack CERT issued an advisory about today?
http://www.cert.org/advisories/CA-99-05-statd-automountd.html
Looks like they're trying to hit an RPC port. Maybe the script they're
running creates an account for them on your machine, and they're using
FTP to test if it worked?
Just a guess,
------Scott.
Randy Bush <randy at psg.com> writes:
> the following seemingly combo ftp and frag attack combo has escalated
> radically in the last days. anyone know why?
>
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(6079) -147.28.0.39(111), 1 packet
> ftpd[27311]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(800) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(6985) -147.28.0.39(111), 1 packet
> ftpd[27318]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(830) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(10874) -147.28.0.39(111), 1 packet
> ftpd[27375]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(943) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(14462) -147.28.0.39(111), 1 packet
> ftpd[27470]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(637) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(12438) -147.28.0.39(111), 1 packet
> ftpd[27498]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(673) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8174) -147.28.0.39(111), 1 packet
> ftpd[27503]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(683) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(7017) -147.28.0.39(111), 1 packet
> ftpd[27512]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(709) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(12615) -147.28.0.39(111), 1 packet
> ftpd[27522]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(726) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(14441) -147.28.0.39(111), 1 packet
> ftpd[27580]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(779) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(6720) -147.28.0.39(111), 1 packet
> ftpd[27639]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(852) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(9073) -147.28.0.39(111), 1 packet
> ftpd[27666]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(887) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(13040) -147.28.0.39(111), 1 packet
> ftpd[27812]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(627) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(5786) -147.28.0.39(111), 1 packet
> ftpd[27917]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(751) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11108) -147.28.0.39(111), 1 packet
> ftpd[27946]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(790) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8316) -147.28.0.39(111), 1 packet
> ftpd[27963]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(805) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11738) -147.28.0.39(111), 1 packet
> ftpd[27997]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(828) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11476) -147.28.0.39(111), 1 packet
> ftpd[28046]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(927) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(5036) -147.28.0.39(111), 1 packet
> ftpd[28056]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(948) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(10825) -147.28.0.39(111), 1 packet
> ftpd[28115]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(623) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8939) -147.28.0.39(111), 1 packet
> ftpd[28145]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(650) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(9116) -147.28.0.39(111), 1 packet
> ftpd[28167]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(739) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(5595) -147.28.0.39(111), 1 packet
> ftpd[28188]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(800) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8564) -147.28.0.39(111), 1 packet
> ftpd[28202]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(815) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(14905) -147.28.0.39(111), 1 packet
> ftpd[28250]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(863) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(5535) -147.28.0.39(111), 1 packet
> ftpd[28278]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(906) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(10659) -147.28.0.39(111), 1 packet
> ftpd[28379]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(639) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(10521) -147.28.0.39(111), 1 packet
> ftpd[28387]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(653) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11809) -147.28.0.39(111), 1 packet
> ftpd[28542]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied udp 209.192.148.153(0) -147.28.0.39(0), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 13 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(9962) -147.28.0.39(111), 1 packet
> ftpd[28591]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(815) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied udp 209.192.148.153(0) -147.28.0.39(0), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8016) -147.28.0.39(111), 1 packet
> ftpd[28699]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(882) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(7740) -147.28.0.39(111), 1 packet
> ftpd[28714]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(901) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11452) -147.28.0.39(111), 1 packet
> ftpd[28747]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(930) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8119) -147.28.0.39(111), 1 packet
> ftpd[29107]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(847) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(5313) -147.28.0.39(111), 1 packet
> ftpd[29411]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(684) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(9439) -147.28.0.39(111), 1 packet
> ftpd[29420]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(691) -147.28.0.39(111), 1 packet
> ftpd[29425]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(695) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(10246) -147.28.0.39(111), 1 packet
> ftpd[29474]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(733) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(7001) -147.28.0.39(111), 1 packet
> ftpd[29479]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(736) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(6134) -147.28.0.39(111), 1 packet
> ftpd[29510]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(751) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(12440) -147.28.0.39(111), 1 packet
> ftpd[29627]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(799) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(6428) -147.28.0.39(111), 1 packet
> ftpd[29638]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(812) -147.28.0.39(111), 1 packet
> ftpd[29651]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(824) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(7033) -147.28.0.39(111), 1 packet
> ftpd[29668]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(838) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8406) -147.28.0.39(111), 1 packet
> ftpd[29712]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(885) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(13300) -147.28.0.39(111), 1 packet
> ftpd[29749]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(908) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(12610) -147.28.0.39(111), 1 packet
> ftpd[29806]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(961) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11014) -147.28.0.39(111), 1 packet
> ftpd[29843]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(1008) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(10204) -147.28.0.39(111), 1 packet
> ftpd[30031]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(738) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(14146) -147.28.0.39(111), 1 packet
> ftpd[30159]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(839) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(14047) -147.28.0.39(111), 1 packet
> ftpd[30205]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(885) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(10526) -147.28.0.39(111), 1 packet
> ftpd[30236]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(913) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 13 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11273) -147.28.0.39(111), 1 packet
> ftpd[30362]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(649) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(7299) -147.28.0.39(111), 1 packet
> ftpd[30377]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(666) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(14072) -147.28.0.39(111), 1 packet
> ftpd[30507]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(736) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(10576) -147.28.0.39(111), 1 packet
> ftpd[30528]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(751) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(5718) -147.28.0.39(111), 1 packet
> ftpd[31125]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(624) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(9678) -147.28.0.39(111), 1 packet
> ftpd[31409]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(747) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8790) -147.28.0.39(111), 1 packet
> ftpd[31531]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(805) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11621) -147.28.0.39(111), 1 packet
> ftpd[31841]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(975) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 8 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(975) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(5450) -147.28.0.39(111), 1 packet
> ftpd[31963]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(609) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11661) -147.28.0.39(111), 1 packet
> ftpd[32885]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(978) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(12440) -147.28.0.39(111), 1 packet
> ftpd[33480]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(691) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 8 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(12709) -147.28.0.39(111), 1 packet
> ftpd[33596]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(709) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(13845) -147.28.0.39(111), 1 packet
> ftpd[33700]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(742) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(5041) -147.28.0.39(111), 1 packet
> ftpd[33726]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(760) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11446) -147.28.0.39(111), 1 packet
> ftpd[33802]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(787) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(14624) -147.28.0.39(111), 1 packet
> ftpd[34326]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(923) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(7370) -147.28.0.39(111), 1 packet
> ftpd[34413]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(974) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(13510) -147.28.0.39(111), 1 packet
> ftpd[34753]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(683) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 8 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11504) -147.28.0.39(111), 1 packet
> ftpd[35240]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(834) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 2 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(7332) -147.28.0.39(111), 1 packet
> ftpd[35331]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(889) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(6869) -147.28.0.39(111), 1 packet
> ftpd[35721]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(951) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8805) -147.28.0.39(111), 1 packet
> ftpd[36321]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(833) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(5228) -147.28.0.39(111), 1 packet
> ftpd[36760]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(966) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 8 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8162) -147.28.0.39(111), 1 packet
> ftpd[37144]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(634) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 2 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11966) -147.28.0.39(111), 1 packet
> ftpd[37263]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(666) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(6722) -147.28.0.39(111), 1 packet
> ftpd[37298]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(685) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(11563) -147.28.0.39(111), 1 packet
> ftpd[37579]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(772) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(8810) -147.28.0.39(111), 1 packet
> ftpd[37632]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(791) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied udp 209.192.148.153(0) -147.28.0.39(0), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied udp 209.192.148.153(0) -147.28.0.39(0), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(13584) -147.28.0.39(111), 1 packet
> ftpd[38095]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(961) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(7066) -147.28.0.39(111), 1 packet
> ftpd[38334]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(605) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 10 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(7753) -147.28.0.39(111), 1 packet
> ftpd[38814]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(725) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> named[79976]: ns_resp: TCP truncated: "112.137.63.209.in-addr.arpa" IN PTR
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(6816) -147.28.0.39(111), 1 packet
> ftpd[39528]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(889) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 2 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 10 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(10925) -147.28.0.39(111), 1 packet
> ftpd[40052]: connect from crb614.nf.sympatico.ca
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 142.163.12.14(1012) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 4 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 6 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 200.251.162.80(6279) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 200.251.162.80(7881) -147.28.0.39(111), 1 packet
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 2 packets
> %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.8.101.18(0) -147.28.0.39(0), 12 packets
More information about the NANOG
mailing list