attack?!
Posted: 2003-03-05 14:59
grad mal wieder log files durchforstet und folgendes grad gesehen bin mir nicht sicher norm dürft nix passiert sein aber trotzdem mal lieber posten bin mir aucn nicht sicher ob portsentry richtig funktioniert hat weil norm dürft er nach der 1. anfrage blocken oder?
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 109
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 98
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 119
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 135
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 156
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 179
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 311
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 371
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 389
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 407
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 427
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 445
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 512
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 513
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 799
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 800
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 901
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 993
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 995
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 42
Mar 1 17:41:43 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1002
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 901
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 993
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 995
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 42
Mar 1 17:41:43 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1002
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:44 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 43
Mar 1 17:41:44 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:44 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1002
Mar 1 17:41:44 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:44 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1002
Mar 1 17:41:44 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:44 p15107535 /usr/sbin/named[10538]: client 217.235.127.105#4337: message class could not be determined
Mar 1 17:41:45 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1015
Mar 1 17:41:45 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:45 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1015
Mar 1 17:41:45 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:46 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 68
Mar 1 17:41:46 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:46 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1015
Mar 1 17:41:46 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:46 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 69
Mar 1 17:41:46 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:47 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 88
Mar 1 17:41:47 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:48 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 111
Mar 1 17:41:48 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:49 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 135
Mar 1 17:41:49 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:51 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 143
Mar 1 17:41:51 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:52 p15107535 proftpd[26990]: connect from 217.235.127.105 (217.235.127.105)
Mar 1 17:41:52 p15107535 popper[26992]: connect from 217.235.127.105 (217.235.127.105)
Mar 1 17:41:52 p15107535 imapd[26997]: connect from 217.235.127.105 (217.235.127.105)
Mar 1 17:41:52 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 162
Mar 1 17:41:52 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:53 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 445
Mar 1 17:41:53 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:54 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 514
Mar 1 17:41:54 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:54 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 517
Mar 1 17:41:54 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:56 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 749
Mar 1 17:41:56 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:58 p15107535 proftpd[27000]: connect from 217.235.127.105 (217.235.127.105)
Mar 1 17:42:00 p15107535 /USR/SBIN/CRON[27007]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Mar 1 17:42:02 p15107535 proftpd[26990]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session opened.
Mar 1 17:42:02 p15107535 proftpd[26990]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session closed.
Mar 1 17:42:08 p15107535 proftpd[27000]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session opened.
Mar 1 17:42:08 p15107535 proftpd[27000]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session closed.
Mar 1 17:42:08 p15107535 proftpd[27003]: connect from 217.235.127.105 (217.235.127.105)
Mar 1 17:42:08 p15107535 sshd[27016]: Did not receive identification string from 217.235.127.105.
Mar 1 17:42:18 p15107535 proftpd[27003]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session opened.
Mar 1 17:42:18 p15107535 proftpd[27003]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session closed.
das soweit sollte aber nix passiert sein oder? (sehe ja nur connetes und keine logins)
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 109
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 98
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 119
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 135
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 156
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 179
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 311
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 371
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 389
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 407
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 427
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 445
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 512
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 513
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 799
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 800
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 901
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 993
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 995
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 42
Mar 1 17:41:43 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1002
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 901
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 993
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 995
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 42
Mar 1 17:41:43 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1002
Mar 1 17:41:43 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:44 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 43
Mar 1 17:41:44 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:44 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1002
Mar 1 17:41:44 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:44 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1002
Mar 1 17:41:44 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:44 p15107535 /usr/sbin/named[10538]: client 217.235.127.105#4337: message class could not be determined
Mar 1 17:41:45 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1015
Mar 1 17:41:45 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:45 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1015
Mar 1 17:41:45 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:46 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 68
Mar 1 17:41:46 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:46 p15107535 portsentry[27602]: attackalert: TCP SYN/Normal scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to TCP port: 1015
Mar 1 17:41:46 p15107535 portsentry[27602]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:46 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 69
Mar 1 17:41:46 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:47 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 88
Mar 1 17:41:47 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:48 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 111
Mar 1 17:41:48 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:49 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 135
Mar 1 17:41:49 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:51 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 143
Mar 1 17:41:51 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:52 p15107535 proftpd[26990]: connect from 217.235.127.105 (217.235.127.105)
Mar 1 17:41:52 p15107535 popper[26992]: connect from 217.235.127.105 (217.235.127.105)
Mar 1 17:41:52 p15107535 imapd[26997]: connect from 217.235.127.105 (217.235.127.105)
Mar 1 17:41:52 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 162
Mar 1 17:41:52 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:53 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 445
Mar 1 17:41:53 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:54 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 514
Mar 1 17:41:54 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:54 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 517
Mar 1 17:41:54 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:56 p15107535 portsentry[27604]: attackalert: UDP scan from host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 to UDP port: 749
Mar 1 17:41:56 p15107535 portsentry[27604]: attackalert: Host: pD9EB7F69.dip.t-dialin.net/217.235.127.105 is already blocked Ignoring
Mar 1 17:41:58 p15107535 proftpd[27000]: connect from 217.235.127.105 (217.235.127.105)
Mar 1 17:42:00 p15107535 /USR/SBIN/CRON[27007]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Mar 1 17:42:02 p15107535 proftpd[26990]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session opened.
Mar 1 17:42:02 p15107535 proftpd[26990]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session closed.
Mar 1 17:42:08 p15107535 proftpd[27000]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session opened.
Mar 1 17:42:08 p15107535 proftpd[27000]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session closed.
Mar 1 17:42:08 p15107535 proftpd[27003]: connect from 217.235.127.105 (217.235.127.105)
Mar 1 17:42:08 p15107535 sshd[27016]: Did not receive identification string from 217.235.127.105.
Mar 1 17:42:18 p15107535 proftpd[27003]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session opened.
Mar 1 17:42:18 p15107535 proftpd[27003]: p15107535.pureserver.info (pD9EB7F69.dip.t-dialin.net[217.235.127.105]) - FTP session closed.
das soweit sollte aber nix passiert sein oder? (sehe ja nur connetes und keine logins)
