RE: port scan attack

  • From: "Julian" <julian@xxxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 28 Feb 2002 02:20:31 -0000

NeoTrace Trace  Version 3.25  Results
Target: 210.155.134.241
Date: 28/02/2002 (Thursday), 02:18:38
Nodes: 18


Node Data
Node Net Reg IP Address      Location            Node Name
  18   1   - 210.155.134.241 TOKYO


Packet Data
Node High Low  Avg  Tot  Lost
  18  255  255  255    1    0


Network Data
Network id#: 1

  Rights restricted by copyright. See
http://www.apnic.net/db/dbcopyright.html
  (whois7.apnic.net)

inetnum:     210.144.0.0 - 210.159.255.255
netname:     JPNIC-NET-JP
descr:       Japan Network Information Center
country:     JP
admin-c:     JNIC1-AP
tech-c:      JNIC1-AP
remarks:     JPNIC Allocation Block
remarks:     Authoritative information regarding assignments and
remarks:     allocations made from within this block can also be
remarks:     queried at whois.nic.ad.jp. To obtain an English
remarks:     output query whois -h whois.nic.ad.jp x.x.x.x/e
mnt-by:      MAINT-JPNIC
changed:     apnic-ftp@xxxxxxxxx 19991208
source:      APNIC

role:        Japan Network Information Center
address:     Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
address:     Chiyoda-ku, Tokyo 101-0047, Japan
country:     JP
phone:       +81-3-5297-2311
fax-no:      +81-3-5297-2312
e-mail:      hostmaster@xxxxxxxxx
admin-c:     NM6-AP
tech-c:      YM15-AP
tech-c:      IK6-AP
tech-c:      KM19-AP
nic-hdl:     JNIC1-AP
mnt-by:      MAINT-JPNIC
changed:     apnic-ftp@xxxxxxxxx 19990629
changed:     hostmaster@xxxxxxxxx 20011011
source:      APNIC

inetnum:     210.155.128.0 - 210.155.131.255
netname:     MEX-CIDR-BLK-JP
descr:       Media Exchange Co., Inc.
country:     JP
admin-c:     SY294JP
tech-c:      YI001JP
remarks:     This information has been partially mirrored by APNIC from
remarks:     JPNIC. To obtain more specific information, please use the
remarks:     JPNIC whois server at whois.nic.ad.jp. (This defaults to
remarks:     Japanese output, use the /e switch for English output)
changed:     apnic-ftp@xxxxxxxxx 20020227
source:      JPNIC

inetnum:     210.155.128.0 - 210.155.131.255
netname:     MEX-ATM-BB1
descr:       Media EXchange Co.,Inc.
country:     JP
admin-c:     SY294JP
tech-c:      YI001JP
tech-c:      HT5100JP
remarks:     This information has been partially mirrored by APNIC from
remarks:     JPNIC. To obtain more specific information, please use the
remarks:     JPNIC whois server at whois.nic.ad.jp. (This defaults to
remarks:     Japanese output, use the /e switch for English output)
remarks:     This information has been partially mirrored by APNIC from
remarks:     JPNIC. To obtain more specific information, please use the
remarks:     JPNIC whois server at whois.nic.ad.jp. (This defaults to
remarks:     Japanese output, use the /e switch for English output)
changed:     apnic-ftp@xxxxxxxxx 19970829
changed:     apnic-ftp@xxxxxxxxx 20020227


Thats all the info I can find from here in the UK

Julian

  -----Original Message-----
  From: Marco Sin [mailto:msin@xxxxxxxx]
  Sent: 28 February 2002 02:07
  To: [ISAserver.org Discussion List]
  Subject: [isalist] port scan attack


  ISA Server name: FIREWALL

  ISA Server detected an all port scan attack from Internet Protocol (IP)
address 210.155.134.241.

  For more information about this event, see ISA Server Help.


  All port scan attack from this IP at 1:27am-1:35am(HK+8),total detected 17
times.
  I checked the IP come from Japan .Any body help me to check in
detail.Thank a lot!

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 02-2002