|
|
Hello,
This is a notification of unauthorized uses of systems or networks.
On July 25, 2022, a total of 2 IP addresses from your networks
probed my servers for TCP open ports. Due to their dubious behavior, they
are suspected to be compromised botnet computers.
The log of TCP port scans is included below for your reference
(time zone is UTC). To prevent this mail from getting too big in size,
at most 5 attempts from each attacker IP are included. Those connection
attempts have all passed TCP's 3-way handshake, so you can trust the source
IP addresses to be correct.
If you regularly collect IP traffic information of your network, you will see
the IPs listed connected to various TCP ports of my server at the time logged,
and I suspect that they also connected to TCP ports of many other IPs.
If a Linux system was at the attacker's IP, you might want to use the
command "netstat -ntp" to list its active network connections. If there
is still some suspicious connection, find out what PID/program/user ID they
belong to. You might find something to help you solve this problem.
Please notify the victims (owners of those botnet computers) so that they
can take appropriate action to clean their computers, before even
more severe incidents, like data leakage, DDoS, and the rumored NSA spying
through hijacked botnets, arise. This also helps prevent botnets from
taking up your network bandwidth.
Chih-Cherng Chin
Daily Botnet Statistics
---- log of TCP port scans (time zone is UTC; sent to [email protected]) ----
-------------------------------------------------------------------------------
(time in UTC)=2022-07-25T23:12:06 (attacker's IP)=194.87.93.104 (IP being
scanned)=207^2^120^208 (TCP port being scanned)=4807
(time in UTC)=2022-07-25T23:12:12 (attacker's IP)=194.87.93.104 (IP being
scanned)=61^61^171^183 (TCP port being scanned)=10535
(time in UTC)=2022-07-25T23:12:54 (attacker's IP)=194.87.93.104 (IP being
scanned)=207^2^120^208 (TCP port being scanned)=9179
(time in UTC)=2022-07-25T23:13:03 (attacker's IP)=194.87.93.104 (IP being
scanned)=207^2^120^208 (TCP port being scanned)=3105
(time in UTC)=2022-07-25T23:13:32 (attacker's IP)=194.87.93.104 (IP being
scanned)=45^15^179^90 (TCP port being scanned)=11226
(time in UTC)=2022-07-25T10:37:05 (attacker's IP)=194.87.96.135 (IP being
scanned)=207^2^120^208 (TCP port being scanned)=55672
(time in UTC)=2022-07-25T10:39:34 (attacker's IP)=194.87.96.135 (IP being
scanned)=207^2^120^208 (TCP port being scanned)=51521
(time in UTC)=2022-07-25T10:57:43 (attacker's IP)=194.87.96.135 (IP being
scanned)=141^98^134^44 (TCP port being scanned)=3890
(time in UTC)=2022-07-25T10:59:36 (attacker's IP)=194.87.96.135 (IP being
scanned)=207^2^120^208 (TCP port being scanned)=53866
(time in UTC)=2022-07-25T11:01:47 (attacker's IP)=194.87.96.135 (IP being
scanned)=185^164^137^31 (TCP port being scanned)=10884
看来还真是被拿去干好人好事了。。。。 |
|
发表于 2022-7-28 08:52:47
楼主