tcp:22 - a Sampler
Sorted by date and time
From apache Sun Apr 7 21:15:25 2002
To: toot@sparky.finchhaven.net
Subject: ACID Incident Report
From: ACID Alert
Generated by ACID v0.9.6b21 on Sun April 07, 2002 21:15:25
------------------------------------------------------------------------------
#(1 - 233) [2002-01-04 10:48:23] TCP to 22 ssh
IPv4: 195.92.224.71 -> 12.82.142.6
hlen=5 TOS=0 dlen=40 ID=56495 flags=0 offset=0 TTL=240 chksum=45091
TCP: port=22 -> dport: 22 flags=******S* seq=2042710584
ack=2044086944 off=5 res=0 win=40 urp=0 chksum=59681
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(1 - 563) [2002-01-05 02:39:36] TCP to 22 ssh
IPv4: 213.52.143.194 -> 12.82.129.125
hlen=5 TOS=0 dlen=60 ID=64024 flags=0 offset=0 TTL=47 chksum=24285
TCP: port=4411 -> dport: 22 flags=******S* seq=523786626
ack=0 off=10 res=0 win=32120 urp=0 chksum=59039
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=910CD61000000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(1 - 675) [2002-01-06 15:12:33] TCP to 22 ssh
IPv4: 62.144.164.13 -> 12.82.135.47
hlen=5 TOS=0 dlen=40 ID=637 flags=0 offset=0 TTL=234 chksum=22580
TCP: port=22 -> dport: 22 flags=******S* seq=91061226
ack=1255049997 off=5 res=0 win=40 urp=0 chksum=57916
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(1 - 691) [2002-01-06 18:07:51] spp_stream4: STEALTH ACTIVITY (SYN FIN scan) detection
IPv4: 65.66.80.53 -> 12.82.135.47
hlen=5 TOS=0 dlen=40 ID=39426 flags=0 offset=0 TTL=27 chksum=57557
TCP: port=22 -> dport: 22 flags=******SF seq=187883207
ack=330388495 off=5 res=0 win=1028 urp=0 chksum=13567
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(1 - 703) [2002-01-06 22:08:54] TCP to 22 ssh
IPv4: 4.33.255.234 -> 12.82.140.18
hlen=5 TOS=0 dlen=40 ID=3806 flags=0 offset=0 TTL=121 chksum=38530
TCP: port=22 -> dport: 22 flags=******S* seq=18566812
ack=1052593959 off=5 res=0 win=14628 urp=0 chksum=64646
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(1 - 2355) [2002-01-08 18:23:00] TCP to 22 ssh
IPv4: 211.120.40.98 -> 12.82.135.198
hlen=5 TOS=0 dlen=60 ID=29034 flags=0 offset=0 TTL=48 chksum=18783
TCP: port=51351 -> dport: 22 flags=******S* seq=2083585964
ack=0 off=10 res=0 win=32120 urp=0 chksum=47867
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=002B3AEA00000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(1 - 2356) [2002-01-08 18:23:03] TCP to 22 ssh
IPv4: 211.120.40.98 -> 12.82.135.198
hlen=5 TOS=0 dlen=60 ID=31242 flags=0 offset=0 TTL=48 chksum=16575
TCP: port=51351 -> dport: 22 flags=******S* seq=2083585964
ack=0 off=10 res=0 win=32120 urp=0 chksum=47567
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=002B3C1600000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(1 - 2383) [2002-01-09 06:33:19] TCP to 22 ssh
IPv4: 209.9.142.70 -> 12.82.140.124
hlen=5 TOS=0 dlen=40 ID=58430 flags=0 offset=0 TTL=117 chksum=26995
TCP: port=22 -> dport: 22 flags=******S* seq=1503215557
ack=372886510 off=5 res=0 win=49604 urp=0 chksum=31309
Payload: none
------------------------------------------------------------------------------
#(1 - 2295) [2002-01-09 06:33:19] TCP to 22 ssh
IPv4: 209.9.142.70 -> 12.82.140.124
hlen=5 TOS=0 dlen=40 ID=58430 flags=0 offset=0 TTL=117 chksum=26995
TCP: port=22 -> dport: 22 flags=******S* seq=1503215557
ack=372886510 off=5 res=0 win=49604 urp=0 chksum=31309
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(7 - 68) [2002-03-29 01:43:01] TCP to 22 ssh
IPv4: 193.98.117.121 -> 12.82.128.251
hlen=5 TOS=0 dlen=40 ID=64056 flags=0 offset=0 TTL=105 chksum=37742
TCP: port=22 -> dport: 22 flags=******S* seq=1683234732
ack=940811076 off=5 res=0 win=58205 urp=0 chksum=43223
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(9 - 18) [2002-03-30 00:09:07] TCP to 22 ssh
IPv4: 12.82.128.93 -> 12.82.128.102
hlen=5 TOS=0 dlen=48 ID=47581 flags=0 offset=0 TTL=127 chksum=10371
TCP: port=2958 -> dport: 22 flags=******S* seq=1368396520
ack=0 off=7 res=0 win=8760 urp=0 chksum=55139
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(9 - 918) [2002-03-30 05:25:47] TCP to 22 ssh
IPv4: 211.100.7.73 -> 12.82.128.102
hlen=5 TOS=0 dlen=40 ID=57448 flags=0 offset=0 TTL=123 chksum=63489
TCP: port=22 -> dport: 22 flags=******S* seq=1014184682
ack=1728109841 off=5 res=0 win=46686 urp=0 chksum=54914
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 3) [2002-04-03 15:14:54] TCP to 22 ssh
IPv4: 217.18.32.99 -> 12.82.140.49
hlen=5 TOS=0 dlen=40 ID=11873 flags=0 offset=0 TTL=119 chksum=33654
TCP: port=22 -> dport: 22 flags=******S* seq=1404691935
ack=1058809344 off=5 res=0 win=30745 urp=0 chksum=1775
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(35 - 28) [2002-04-07 01:30:33] TCP to 22 ssh
IPv4: 12.101.145.18 -> 12.82.128.101
hlen=5 TOS=0 dlen=40 ID=54448 flags=0 offset=0 TTL=119 chksum=17649
TCP: port=22 -> dport: 22 flags=******S* seq=407543226
ack=2012618564 off=5 res=0 win=18407 urp=0 chksum=61537
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(37 - 12) [2002-04-07 15:29:13] TCP to 22 ssh
IPv4: 202.106.92.169 -> 12.82.131.190
hlen=5 TOS=0 dlen=40 ID=63184 flags=0 offset=0 TTL=115 chksum=39387
TCP: port=22 -> dport: 22 flags=******S* seq=1880876825
ack=1503723350 off=5 res=0 win=28892 urp=0 chksum=55177
Payload: none
------------------------------------------------------------------------------
jsage@finchhaven.com
Last modified: Sun Apr 7 21:19:54 2002