Eratus
Verified User
Can anybody please help me with this:
Subject: Security incident originating from your network - 41.168.6.65 (ID#110330-3T34)
To the ns1.theweb.co.za/theweb.co.za/neotel.co.za/as6453.net security or network administrators,
Hello from AT&T Hosting and Applications Services. I am a Security Engineer here trying to track down a security incident that appears to have originated from your network on March 30, 2011. Please investigate a TCP sweep of port 22 from the IP 41.168.6.65 (ns1.theweb.co.za) and inform me of the results (account cancelled, user warned, etc). I will require this information in order to close the ticket on this activity. I have attached a portion of the log details as evidence. All times are EDT (GMT -4).
(NOTE: This is an automated email response to the incoming scan/attack.)
04:04:59 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=467,dp=22,min=206.16.128.0,max=206.16.141.250,Mar30-03:59:42,Mar30-03:59:42) (MOW-Piscat01)
04:05:23 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=395,dp=22,min=209.62.132.0,max=209.62.132.253,Mar30-04:05:22,Mar30-04:05:23) (USI-corpids1)
04:05:30 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=640,dp=22,min=209.62.145.0,max=209.62.157.255,Mar30-04:05:23,Mar30-04:05:23) (USI-neids1)
04:06:44 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=627,dp=22,min=209.62.133.0,max=209.62.138.255,Mar30-04:05:23,Mar30-04:05:23) (USI-corpids1)
04:08:15 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=152,dp=22,min=209.135.36.1,max=209.135.33.250,Mar30-04:08:14,Mar30-04:08:15) (USI-mdsxass01)
04:08:15 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=635,dp=22,min=209.135.34.0,max=209.135.40.255,Mar30-04:08:15,Mar30-04:08:15) (USI-neids1)
04:08:25 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=842,dp=22,min=209.135.45.0,max=209.135.60.255,Mar30-04:08:15,Mar30-04:08:15) (USI-neids1)
04:08:51 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=219,dp=22,min=209.135.45.0,max=209.135.60.255,Mar30-04:08:15,Mar30-04:08:15) (USI-mdsxass01)
AT&T Hosting and Application Services Information Assurance Group [email protected]
Neotel is a level 3 B-BBEE contributor. EmpowerLogic Rating: EE
Note
Information about Neotel directors and registration number is available at
Subject: Security incident originating from your network - 41.168.6.65 (ID#110330-3T34)
To the ns1.theweb.co.za/theweb.co.za/neotel.co.za/as6453.net security or network administrators,
Hello from AT&T Hosting and Applications Services. I am a Security Engineer here trying to track down a security incident that appears to have originated from your network on March 30, 2011. Please investigate a TCP sweep of port 22 from the IP 41.168.6.65 (ns1.theweb.co.za) and inform me of the results (account cancelled, user warned, etc). I will require this information in order to close the ticket on this activity. I have attached a portion of the log details as evidence. All times are EDT (GMT -4).
(NOTE: This is an automated email response to the incoming scan/attack.)
04:04:59 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=467,dp=22,min=206.16.128.0,max=206.16.141.250,Mar30-03:59:42,Mar30-03:59:42) (MOW-Piscat01)
04:05:23 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=395,dp=22,min=209.62.132.0,max=209.62.132.253,Mar30-04:05:22,Mar30-04:05:23) (USI-corpids1)
04:05:30 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=640,dp=22,min=209.62.145.0,max=209.62.157.255,Mar30-04:05:23,Mar30-04:05:23) (USI-neids1)
04:06:44 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=627,dp=22,min=209.62.133.0,max=209.62.138.255,Mar30-04:05:23,Mar30-04:05:23) (USI-corpids1)
04:08:15 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=152,dp=22,min=209.135.36.1,max=209.135.33.250,Mar30-04:08:14,Mar30-04:08:15) (USI-mdsxass01)
04:08:15 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=635,dp=22,min=209.135.34.0,max=209.135.40.255,Mar30-04:08:15,Mar30-04:08:15) (USI-neids1)
04:08:25 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=842,dp=22,min=209.135.45.0,max=209.135.60.255,Mar30-04:08:15,Mar30-04:08:15) (USI-neids1)
04:08:51 41.168.6.65 0.0.0.0 [TCP-SWEEP] (total=219,dp=22,min=209.135.45.0,max=209.135.60.255,Mar30-04:08:15,Mar30-04:08:15) (USI-mdsxass01)
AT&T Hosting and Application Services Information Assurance Group [email protected]
Neotel is a level 3 B-BBEE contributor. EmpowerLogic Rating: EE
Note
Information about Neotel directors and registration number is available at