[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why is ADP port scanning ?



[Redacted]

This IP address was located in the log files
140.239.226.141 on Oct 8, 11 and 15th

When a search is performed on Arin it comes up with


HarvardNet, Inc. HTW-140BL (NET-140-239-0-0-1)
                                  140.239.0.0 - 140.239.255.255
Active Window Productions HTW-07227 (NET-140-239-226-129-1)
                                  140.239.226.129 - 140.239.226.190
# ARIN Whois database, last updated 2002-10-07 19:05
# Enter ? for additional hints on searching ARINís Whois database.
Oct  8 04:00:49 FILTER: RAF (30) block - warning TCP 
[140.239.226.141:36497]->[64.80.161.170:25] alarm dc0 l=0 f=0x2
Oct  8 04:00:37 FILTER: RAF (30) block - warning TCP 
[140.239.226.141:36497]->[64.80.161.170:25] alarm dc0 l=0 f=0x2
Oct  8 04:00:31 FILTER: RAF (30) block - warning TCP 
[140.239.226.141:36497]->[64.80.161.170:25] alarm dc0 l=0 f=0x2
Oct  8 04:00:28 FILTER: RAF (30) block - warning TCP 
[140.239.226.141:36497]->[64.80.161.170:25] alarm dc0 l=0 f=0x2


Search results for: ! NET-140-239-226-129-1
OrgName:    Active Window Productions
OrgID:      AWP

NetRange:   140.239.226.129 - 140.239.226.190
CIDR:       140.239.226.129/32, 140.239.226.130/31, 140.239.226.132/30, 
140.239.226.136/29, 140.239.226.144/28, 140.239.226.160/28, 
140.239.226.176/29, 140.239.226.184/30, 140.239.226.188/31, 
140.239.226.190/32
NetName:    HTW-07227
NetHandle:  NET-140-239-226-129-1
Parent:     NET-140-239-0-0-1
NetType:    Reassigned
Comment:
RegDate:    2000-11-07
Updated:    2000-11-07

TechHandle: MR50-ARIN
TechName:   Rosenstein, Mark
TechPhone:  +1-617-497-0088
TechEmail:  mar at actwin_com

Two more trys 10/15/02
    ALARM TYPE: Block

     IP PACKET: TCP  [140.239.226.141/33902]-->[64.80.161.170/25]  l=0 f=0x2

                    [wks141.actwin.com/33902]-->[64.80.161.170/smtp]



DETAILED DESCRIPTION:

	IP packet was rejected by filter 30.
    ALARM TYPE: Block

     IP PACKET: TCP  [140.239.226.141/33902]-->[64.80.161.170/25]  l=0 f=0x2

                    [wks141.actwin.com/33902]-->[64.80.161.170/smtp]



DETAILED DESCRIPTION:

	IP packet was rejected by filter 30.


On 10-11-02

    ALARM TYPE: Block

     IP PACKET: TCP  [140.239.226.141/59373]-->[64.80.161.170/25]  l=0 f=0x2

                    [wks141.actwin.com/59373]-->[64.80.161.170/smtp]



DETAILED DESCRIPTION:

	IP packet was rejected by filter 29.






_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963