<div dir="ltr"><div>[root@fly-obnosis-com asil]# nmap 110.173.96.6</div><div><br></div><div>Starting Nmap 6.25 ( <a href="http://nmap.org">http://nmap.org</a> ) at 2013-09-25 13:34 MST</div><div>Nmap scan report for 110.173.96.6</div>
<div>Host is up (0.21s latency).</div><div>Not shown: 993 closed ports</div><div>PORT STATE SERVICE</div><div>25/tcp filtered smtp</div><div>135/tcp filtered msrpc</div><div>139/tcp filtered netbios-ssn</div><div>
445/tcp filtered microsoft-ds</div><div>1025/tcp open NFS-or-IIS</div><div>1028/tcp open unknown</div><div>3389/tcp open ms-wbt-server</div><div><br></div><div>Nmap done: 1 IP address (1 host up) scanned in 20.84 seconds</div>
<div>[root@fly-obnosis-com asil]# </div><div><br></div><div>This IP is from denyhosts for people trying to get into a mail server via port 22.</div><div><br></div><div>Of course the server administrators are clearly not going to be the "responsible party"; it's a script kiddie hacker someplace looking for a mail server they can use semi anonymously.</div>
<div><br></div><div>Another white-hat action would be to swip whois the ips and report the access attempts to their administrators with a short contextual message (for the complete idiot) related to what exactly this could mean. Of course logs are required (date/time [from denyhost logs]).</div>
<br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">DenyHosts</b> <span dir="ltr"><nobodymail.obnosis.com@mail.localdomain></span><br>Date: Wed, Sep 25, 2013 at 6:13 AM<br>
Subject: DenyHosts Report from mail<br>To: <a href="mailto:lisakachold@obnosis.com">lisakachold@obnosis.com</a><br><br><br>Added the following hosts to /etc/hosts.deny:<br>
<br>
110.173.96.6 (unknown)<br>
<br>
----------------------------------------------------------------------<br>
</div><br>Here's the rest of the denyhosts entries:<div><br></div><div><br clear="all"><div><div>root@mail ~]# cat /etc/hosts.deny</div><div>#</div><div># hosts.deny<span class="" style="white-space:pre"> </span>This file describes the names of the hosts which are</div>
<div>#<span class="" style="white-space:pre"> </span>*not* allowed to use the local INET services, as decided</div><div>#<span class="" style="white-space:pre"> </span>by the '/usr/sbin/tcpd' server.</div><div>#</div>
<div># DenyHosts: Thu Aug 29 11:18:13 2013 | sshd: 24.39.234.235</div><div>sshd: 24.39.234.235</div><div># DenyHosts: Thu Aug 29 18:13:13 2013 | sshd: 82.165.46.72</div><div>sshd: 82.165.46.72</div><div># DenyHosts: Fri Aug 30 02:14:44 2013 | sshd: 61.143.33.222</div>
<div>sshd: 61.143.33.222</div><div># DenyHosts: Fri Aug 30 17:18:44 2013 | sshd: 116.204.96.233</div><div>sshd: 116.204.96.233</div><div># DenyHosts: Fri Aug 30 19:21:45 2013 | sshd: 200.199.74.91</div><div>sshd: 200.199.74.91</div>
<div># DenyHosts: Fri Aug 30 21:32:15 2013 | sshd: 189.165.162.112</div><div>sshd: 189.165.162.112</div><div># DenyHosts: Sat Aug 31 06:34:15 2013 | sshd: 188.132.176.143</div><div>sshd: 188.132.176.143</div><div># DenyHosts: Sat Aug 31 19:35:16 2013 | sshd: 211.154.154.238</div>
<div>sshd: 211.154.154.238</div><div># DenyHosts: Sat Aug 31 23:40:46 2013 | sshd: 183.62.48.44</div><div>sshd: 183.62.48.44</div><div># DenyHosts: Sun Sep 1 06:58:47 2013 | sshd: 192.95.25.121</div><div>sshd: 192.95.25.121</div>
<div># DenyHosts: Sun Sep 1 19:31:47 2013 | sshd: 211.147.80.2</div><div>sshd: 211.147.80.2</div><div># DenyHosts: Tue Sep 3 01:46:58 2013 | sshd: 61.167.199.232</div><div>sshd: 61.167.199.232</div><div># DenyHosts: Tue Sep 3 10:46:28 2013 | sshd: 210.245.23.136</div>
<div>sshd: 210.245.23.136</div><div># DenyHosts: Tue Sep 3 14:07:58 2013 | sshd: 188.190.98.6</div><div>sshd: 188.190.98.6</div><div># DenyHosts: Wed Sep 4 18:22:29 2013 | sshd: 218.64.114.103</div><div>sshd: 218.64.114.103</div>
<div># DenyHosts: Thu Sep 5 01:45:59 2013 | sshd: 111.92.237.209</div><div>sshd: 111.92.237.209</div><div># DenyHosts: Thu Sep 5 04:00:00 2013 | sshd: 117.41.237.226</div><div>sshd: 117.41.237.226</div><div># DenyHosts: Thu Sep 5 05:47:30 2013 | sshd: 113.107.101.234</div>
<div>sshd: 113.107.101.234</div><div># DenyHosts: Thu Sep 5 09:28:01 2013 | sshd: 189.26.255.11</div><div>sshd: 189.26.255.11</div><div># DenyHosts: Thu Sep 5 10:44:31 2013 | sshd: 66.199.146.126</div><div>sshd: 66.199.146.126</div>
<div># DenyHosts: Thu Sep 5 19:58:02 2013 | sshd: 75.126.186.26</div><div>sshd: 75.126.186.26</div><div># DenyHosts: Fri Sep 6 01:44:02 2013 | sshd: 222.219.187.9</div><div>sshd: 222.219.187.9</div><div># DenyHosts: Fri Sep 6 02:41:32 2013 | sshd: 190.29.99.249</div>
<div>sshd: 190.29.99.249</div><div># DenyHosts: Fri Sep 6 03:40:33 2013 | sshd: 123.126.133.131</div><div>sshd: 123.126.133.131</div><div># DenyHosts: Fri Sep 6 04:27:33 2013 | sshd: 61.7.235.203</div><div>sshd: 61.7.235.203</div>
<div># DenyHosts: Sat Sep 7 00:41:33 2013 | sshd: 79.142.244.1</div><div>sshd: 79.142.244.1</div><div># DenyHosts: Sat Sep 7 00:50:04 2013 | sshd: 210.74.146.146</div><div>sshd: 210.74.146.146</div><div># DenyHosts: Sun Sep 8 03:37:04 2013 | sshd: 217.16.12.167</div>
<div>sshd: 217.16.12.167</div><div># DenyHosts: Sun Sep 8 22:30:35 2013 | sshd: 82.165.133.118</div><div>sshd: 82.165.133.118</div><div># DenyHosts: Tue Sep 10 04:21:05 2013 | sshd: 75.134.81.100</div><div>sshd: 75.134.81.100</div>
<div># DenyHosts: Tue Sep 10 14:42:35 2013 | sshd: 193.104.68.210</div><div>sshd: 193.104.68.210</div><div># DenyHosts: Tue Sep 10 23:03:36 2013 | sshd: 219.138.203.198</div><div>sshd: 219.138.203.198</div><div># DenyHosts: Wed Sep 11 06:49:36 2013 | sshd: 172.246.131.170</div>
<div>sshd: 172.246.131.170</div><div># DenyHosts: Wed Sep 11 20:08:07 2013 | sshd: 199.96.132.165</div><div>sshd: 199.96.132.165</div><div># DenyHosts: Thu Sep 12 00:04:07 2013 | sshd: 79.143.184.12</div><div>sshd: 79.143.184.12</div>
<div># DenyHosts: Thu Sep 12 11:17:08 2013 | sshd: 221.226.56.22</div><div>sshd: 221.226.56.22</div><div># DenyHosts: Thu Sep 12 13:20:08 2013 | sshd: 137.175.46.104</div><div>sshd: 137.175.46.104</div><div># DenyHosts: Thu Sep 12 15:06:38 2013 | sshd: 185.10.201.128</div>
<div>sshd: 185.10.201.128</div><div># DenyHosts: Thu Sep 12 18:53:39 2013 | sshd: 121.134.21.116</div><div>sshd: 121.134.21.116</div><div># DenyHosts: Fri Sep 13 00:06:39 2013 | sshd: 24.156.69.160</div><div>sshd: 24.156.69.160</div>
<div># DenyHosts: Sat Sep 14 01:53:10 2013 | sshd: 218.108.0.91</div><div>sshd: 218.108.0.91</div><div># DenyHosts: Sat Sep 14 04:03:40 2013 | sshd: 122.154.162.3</div><div>sshd: 122.154.162.3</div><div># DenyHosts: Sat Sep 14 12:06:41 2013 | sshd: 85.91.136.121</div>
<div>sshd: 85.91.136.121</div><div># DenyHosts: Sat Sep 14 19:49:41 2013 | sshd: 112.216.82.130</div><div>sshd: 112.216.82.130</div><div># DenyHosts: Sat Sep 14 20:14:42 2013 | sshd: 210.51.10.65</div><div>sshd: 210.51.10.65</div>
<div># DenyHosts: Sat Sep 14 20:15:12 2013 | sshd: 182.18.31.165</div><div>sshd: 182.18.31.165</div><div># DenyHosts: Sun Sep 15 19:27:12 2013 | sshd: 61.191.23.99</div><div>sshd: 61.191.23.99</div><div># DenyHosts: Sun Sep 15 23:41:13 2013 | sshd: 118.218.197.140</div>
<div>sshd: 118.218.197.140</div><div># DenyHosts: Mon Sep 16 00:45:43 2013 | sshd: 112.78.3.234</div><div>sshd: 112.78.3.234</div><div># DenyHosts: Mon Sep 16 10:44:04 2013 | sshd: 1.229.248.167</div><div>sshd: 1.229.248.167</div>
<div># DenyHosts: Mon Sep 16 19:10:05 2013 | sshd: 61.142.106.34</div><div>sshd: 61.142.106.34</div><div># DenyHosts: Tue Sep 17 06:08:05 2013 | sshd: 123.30.143.150</div><div>sshd: 123.30.143.150</div><div># DenyHosts: Tue Sep 17 12:41:36 2013 | sshd: 195.143.228.59</div>
<div>sshd: 195.143.228.59</div><div># DenyHosts: Tue Sep 17 23:20:36 2013 | sshd: 202.115.159.143</div><div>sshd: 202.115.159.143</div><div># DenyHosts: Wed Sep 18 14:01:36 2013 | sshd: 5.199.137.222</div><div>sshd: 5.199.137.222</div>
<div># DenyHosts: Wed Sep 18 16:19:07 2013 | sshd: 220.178.18.67</div><div>sshd: 220.178.18.67</div><div># DenyHosts: Thu Sep 19 04:59:37 2013 | sshd: 203.212.67.4</div><div>sshd: 203.212.67.4</div><div># DenyHosts: Thu Sep 19 09:48:38 2013 | sshd: 218.48.11.130</div>
<div>sshd: 218.48.11.130</div><div># DenyHosts: Fri Sep 20 04:25:08 2013 | sshd: 183.232.32.24</div><div>sshd: 183.232.32.24</div><div># DenyHosts: Fri Sep 20 14:45:39 2013 | sshd: 189.109.86.114</div><div>sshd: 189.109.86.114</div>
<div># DenyHosts: Sat Sep 21 03:46:10 2013 | sshd: 74.207.240.217</div><div>sshd: 74.207.240.217</div><div># DenyHosts: Sat Sep 21 18:36:10 2013 | sshd: 93.157.99.122</div><div>sshd: 93.157.99.122</div><div># DenyHosts: Sun Sep 22 00:24:11 2013 | sshd: 219.245.190.5</div>
<div>sshd: 219.245.190.5</div><div># DenyHosts: Mon Sep 23 11:39:41 2013 | sshd: 141.105.66.152</div><div>sshd: 141.105.66.152</div><div># DenyHosts: Mon Sep 23 13:26:42 2013 | sshd: 88.150.232.218</div><div>sshd: 88.150.232.218</div>
<div># DenyHosts: Mon Sep 23 17:45:42 2013 | sshd: 115.239.249.9</div><div>sshd: 115.239.249.9</div><div># DenyHosts: Mon Sep 23 19:45:43 2013 | sshd: 203.201.42.237</div><div>sshd: 203.201.42.237</div><div># DenyHosts: Tue Sep 24 02:41:13 2013 | sshd: 1.215.228.107</div>
<div>sshd: 1.215.228.107</div><div># DenyHosts: Tue Sep 24 17:18:14 2013 | sshd: 60.190.217.184</div><div>sshd: 60.190.217.184</div><div># DenyHosts: Wed Sep 25 06:13:44 2013 | sshd: 110.173.96.6</div><div>sshd: 110.173.96.6</div>
</div><div><br></div><div><br></div><div>See:</div><div><br></div><div><div>[root@fly-obnosis-com asil]# nmap 115.239.249.9</div><div><br></div><div>Starting Nmap 6.25 ( <a href="http://nmap.org">http://nmap.org</a> ) at 2013-09-25 15:00 MST</div>
<div>Nmap scan report for 115.239.249.9</div><div>Host is up (0.21s latency).</div><div>Not shown: 994 closed ports</div><div>PORT STATE SERVICE</div><div>22/tcp open ssh</div><div>25/tcp filtered smtp</div>
<div>135/tcp filtered msrpc</div><div>139/tcp filtered netbios-ssn</div><div>445/tcp filtered microsoft-ds</div><div>4444/tcp filtered krb524</div><div><br></div><div>Nmap done: 1 IP address (1 host up) scanned in 14.81 seconds</div>
<div>[root@fly-obnosis-com asil]# </div></div><div><br></div><div>It's a veritable hackfest.</div><div><br></div><div>DISCLAIMER: Hacking any of these <ripe> targets, which clearly have already been hacked by others, could/should/might constitute illegal acts and consequences to you.</div>
<div><br></div><div>Warning, Warning, Warning!</div><div><br></div><div>But as you can see. There are great many clueless systems administrators and servers without management out there.</div>-- <br><div><br></div>(503) 754-4452 Android<br>
(623) 239-3392 Skype<br>(623) 688-3392 Google Voice<br>**<br><a href="http://it-clowns.com/c/" target="_blank">it-clowns.com</a><br>Chief Clown<br><br><br><br><br><br><br><br><br><br><br><br><br><br>
</div></div>