cipherdyne.org

Michael Rash, Security Researcher



psad Email Alert for mstream Agent

=-=-=-=-=-=-=-=-=-=-=-= Mon Mar 13 12:58:07 2006 =-=-=-=-=-=-=-=-=-=-=-=


         Danger level: [2] (out of 5)

    Scanned tcp ports: [15104: 1 packets]
            tcp flags: [SYN: 1 packets, Nmap: -sT or -sS]
       Iptables chain: INPUT (prefix "DROP"), 1 packets

               Source: 192.168.10.3
                  DNS: [No reverse dns info available]
             OS guess: Linux:2.5::Linux 2.5 (sometimes 2.4)

          Destination: 192.168.10.1
                  DNS: [No reverse dns info available]

      Syslog hostname: minastirith

     Current interval: Mon Mar 13 12:58:02 2006 (start)
                       Mon Mar 13 12:58:07 2006 (end)

   Overall scan start: Mon Mar 13 12:58:02 2006
   Total email alerts: 2
   Complete tcp range: [15104]

   chain:   interface:   tcp:   udp:   icmp:  
   INPUT    eth1         2      0      0      


[+] tcp scan signatures:

   "DDOS mstream client to handler"
        sid=249 chain=INPUT packets=1 dp=15104 flags=[SYN] No local server on tcp/15104

[+] Whois Information:

OrgName:    Internet Assigned Numbers Authority 
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US

NetRange:   192.168.0.0 - 192.168.255.255 
CIDR:       192.168.0.0/16 
NetName:    IANA-CBLK1
NetHandle:  NET-192-168-0-0-1
Parent:     NET-192-0-0-0-0
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 1918 for additional information.
Comment:    
RegDate:    1994-03-15
Updated:    2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number 
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number 
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org

# ARIN WHOIS database, last updated 2006-03-12 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

=-=-=-=-=-=-=-=-=-=-=-= Mon Mar 13 12:58:07 2006 =-=-=-=-=-=-=-=-=-=-=-=