全球主机交流论坛

标题: 收到这个玩意，啥意思？？？？？？？ [打印本页]

作者: 咖啡 时间: 2011-11-28 07:39
标题: 收到这个玩意，啥意思？？？？？？？
We have received a report of suspicious network activity involving a system under your management.  Details have been included at the end of this message.

Please investigate the claim and immediately let us know what you find.  Be sure to include details of actions taken to prevent further abuse.

We look forward to your prompt response.

Note:  If this is a critical matter or additional reports are received, we may need to immediately deactivate the system until the matter can be addressed.

Sincerely,

BurstNET Abuse Department
BurstNET BASIC POLICY & SERVICE GUIDELINES (AUP)
https://www.burst.net/policy/terms.shtml [US]
http://burstnet.eu/policy/terms.shtml [EU]

-----------------------------------------------------------------------
*** If an adequate response is not received within 24 hours,
service may be suspended and a $50.00 fee will be assessed.
-----------------------------------------------------------------------
Re: [TR #2331035] 184.22.197.235 blocked at caltech.edu
184.22.197.235 was observed probing caltech.edu for security holes. It
has been blocked at our border routers. It may be compromised.

For more info contact [email protected]
Please include the entire subject line of the original message

--RuthAnne

(time zone of log is PST, which is UTC-08:00, date is MMDD)
log entries are from Cisco netflow, time is flow start time
date.time srcIP srcPort dstIP dstPort proto #pkts
1126.21:47:47.495 184.22.197.235 4310 131.215.28.54 3389 6 3
1126.22:08:08.404 184.22.197.235 4935 131.215.55.3 3389 6 1
1126.23:52:17.967 184.22.197.235 4935 131.215.252.171 3389 6 1
1127.03:16:29.590 184.22.197.235 4935 134.4.29.8 3389 6 1
1127.04:12:15.720 184.22.197.235 4935 134.4.238.6 3389 6 1
1127.04:40:06.915 184.22.197.235 4935 131.215.74.43 3389 6 1
1127.04:45:48.684 184.22.197.235 4935 131.215.24.98 3389 6 1
1127.05:10:22.583 184.22.197.235 4935 131.215.188.234 3389 6 1
1127.05:48:15.867 184.22.197.235 4935 134.4.39.87 3389 6 1
1127.05:59:40.548 184.22.197.235 4935 131.215.20.155 3389 6 1
1127.07:03:58.020 184.22.197.235 4935 131.215.69.20 3389 6 1
1127.07:10:31.159 184.22.197.235 4935 131.215.51.139 3389 6 1
1127.07:29:37.516 184.22.197.235 4935 134.4.5.179 3389 6 1
1127.08:03:03.168 184.22.197.235 4935 134.4.198.169 3389 6 1

contact info from
: spamcop hosttracker

作者: qiqibian 时间: 2011-11-28 07:41
你扫描人家的端口了？

扫描3389啊

its.caltech.edu

它让你自行检查你对了了什么然后给他们发报告

[ 本帖最后由 qiqibian 于 2011-11-28 07:44 编辑 ]

作者: 咖啡 时间: 2011-11-28 07:42

原帖由 qiqibian 于 2011-11-28 07:41 发表
你扫描人家的端口了？

its.caltech.edu

帮人代购的。。我叉了

作者: dotww 时间: 2011-11-28 07:44
If an adequate response is not received within 24 hours,
service may be suspended and a $50.00 fee will be assessed.
请于24小时内回复,
否则关你服务,罚你款.

作者: 咖啡 时间: 2011-11-28 07:45

原帖由 dotww 于 2011-11-28 07:44 发表
If an adequate response is not received within 24 hours,
service may be suspended and a $50.00 fee will be assessed.
请于24小时内回复,
否则关你服务,罚你款.

直接回复，还是回复[email protected]这个邮箱。

作者: qiqibian 时间: 2011-11-28 07:45

原帖由咖啡于 2011-11-28 07:45 发表

直接回复，还是回复[email protected]这个邮箱。

作者: 咖啡 时间: 2011-11-28 07:48

原帖由 qiqibian 于 2011-11-28 07:45 发表

回复84

直接回复发这封邮件给我的那个邮箱？？[email protected]

作者: 嫦娥战织女 时间: 2011-11-28 07:49
而且还要附带上详细details让你说明以后怎么避免这样的情况发生?

Be sure to include details of actions taken to prevent further abuse.

作者: 用户名 时间: 2011-11-28 07:55
你个坏蛋

作者: 咖啡 时间: 2011-11-28 08:07

你妹，都说是帮别人搞的。。我是受害人

作者: 格格男 时间: 2011-11-28 08:16
提示: 作者被禁止或删除内容自动屏蔽

作者: yu.gs尊 时间: 2011-11-28 09:16
TK TK

欢迎光临全球主机交流论坛 (https://hostloc.onozo.cc/)