This is a notification of unauthorized use of systems or networks.
The log of TCP port scans is included below for your reference
(time zone is UTC). To prevent this mail from getting too big in size,
at most 5 attempts from each attacker IP are included.
If you regularly collect IP traffic information of your network, you will see
the IPs listed connected to various TCP ports of my server at the time logged,
and I suspect that they also connected to TCP ports of many other IPs.
If a Linux system was at the attacker's IP, you might want to use the
command "netstat -ntp" to list its active network connections. If there
is still some suspicious connection, find out what PID/program/user ID they
belong to. You might find something to help you solve this problem.
Please notify the victims (owners of those botnet computers) so that they
can take appropriate action to clean their computers, before even
more severe incidents, like data leakage, DDoS, and the rumored NSA spying
through hijacked botnets, arise. This also helps prevent botnets from
taking up your network bandwidth.
(time in UTC)=2022-02-28T19:54:14 (attacker's IP)=35.72.5.xxx (IP being scanned)=185^106^122^18 (TCP port being scanned)=9852
(time in UTC)=2022-02-28T19:57:13 (attacker's IP)=35.72.5.xxx(IP being scanned)=66^23^246^124 (TCP port being scanned)=9890
(time in UTC)=2022-02-28T19:59:28 (attacker's IP)=35.72.5.xxx (IP being scanned)=91^203^192^19 (TCP port being scanned)=2363
(time in UTC)=2022-02-28T20:00:03 (attacker's IP)=35.72.5.xxx(IP being scanned)=45^15^179^90 (TCP port being scanned)=4640
(time in UTC)=2022-02-28T22:24:50 (attacker's IP)=35.72.5.xxx (IP being scanned)=185^178^44^132 (TCP port being scanned)=5605
>>> |