Infiltrated dot Net

Seems like there were some busy attackers who got caught up in my honeypot this past weekend (01/16/2011). Apparently Egypt is becoming a hotspot of attackers logging in and attempting to place calls. The following are the attackers, numbers they called and other hosts who connected to my revamped honeypot (phorensix)

 

196.205.122.77 | ADN | VABL | 24863 | 196.205.122.0/23 | LINKdotNET | EG | LINK.COM.EG | LINK EGYPT
197.195.2.231 | ADN | VABL | 36992 | 197.192.0.0/13 | ETISALAT | EG | - | ETISALAT MISR
41.130.67.65 | ADN | VABL | 24863 | 41.130.64.0/22 | LINKdotNET | EG | LINK.COM.EG | LINK EGYPT
41.153.189.132 | ADN | VABL | 36992 | 41.153.0.0/16 | ETISALAT | EG | - | ETISALAT-MISR 3G SUBSCRIBERS
41.196.153.140 | ADN | VABL | 24863 | 41.196.152.0/23 | LINKdotNET | EG | LINK.COM.EG | AFRINIC
41.196.218.244 | ADN | VABL | 24863 | 41.196.218.0/23 | LINKdotNET | EG | LINK.COM.EG | AFRINIC
41.199.52.160 | ADN | VABL | 36992 | 41.199.32.0/19 | ETISALAT | EG | - | EGYNETPROVIDER
41.232.89.97 | ADN | VABL | 8452 | 41.232.88.0/21 | TE | EG | TEDATA.NET | 011251913410628
41.232.93.123 | ADN | VABL | 8452 | 41.232.93.0/24 | TE | EG | TEDATA.NET | AFRINIC
41.234.69.112 | ADN | VABL | 8452 | 41.234.68.0/22 | TE | EG | TEDATA.NET | AFRINIC
41.32.96.43 | ADN | VABL | 8452 | 41.32.0.0/12 | TE | EG | - | TE DATA
41.34.179.74 | ADN | VABL | 8452 | 41.32.0.0/12 | TE | EG | - | TE DATA
41.69.252.25 | ADN | VABL | 24835 | 41.68.0.0/15 | RAYA | EG | - | RAYA TELECOM
41.91.85.94 | ADN | VABL | 37069 | 41.91.64.0/18 | MOBINI | EG | - | MOBINIL AKA THE EHYPTIAN COMPANY FOR MOBILE SERVICES
41.196.136.2 | ADN | VABL | 24863 | 41.196.136.0/23 | LINKdotNET | EG | LINK.COM.EG | 01120110203201
41.34.57.168 | ADN | VABL | 8452 | 41.32.0.0/12 | TE | EG | - | TE DATA | 0112522200040
41.34.68.219 | ADN | VABL | 8452 | 41.32.0.0/12 | TE | EG | - | TE DATA | 0112522200044 
41.34.69.96 | ADN | VABL | 8452 | 41.32.0.0/12 | TE | EG | - | TE DATA | 01120172746665
41.239.202.73 | ADN | VABL | 8452 | 41.239.202.0/24 | TE | EG | TEDATA.NET | 01124606741
41.232.95.240 | ADN | VABL | 8452 | 41.232.88.0/21 | TE | EG | TEDATA.NET | 011253819161
41.232.95.95 | ADN | VABL | 8452 | 41.232.88.0/21 | TE | EG | TEDATA.NET | 0114473151422001
41.234.207.64 | ADN | VABL | 8452 | 41.234.204.0/22 | TE | EG | TEDATA.NET | 011201020606

 

Having no clients in Egypt, there is no reason for any of these hosts to be utilizing my system. Nevertheless, they wanted to try to place calls through the system. Below is a p0f list of some of these hosts, some of which attempted bruteforce, others came in via NAT to already existing connections, etc.:

 

41.130.0.167 - Windows 2000 SP2+, XP SP1
41.130.0.167 - Windows XP/2000
41.130.16.225 - Windows 2000 SP4, XP SP1
41.130.236.79 - Windows 2000 SP2+, XP SP1
41.130.67.65 - Windows 2000 SP2+, XP SP1
41.140.5.247 - Windows 2000 SP2+, XP SP1
41.141.12.113 - Windows 2000 SP2+, XP SP1
41.196.64.51 - Windows 2000 SP4, XP SP1
41.199.45.149 - Windows 2000 SP4, XP SP1
41.199.52.7 - Windows XP/2000 (RFC1323)
41.204.168.5 - Linux 2.6.8 and newer (?)
41.220.69.12 - Windows 2000 SP2+, XP SP1
41.220.69.12 - Windows XP/2000 (RFC1323, w+, no tstamp)
41.226.49.206 - Windows 2000 SP2+, XP SP1
41.228.165.246 - Windows 2000 SP2+, XP SP1
41.228.165.246 - Windows XP/2000 (RFC1323, w+, no tstamp)
41.230.148.175 - Windows 2000 SP2+, XP SP1
41.232.88.21 - Windows 2000 SP4, XP SP1
41.232.88.99 - Windows 2000 SP4, XP SP1
41.232.90.104 - Windows 2000 SP4, XP SP1
41.232.90.133 - Windows 2000 SP4, XP SP1
41.232.90.182 - Windows 2000 SP4, XP SP1
41.232.90.216 - Windows 2000 SP4, XP SP1
41.232.90.219 - Windows 2000 SP4, XP SP1
41.232.90.221 - Windows 2000 SP4, XP SP1
41.232.92.76 - Windows 2000 SP4, XP SP1
41.232.92.79 - Windows 2000 SP4, XP SP1
41.232.93.119 - Windows 2000 SP4, XP SP1
41.232.93.134 - Windows 2000 SP4, XP SP1
41.232.93.148 - Windows 2000 SP4, XP SP1
41.232.93.3 - Windows 2000 SP4, XP SP1
41.232.94.230 - Windows 2000 SP4, XP SP1
41.232.95.237 - Windows 2000 SP4, XP SP1
41.232.95.49 - Windows 2000 SP4, XP SP1
41.232.96.134 - Windows 2000 SP4, XP SP1
41.232.96.170 - Windows 2000 SP4, XP SP1
41.232.96.179 - Windows 2000 SP4, XP SP1
41.232.96.184 - Windows 2000 SP4, XP SP1
41.232.96.186 - Windows 2000 SP4, XP SP1
41.232.96.220 - Windows 2000 SP4, XP SP1
41.232.96.231 - Windows 2000 SP4, XP SP1
41.232.96.240 - Windows 2000 SP4, XP SP1
41.232.96.96 - Windows 2000 SP4, XP SP1
41.232.97.104 - Windows 2000 SP4, XP SP1
41.232.97.149 - Windows 2000 SP4, XP SP1
41.232.97.151 - Windows 2000 SP4, XP SP1
41.232.97.252 - Windows 2000 SP4, XP SP1
41.232.97.37 - Windows 2000 SP4, XP SP1
41.232.98.103 - Windows 2000 SP4, XP SP1
41.232.98.32 - Windows 2000 SP4, XP SP1
41.232.99.176 - Windows 2000 SP4, XP SP1
41.232.99.188 - Windows 2000 SP4, XP SP1
41.232.99.218 - Windows 2000 SP4, XP SP1
41.232.99.229 - Windows 2000 SP4, XP SP1
41.233.40.197 - Windows 2000 SP4, XP SP1
41.234.207.246 - Windows 2000 SP4, XP SP1
41.236.175.129 - Windows 2000 SP4, XP SP1
41.236.215.151 - Windows 2000 SP4, XP SP1
41.236.255.180 - Windows 2000 SP4, XP SP1
41.237.231.69 - Windows 2000 SP4, XP SP1
41.238.168.128 - Windows 2000 SP4, XP SP1
41.238.169.117 - Windows 2000 SP4, XP SP1
41.239.117.10 - Windows 2000 SP4, XP SP1
41.239.166.127 - Windows 2000 SP2+, XP SP1
41.239.181.12 - Windows 2000 SP4, XP SP1
41.239.181.204 - Windows 2000 SP4, XP SP1
41.239.181.213 - Windows 2000 SP4, XP SP1
41.239.181.34 - Windows 2000 SP4, XP SP1
41.239.181.54 - Windows 2000 SP4, XP SP1
41.239.182.220 - Windows 2000 SP4, XP SP1
41.239.182.47 - Windows 2000 SP4, XP SP1
41.239.182.67 - Windows 2000 SP4, XP SP1
41.248.215.147 - Windows 2000 SP4, XP SP1
41.34.173.12 - Windows 2000 SP4, XP SP1
41.35.47.54 - Windows 2000 SP4, XP SP1