On this page... (hide)
Introduction
Directly related to remote exploits is the scanning of different network blocks. It is very useful to know when and what is being targeted.
Fields
| Field | Description |
| Date | Date in UTC+0 of the event |
| Time | Time in UTC+0 of the event |
| C&C | Command and Control IP that started the scan |
| C&C Port | IRC port of the C&C |
| C&C ASN | ASN where teh C&C resides |
| C&C Geo | Country where the C&C resides |
| Channel | IRC channel of the C&C |
| TGT | Target network to be scanned |
| TGT ASN | ASN of the target network |
| TGT Geo | Country of the target network |
| Command | Actual command that was issued to start the scan |
Sample
"Date","Time","C&C","C&C Port","C&C ASN","C&C Geo","Channel","TGT","TGT ASN","TGT Geo","Command" "2008-11-03","00:28:42","194.78.209.104",789,5432,"BE","##sleipnir##","192.168.x.x","","","192.168.x.x" "2008-11-03","01:05:57","194.78.209.104",789,5432,"BE","##sleipnir##","142.177.x.x","","","142.177.x.x" "2008-11-03","01:22:16","194.78.209.104",789,5432,"BE","##sleipnir##","192.168.x.x","","","192.168.x.x" "2008-11-03","01:22:56","194.78.209.104",789,5432,"BE","##sleipnir##","192.168.x.x","","","192.168.x.x" "2008-11-03","02:38:49","194.78.209.104",789,5432,"BE","##sleipnir##","221.254.x.x","","","221.254.x.x" "2008-11-03","02:58:29","194.78.209.104",789,5432,"BE","##sleipnir##","142.162.x.x","","","142.162.x.x" "2008-11-03","03:04:29","194.78.209.104",789,5432,"BE","##sleipnir##","192.168.x.x","","","192.168.x.x" "2008-11-03","03:17:18","194.78.209.104",789,5432,"BE","##sleipnir##","142.162.x.x","","","142.162.x.x" "2008-11-03","03:41:50","194.78.209.104",789,5432,"BE","##sleipnir##","221.254.x.x","","","221.254.x.x" "2008-11-03","04:00:20","89.149.210.96",6667,28753,"PL","#diisni","210.197.x.x","","","210.197.x.x" "2008-11-03","04:33:47","70.253.89.19",4200,7132,"US","##rage","144.x.x.x","","","!scan"
<< | Reports | >>
