Polybot List

LAST UPDATED:

03/23/2005 - 2:45 p.m.

IPs used for scanning the University Network:

Name: netscan.memphis.edu Address: 141.225.214.100

Name: netscan1.memphis.edu Address: 141.225.215.117 Room AD117

Administration Building

hostip : 141.225.206.218 hostmac : 00b0d0f7894c ad270-s1.memphis.edu. Fa0/22 Room AD273- enabled

hostip : 141.225.205.232 hostmac : 00b0d0f785aa ad370-s3.memphis.edu. Fa0/3 - enabled

hostip : 141.225.202.162 hostmac : 00b0d0f77ef1 ad110-s2.memphis.edu. Fa0/9 - enabled - disabled again dec3 -- enabled - disabled again ian14 - enabled ian18

hostname: sthompson.memphis.edu. hostip : 141.225.205.199 hostmac : 0050bf93ac6c ad270-s4.memphis.edu. Fa0/4 - enabled - disabled again dec3 - enabled 1 p.m. - disabled dec8th - enabled

hostip : 141.225.205.155 hostmac : 00b0d046cb8b ad170-s1.memphis.edu. Fa0/13 AD165 -- enabled - disabled dec8th -enabled Dec9th

hostip : 141.225.204.112 hostmac : 00c04f5554bf ad270-s3.memphis.edu. Fa0/13 AD275 - dis dec9th - enabled

hostip : 141.225.207.174 hostmac : 00e0296e0f88 ad170-s1.memphis.edu. Fa0/23 AD159 - DCOM - mac-address filter on ad102-s1 & ad102-s2 - enabled - disabled Jan18 - enabled Jan24

hostip : 141.225.202.204 hostmac : 00b0d025ef4b filter on ad102-s1 and ad102-s2 - enabled

hostname: s3-rm265.memphis.edu. hostip : 141.225.207.225 hostmac : 00b0d0f7896e - enabled

Atletic Office

hostname: ltrice-2.memphis.edu. hostip : 141.225.186.60 hostmac : 00c04f3875d4 ao115-s3.memphis.edu. Fa0/11 - polybot - enabled

hostname: ltrice-2.memphis.edu hostip : 141.225.186.230 hostmac : 00c04f3875d4 ao115-s3.memphis.edu. Fa0/17 - compromised - enabled

hostname: jbaron.memphis.edu. hostip : 141.225.186.66 hostmac : 00e0988e3b0f ao226-s1.memphis.edu. Fa0/11 - enabled

hostname: lpryor-2.memphis.edu. hostip : 141.225.186.142 hostmac : 000f1fdf67e9 ao226-s1.memphis.edu. Fa0/18 - over 800 connections - Removed Filter 1/18/05

Ball Hall

Bookstore

hostname : bkstore2.memphis.edu hostip : 141.225.236.169 hostmac : 00e0c56a38e5

Browning Hall

hostip : 141.225.19.145 hostmac : 00b0d0f5630c br104-s4.memphis.edu. Fa0/14 room: BR120C

hostip : 141.225.18.81 hostmac : 00b0d0f792f5 br312-s1.memphis.edu. Fa0/8 BR314-1A - Slammer -- enabled

Business

141.225.167.244 issm30.memphis.edu 00e0299ec40b bc153-s5.memphis.edu. Fa0/14
hostip : 141.225.102.168 hostmac : 00c04f8c7b33 ba101-s4.memphis.edu. Fa0/19 Room: BA114G-A high traffic

hostip : 141.225.102.152 hostmac : 00b0d075b03d bb372-s1.memphis.edu. Fa0/18 - netsky

hostname: ba319d02.memphis.edu. hostip : 141.225.103.108 hostmac : 00c04f280462 ba314-s2.memphis.edu. Fa0/3 Room BA319-A - enabled

hostip : 141.225.102.211 hostmac : 00c04f8c7e02 bb358-s2.memphis.edu. Fa0/13 BB359-4A

hostname: ba403kemme-ga.memphis.edu. hostip : 141.225.100.180 hostmac : 004f490cab31 ba430-s2.memphis.edu. Fa0/23 Room BA439-2A (ba101-s1 & s2)

hostip : 141.225.101.253 hostmac : 00065bb104ca bb377-s1.memphis.edu. Fa0/9

hostname: bb302d05.memphis.edu. hostip : 141.225.102.143 hostmac : 00c04f2804b0 mac filter on ba101-s1 & ba101-s2 DCOM

Carrier - Collierville

141.225.246.149 DCOM -----Col105-s2- port 7

Carpenter

hostname: kcarlson-4.memphis.edu. hostip : 141.225.151.119 hostmac : 000d88fa0fba Filter on :CSH999-s1 - enabled

Name: daycare-f5gnn01.memphis.edu Address: 141.225.150.151 00b0.d0cc.01e6 csh999-s1 Fa0/16 - Attacking mail Server - enabled Feb18

Name: fphillip-2.memphis.edu Address: 141.225.150.77 hostmac: 000d88a22713 Filter on :CSH999-s1 Scanning the campus network

hostname: hdsmith-22.memphis.edu. hostip : 141.225.150.105 hostmac : 0030bdd2c3f5 Filter on csh999-s1 DCOM - enabled

hostname: cgillier.memphis.edu. hostip : 141.225.151.227 hostmac : 000136092edf Filter on csh999-s1 DCOM - enabled

hostname: wmcartr1-3.memphis.edu. hostip : 141.225.151.129 hostmac : 00904bf0b5d4 Filter on csh999-s1 DCOM - enabled

CLEMENT

hostname: cl219d06.memphis.edu. hostip : 141.225.56.199 hostmac : 00c04f058529 cl434-s5.memphis.edu. Fa0/24 CL337

Communications/Fine Arts

hostname: jnarnett.memphis.edu. hostip : 141.225.51.201 hostmac : 009096f4992b cfa103-s3.memphis.edu. Fa0/10 Room: CFA124A-A1 - port 80 open for an workstation - backdoor

hostname: jjacksn2.memphis.edu. hostip : 141.225.51.190 hostmac : 00065bced20e Location: CFA 2nd flr. filter on : cfa103-s1, cfa103-s2 -- enabled

hostname: ttowery-84.memphis.edu. hostip : 141.225.50.190 hostmac : 00065bced45a cfa225-s1.memphis.edu. Fa0/3 -- enabled

hostname: jjacksn2.memphis.edu. hostip : 141.225.51.178 hostmac : 00065bced20e cfa225-s1.memphis.edu. FA0/13 (very high traffic) -- enabled

Dunn Hall

141.225.10.153 00b0d076fe3b wd224-s10.memphis.edu. Fa0/2

141.225.10.177 00065bcd9e5a wd124-s1.memphis.edu. Fa0/2

141.225.10.232 00c04f367999 wd224-s4.memphis.edu. Fa0/16

hostname: thales.memphis.edu. hostip : 141.225.8.55 hostmac : 0020ed8349f4 filter on : wd224-s1 & wd224-s2 - enabled - disabled again on Jan 13 - very high traffic on high port numbers - enabled Jan18 8:40a.m.

Ellington

hostip : 141.225.33.102 hostmac : 000ae62708ff eb219-s4.memphis.edu. Fa0/17 EB216-1A -- enabled - This is a server, Connect Chris Poweless at 4754.

Engineering Tech

hostname: yingliu-2.memphis.edu. hostip : 141.225.162.92 hostmac : 000874c96b57 ea306-s1 - enabled

hostname: es329d01.me.memphis.edu. hostip : 141.225.165.134 hostmac : 000874245d25 filter is on ea306-s1, ea306-s2 - 5,000 conversations, abuse complaint -- ????

hostname: sjellis.memphis.edu. hostip : 141.225.162.240 hostmac : 00065b409204 filter is on ea306-s1, ea306-s2 - file sharing

hostip : 141.225.165.180 hostmac : 00b0d077d217 et236-s5.memphis.edu. Fa0/23 Room ET 319 - enabled

hostname: galilaeo.memphis.edu. hostip : 141.225.161.27 hostmac : 00b0d084ccfd es218-s5.memphis.edu. Fa0/9 ES323A - enabled

hostname: pkoppart-2.memphis.edu. hostip : 141.225.167.198 hostmac : 000874b1b719 es218-s5.memphis.edu. Fa0/16 ES327

hostname: et236d02.memphis.edu. hostip : 141.225.167.165 hostmac : 00c04f38a48f ea306-s3.memphis.edu. Fa0/9 EA202-2A -- DCOM - address-filter - enabled

hostname: peterlau-2.memphis.edu. hostip : 141.225.167.222 hostmac : 000802d534c3 - Room: ET210 - mac address filter - enabled

hostip : 141.225.163.134 hostmac : 000d56f0a380 - Room ET236/48 - mac address filter -

hostip : 141.225.166.112 hostname: et236d11.engr.memphis.edu. hostmac : 000d56f0a695 filter on ea306-s1,s2--- high traffice.

hostip : 141.225.161.38 mech1.me.memphis.edu hostmac: 0060.0840.1036 -filter on ea306-s1, s2 --- ftp servers.- enabled - disabled Jan23 midnight - enabled Jan31

hostip : 141.225.167.96 Name:et328bd01.bme.memphis.edu mac:00c0.4f38.a544 filter on ea303-s1,s2 -- ftp server port 3210

hostname: yen001.bme.memphis.edu. hostip : 141.225.163.94 hostmac : 00c04f0de092 - filter on ea306-s1, s2 - high traffic - enabled

Fogelman Executive Center

hostip : 141.225.48.145 hostmac : 00b0d02cc5a4 bc153-s5.memphis.edu. Fa0/21 - enabled

hostname: sgates2-3.memphis.edu. hostip : 141.225.49.211 hostmac : 00c04f8c7e0e bc153-s5.memphis.edu. Fa0/6 - enabled

hostip : 141.225.49.237 hostmac : 00b0d07c49d7 bc321-s2.memphis.edu. Fa0/23 BC249

hostname: rrobinso.memphis.edu. hostip : 141.225.48.52 hostmac : 00600819ae4d bc321-s3.memphis.edu. Fa0/15

hostname: s-nephew3.memphis.edu. hostip : 141.225.48.187 hostmac : 00d05949078c Wireless user - DCom Virus

hostname: fecc06wccg.memphis.edu. "fec211confsvs1" hostip : 141.225.48.152 hostmac : 00065b75f9dd Traffie-nabledc

hostip : 141.225.49.237 hostmac : 00b0d07c49d7 bc321-s2.memphis.edu. Fa0/6 attack on other servers (8899 open, too)

hostname: sarcher-46.memphis.edu. hostip : 141.225.48.71 hostmac : 00065b3c26cd filter @bc153-s1 & bc153-s2 (scanning the campus network)

FIT

hostname: mkosel-6.memphis.edu. hostip : 141.225.41.47 hostmac :0008dbd2f9de -- mac-address-filter

Jones Hall

hostname: et306gx150.memphis.edu. hostip : 141.225.208.211 hostmac : 00065b17fd8c jo408-s1.memphis.edu. Fa0/19 - moved on another port - enabled

hostname: et306gx150.memphis.edu. hostip : 141.225.208.211 hostmac : 00065b17fd8c jo408-s3 Fa0/9-- enabled

jo301d39.memphis.edu 141.225.208.236 0006.5bcf.0617 jo301-s1 Fa0/11 - Decom Virus - enabled

jo301-s10/6 0006.5bcf.0617 jo301d39.memphis.edu

hostip : 141.225.208.51 hostmac : 00b0d084d12a jo100-s7.memphis.edu. Fa0/13

hostname: belindap2.memphis.edu. hostip : 141.225.209.111 hostmac : 00065bcfc077 jo311-s2.memphis.edu. Fa0/9 - enabled 01/03 disabled 01/19 (jo100-s5 and s6) - enabled 01/19

hostname: jcavin.memphis.edu. hostip : 141.225.208.133 hostmac : 000f66c6c976 jo100-s5 & jo100-s6 DCOM

Journalism

hostname: newskingserver.memphis.edu. hostip : 141.225.25.192 hostmac : 0050bf39fdad mj206a-s1.memphis.edu. Fa0/11 - enabled

hostip : 141.225.25.192 hostmac : 0050bf39fdad mj206a-s2.memphis.edu. Fa0/3 -- multiple ports open - enabled

hostname: rlwillis-3.memphis.edu. hostip : 141.225.25.190 hostmac : 00b0d0f1668d filter on mj211-s1 & mj211-s2, sweeping the campus network - enabled

Life Sciences

ls531-mmcs.memphis.edu 00065b1898ce - enabled - ls401-s3 port FastEthernet0/8

hostip : 141.225.108.151 hostmac : 0080ad73e9c3 ls401-s2.memphis.edu. Fa0/16 - enabled

McCord

McWherter Library

NML130-S4 FA 0/15 141.225.193.182

Mitchell Hall:

hostname: mi401d24.memphis.edu. hostip : 141.225.36.249 hostmac : 000bdb449add mi401-s1.memphis.edu. Fa0/7 - High Traffic

Manning Hall

hostname: mn306-anthropt01.memphis.edu. hostip : 141.225.22.242 hostmac : 00c04f9fdc6a mn316-s1.memphis.edu. Fa0/19

hostname: arichter-3.memphis.edu hostip : 141.225.22.249 hostmac : 00022d42000a - Denied Registration - Sasser Virus ??

Mynders

hostname: eejones.memphis.edu. hostip : 141.225.34.120 hostmac : 000ce54a6d98 mac filter on my140-s1 DCOM

Parking Services

hostip : 141.225.235.35 hostmac : 00c04f7f47d3 pg999-s4.memphis.edu. Fa0/1 high traffic to the internet - enabled on Dec1 - disabled again on Dec2 - enabled again...

hostname: parking15.memphis.edu. hostip : 141.225.235.61 hostmac : 00b0d0242756 pg999-s3.memphis.edu. Fa0/6 -- enabled Dec 2

hostname: park-bu-server.memphis.edu. hostip : 141.225.235.21 hostmac : 00b0d007a49c filter on : pg999-s4 fa0/18

Patterson

hostname: pt127-2lju7.memphis.edu. hostip : 141.225.71.233 hostmac : 00c04f2d5bf2 mac filter on pt109-s1 & pt109-s2
Physical Plant

hostname: hvac252.memphis.edu. hostip : 141.225.20.252 hostmac : 000874fdf468 boilerroom.memphis.edu. Fa0/7

hostip : 141.225.20.244 hostmac : 000874298217 boilerroom.memphis.edu. Fa0/6

hostname: ppp527.memphis.edu. hostip : 141.225.21.136 hostmac : 00c04f1862ce pp112-s1.memphis.edu. Fa0/2 -- DCOM - enabled

hostname: cpd037.memphis.edu hostmac :00065bc7a78e hostip: 141.225.21.39 - DCOM -- address-filter - enabled

hostname: ppp833.memphis.edu. hostip : 141.225.21.225 hostmac : 00104bc6019f - DCOM -- Address-filter - enabled

hostname: ppp826.memphis.edu. hostip : 141.225.21.114 hostmac : 00b0d03d5704 - DCOM -- Address-filter - enabled

Psychology

hostname: pkurra-5.memphis.edu. hostip : 141.225.13.200 hostmac : 0008742ff6bf filter on: py101-s1, py101-s2
Rawls

hostname: etidmoreresnet.memphis.edu. hostip : 141.225.35.104 hostmac : 00022d7518e3 - mac filter on 141.225.35.2 DCOM

Richardson Towers

hostname: menloe-2.memphis.edu. hostip : 141.225.77.148 hostmac : 00:08:02:9D:29:84 - DCOM - Removed Filter 1/18/05

hostname: creaves-2.memphis.edu hostip: 141.225.79.225 hostmac: 000d56bf2000 filter @rt015-s2 scanning the campuse network

hostname: clogue.memphis.edu hostip: 141.225.77.147 hostmac: 0040ca5138b5 filter on rt-115-s2 buffer overflow attack - enabled

hostname: lnjones1.memphis.edu hostip: 141.225.79.66 hostmac: 000ea663cc42 filter on 141.225.72.1

hostname: menloe-2.memphis.edu. hostip : 141.225.79.210 hostmac : 0008029d2984 filter on 141.225.72.1 buffer over flow attack

hostname: cdaniel2.memphis.edu. hostip : 141.225.76.159 hostmac : 000c6e7d362d filter on 141.225.72.1 DCOM - enabled

hostname: enrrngtn.memphis.edu hostip:141.225.79.173 hostmac:0008.0de0.80c2 filter on 141.225.72.1 DCOM - enabled

hostname: vbelcher-2.memphis.edu. hostip : 141.225.79.142 hostmac : 000bcd79bc8d filter on 141.225.72.1 DCOM

Scates Hall

hostname: redavis.memphis.edu. hostip : 141.225.52.84 hostmac : 00087421f3b4 mac-address-filter - DCOM

Smith Hall

hostname: bnvandvrresnet.memphis.edu. hostip : 141.225.38.218 hostmac : 000f666b8f37 Room SMH303-A1 filter on smhb6-s1

South Hall

SH313-s7 fa0/6 hw: 0010.b5c0.cec6 -- attempting brute force compromises

sh313-s3 fa0/18 141.225.190.167 dkittrln.memphis.edu - virus scannign ports - enabled

hostname: cmperkns.memphis.edu. hostip : 141.225.190.161 hostmac : 00111145c0e6 sh313-s8.memphis.edu. Fa0/17 - Gnutella Filter on sh313-s1

bburke.memphis.edu 000ea68621e5 sh313-s7.memphis.edu. Fa0/8 - Filter on sh313-s1 -15% of I1

hostname: jcgrffth-2.memphis.edu. hostip : 141.225.190.124 hostmac : 000f1f7a5009 sh313-s7.memphis.edu. Fa0/7 - enabled

hostip : 141.225.190.144 hostmac : 00061be00db0 sh313-s4.memphis.edu. Fa0/2 Filter on sh313-s1

hostname: mmccarty.memphis.edu. hostip : 141.225.190.223 hostmac : 00a0d1b08c41 sh313-s9.memphis.edu. Fa0/10 Filter on sh313-s1

hostname: pconwayi.memphis.edu hostip: 141.225.190.172 hostmac: 00e01832d869 filter @sh313-s1 scanning the campus network- enabled

hostname: bpharri.memphis.edu hostip: 141.225.190.206 hostmac: 000c.4125.1ea6 filter on sh313-s1 scanning the campus network

South Campus

TCA/Music

tcg11sony.memphis.edu 141.225.64.179 00e0182a6db6 - tcg38-s3.memphis.edu Fa0/17 - enabled

hostname: mlwllms4.memphis.edu. hostip : 141.225.66.175 hostmac : 000d56061084 tcg38-s3.memphis.edu. Fa0/7 - Enabled

hostname: mu113d98.memphis.edu. hostip : 141.225.67.93 hostmac : 0008740c9d46 mu102-s1.memphis.edu. Fa0/17

hostname: tc237d98.memphis.edu. hostip : 141.225.64.219 hostmac : 000874375d50 tc218-s2.memphis.edu. Fa0/12

hostname: slsmith7.memphis.edu. hostip : 141.225.67.134 hostmac : 00065bceff74 mac filters on tcg38-s1 and tcg38-s2 scanning hosts

University Center

hostname: mlofties.memphis.edu. hostip : 141.225.148.128 hostmac : 000bdb1727d6 filter @uc218a-s1 DCOM

Wilder Tower

aatech1.memphis.edu 141.225.152.49 wt002-s7 fa0/15 reason: high traffic on port 2967 SSC-AGENT -enabled- norton server

hostname: aatech1 hostip : 141.225.152.49 hostmac : 00b0d0d1a34d wt002-s7.memphis.edu. Fa0/16 - enabled-norton-server

hostip : 141.225.155.178 hostmac : 00b0d0f2423f filter on wt002-s1 & wt002-s2 RPC DCOM overflow - enabled

12jzg11.memphis.edu - 141.225.154.70 - MAC: 0006.5ba3.f0e6 scanning networks in Internet - enabled

hostname: bur-dbeck.memphis.edu. hostip : 141.225.152.125 hostmac : 00b0d025f3b7 - enabled

Wilson Hotel

hostname: wilson127.memphis.edu. hostip : 141.225.68.215 hostmac : 00065b18997c ws999e-s1.memphis.edu. Fa0/22