Attacks Against GRC.COM

Windows Machines Engaging in

Attacks Against GRC.COM

Page last modified: Oct 06, 2003 at 13:31

If you are looking for our comprehensive report of the original Distributed Denial of Service (DDoS) attacks against GRC.COM, please see that page.

Attack History & Analysis:

06/20/2001 — Ping Flood from 195 Windows systems running IIS

Analysis: This attack was a simple exploit of a well-known and extremely serious Microsoft IIS web server vulnerability. This vulnerability allows the attacker to execute arbitrary programs and commands on the vulnerable system. This vulnerability is especially troubling because it is easily "scanned for" across the Internet and will not be blocked by security firewalls. Thus, the acquisition of a large inventory of attacking Windows machines can be entirely automated, as follows:

A scan is performed over some region of the Internet, searching for web servers accepting TCP connections on port 80. A specially formed "HTTP GET" request is then sent over the accepted connection to the server:

GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\

This command returns the contents of the system's C: drive to the
requester, although any other valid command could be chosen.
If the IIS server has received the latest patches, the response will be "HTTP/1.1 500 Server Error", telling the malicious hacker that this server is secure. But a successful response of "HTTP/1.1 200 OK" causes the server's IP address to be logged for future use . . . and the scan continues now with one additional Windows IIS machine in "inventory".
In the case of the attack against us, a large-packet, high-count, short-delay (i.e. malicious) "ping" command was simultaneously issued to 195 Windows IIS servers:

ping.exe -n 9999999 -l 65500 -w 0 <target ip>

This command instructs the computer to send 9,999,999 maximum size
(64k) ICMP Echo Requests, as fast as possible, to the target IP address.

The aggregate traffic, generated by these 195 frantically
pinging Windows hosts, flooded our inbound Internet
bandwidth and temporarily forced us off the Net.
The attack was very simple, yet temporarily very effective.

After logging the source IP's of all inbound malicious ICMP traffic — and thus the IP addresses of the attacking IIS servers (see list below) — we asked our ISP, Verio, to block all ICMP traffic to our site at their router. GRC.COM immediately popped back onto the Internet.
Observations: With very few exceptions, all attacking machines reside within the class-A 216.0.0.0/8 network. Therefore, the probable means of security compromise was a simple scan across the 216.0.0.0/8 network to locate easily identifiable Microsoft IIS HTTP servers listening on port 80. After this identification, a simple test determined whether the server under evaluation was currently wide open for exploitation . . . as any non-currently-patched Microsoft IIS server would be.
The Attacker's IP addresses: Analysis of the server logs of several victim servers reveals that the 06/20/2001 attack against grc.com was apparently originated from the IP:

210 . 120 . 192 . 177
Earlier, previous uses of this exploit, were also apparently originated from the following IP addresses:

62 . 254 . 32 . 4

61 . 143 . 63 . 86

202 . 103 . 226 . 70
Additional Exploit Information: Additional information regarding this exploit may be found at the NSFOCUS web site:

http://www.nsfocus.com/english/homepage/sa01-02.htm
And also at Microsoft's web site:

http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Machine Owner Notification: An active squad of volunteers, who inhabit the newsgroups at GRC.COM, are busily contacting every identifiable owner and administrator of the insecure machines to advise them of the problem and ask them to check this page for a detailed explanation.
A Special Thank You: I wish to give a special "thank you" to Robin Keir, Senior Software Engineer for the terrific Foundstone, Inc. network security company. Like everyone else using IIS, we were totally vulnerable when this exploit was first announced. Robin took it upon himself to make sure I knew. Thanks Robin!

Robin has also employed powerful network security appraisal technology to prepare two comprehensive pages detailing the frightening security condition of the machines that were attacking us. There are many lessons to be learned from browsing these pages.

GRC.COM Attack Log

You are invited to review the following list of machines known to have been involved in attacks against the GRC.COM domain. If you (or anyone you know) has administrative responsibility for any of the machines listed here — or if you are simply an Internet end-user — you should presume that the security of your Windows-based computer has been critically compromised and all information contained within may have been copied and stolen.

Note: This list is currently sorted by degree of attack strength, from most to least. We will soon resort it by address for easier IP lookup . . .

Attack Source IP Machine Name Attack Date Attack Type

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.27.169.178 dsl027-169-178.atl1.dsl.speakeasy.net 06/20/01 ICMP Flood

216.16.194.77 SCI-DEV01 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.21.8.94 06/20/01 ICMP Flood

216.5.184.138 ASGARD 06/20/01 ICMP Flood

216.4.203.3 STGBDC01 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.1.23.14 IS~WEBSERVER1 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.4.180.130 06/20/01 ICMP Flood

216.4.63.149 SERVER1 06/20/01 ICMP Flood

216.2.82.6 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.1.132.203 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.23.18.230 HOSTED-EXC 06/20/01 ICMP Flood

216.21.202.5 216-21-202-5.spectrumdsl.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.3.74.106 06/20/01 ICMP Flood

216.18.113.193 193.113.18.216.gt-est.net 06/20/01 ICMP Flood

216.3.223.149 web01.aimfire.net 06/20/01 ICMP Flood

216.28.41.215 06/20/01 ICMP Flood

216.17.33.32 pix23.gage.com 06/20/01 ICMP Flood

216.18.84.161 h216-18-84-161.gtconnect.net 06/20/01 ICMP Flood

216.4.95.222 INTERNETT1 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.18.101.3 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.26.139.82 06/20/01 ICMP Flood

216.27.61.92 06/20/01 ICMP Flood

216.25.245.158 MATUREDEV 06/20/01 ICMP Flood

216.23.61.166 IS~THOMWWW2 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.5.83.135 AFS2000 06/20/01 ICMP Flood

216.18.113.114 114.113.18.216.gt-est.net 06/20/01 ICMP Flood

216.5.43.240 host240.novaratech.com 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.7.20.52 06/20/01 ICMP Flood

216.13.55.34 SVRDOC 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.5.139.196 kt-nat-196.motion.net 06/20/01 ICMP Flood

216.3.57.34 glvlv34.gilmorevalve.com 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.12.88.23 2pms6.cv.mvl.intelos.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.3.175.228 www.tmw-atlanta.com 06/20/01 ICMP Flood

216.7.141.186 WPI 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.5.161.196 WREN 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.5.84.2 EDGAR 06/20/01 ICMP Flood

216.5.112.195 AIS-A2XIZA75XSJ 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.13.164.238 IS~SOPHIA 06/20/01 ICMP Flood

64.81.246.97 dsl081-246-097.sfo1.dsl.speakeasy.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.26.44.241 ip216-26-44-241.dsl.du.teleport.com 06/20/01 ICMP Flood

216.201.134.25 06/20/01 ICMP Flood

216.27.184.171 dsl027-184-171.sfo1.dsl.speakeasy.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.3.182.93 02-093.033.popsite.net 06/20/01 ICMP Flood

216.4.90.162 WIN_PDC 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.20.123.13 fhsgate.fitchburg.k12.ma.us 06/20/01 ICMP Flood

216.4.216.132 BBRVPN 06/20/01 ICMP Flood

216.2.58.196 mail.sclegal.com 06/20/01 ICMP Flood

216.7.221.42 FASTVIBE-DQRUIB 06/20/01 ICMP Flood

216.21.207.61 216-21-207-61.spectrumdsl.net 06/20/01 ICMP Flood

216.216.16.195 06/20/01 ICMP Flood

216.7.68.49 fra1-1-167.belldsl.dcr.net 06/20/01 ICMP Flood

216.1.250.58 NETSERVER 06/20/01 ICMP Flood

216.4.101.235 SERVER 06/20/01 ICMP Flood

216.21.196.42 06/20/01 ICMP Flood

216.216.24.11 faxserver.sysdesign.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

209.219.152.194 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.4.209.162 BROOKSIDESL 06/20/01 ICMP Flood

216.17.55.169 MN-PROXY2 06/20/01 ICMP Flood

216.216.99.3 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.2.79.6 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.216.26.76 ATHM-216-216-xxx-76.home.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.216.116.165 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.28.136.81 OLFTRACKING 06/20/01 ICMP Flood

64.232.104.46 ATHM-64-232-xxx-46.home.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.6.90.37 MTSERVER 06/20/01 ICMP Flood

216.6.207.250 MAINSERVER 06/20/01 ICMP Flood

216.7.139.196 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.5.242.158 06/20/01 ICMP Flood

216.216.83.248 ATHM-216-216-xxx-248.home.net 06/20/01 ICMP Flood

216.24.228.95 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.18.113.89 89.113.18.216.gt-est.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.6.139.136 eisele.ul.warwick.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.19.141.181 user181.216.19.141.dsli.com 06/20/01 ICMP Flood

216.27.137.115 dsl027-137-115.nyc1.dsl.speakeasy.net 06/20/01 ICMP Flood

216.216.87.109 okc1C-hfc-0251-d8d8576d.ok.coxatwork.com 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.21.207.116 216-21-207-116.spectrumdsl.net 06/20/01 ICMP Flood

216.3.31.35 SEIS1 06/20/01 ICMP Flood

216.5.197.18 infotech.co.za 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.21.194.162 216-21-194-162.spectrumdsl.net 06/20/01 ICMP Flood

216.26.67.40 ip216-26-67-40.dsl.du.teleport.com 06/20/01 ICMP Flood

216.27.27.77 FSC-NT02 06/20/01 ICMP Flood

216.216.8.104 ATHM-216-216-xxx-104.home.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.6.22.33 ACCRAC 06/20/01 ICMP Flood

216.14.34.222 06/20/01 ICMP Flood

216.27.147.119 dsl027-147-119.nyc1.dsl.speakeasy.net 06/20/01 ICMP Flood

216.27.177.67 dsl027-177-067.sfo1.dsl.speakeasy.net 06/20/01 ICMP Flood

216.216.26.67 ATHM-216-216-xxx-67.home.net 06/20/01 ICMP Flood

216.6.103.18 NS 06/20/01 ICMP Flood

216.216.26.70 ATHM-216-216-xxx-70.home.net 06/20/01 ICMP Flood

216.6.121.242 PUZZLE 06/20/01 ICMP Flood

216.26.47.215 ip216-26-47-215.dsl.du.teleport.com 06/20/01 ICMP Flood

66.8.11.78 annex-02.cdsp.co.za 06/20/01 ICMP Flood

216.1.181.231 IS~CWHSE1 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.27.178.142 dsl027-178-142.sfo1.dsl.speakeasy.net 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.4.97.228 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.27.135.233 dsl027-135-233.nyc1.dsl.speakeasy.net 06/20/01 ICMP Flood

216.7.193.13 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.18.153.229 haylux.akota.com 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.6.99.194 mrc-otta2.trytel.com 06/20/01 ICMP Flood

216.15.101.51 dnai-216-15-101-51.cust.dnai.com 06/20/01 ICMP Flood

216.27.22.36 VIRUSWALL 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.6.90.38 NEPZMT1 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.29.38.192 06/20/01 ICMP Flood

216.23.1.38 iis.prograde.com 06/20/01 ICMP Flood

216.27.181.164 dsl027-181-164.sfo1.dsl.speakeasy.net 06/20/01 ICMP Flood

216.2.58.130 mail.cym.com 06/20/01 ICMP Flood

216.4.160.170 NA.sdn.net.za 06/20/01 ICMP Flood

216.5.108.25 PDCUDTCORP 06/20/01 ICMP Flood

216.15.101.34 dnai-216-15-101-34.cust.dnai.com 06/20/01 ICMP Flood

216.27.180.196 dsl027-180-196.sea1.dsl.speakeasy.net 06/20/01 ICMP Flood

216.29.38.182 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.28.22.67 OARTERM1 06/20/01 ICMP Flood

216.29.39.66 SERVER 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.6.103.50 SVRSEC 06/20/01 ICMP Flood

216.25.136.184 allegiance.redpub.eclipse.net 06/20/01 ICMP Flood

216.29.36.98 THEMINISTRY 06/20/01 ICMP Flood

216.7.173.195 06/20/01 ICMP Flood

216.4.216.130 BBRSERVER 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.25.140.126 IFS 06/20/01 ICMP Flood

216.25.147.206 OFP-SERVER 06/20/01 ICMP Flood

216.***.***.*** <system secured by owner> 06/20/01 ICMP Flood

216.28.22.125 OAR-EX 06/20/01 ICMP Flood

If your machine is listed above . . . . . .

. . . we mean you no disrespect, but this is a problem between you and Microsoft, not between you and us. We have no idea what has happened to your machine, we are only sure that it's not good.

We hope you will want to take the machine away from the malicious hackers who have effortlessly commandeered it, and who now, apparently, own it. But doing so is up to you. Your machine has been attacking us . . . that's not our fault.

Perhaps you could give Bill Gates a call and ask for his advice? After all, he has the money you paid for this all-too-common Internet experience.

Please ask your machine not to attack us again. When it agrees, let us know, and we'll blank your machine's IP and name, removing it from the listing above.
Thank you.

Denial of Service Pages

Denial of Service Home Page

The Tale of Our Investigation

Denial of Service Attack Log

Brief XP DoS Threat Summary

The Windows XP Internet Threat

The Microsoft Security Oxymoron

Microsoft Laughs Off XP Security

Last Edit: Oct 06, 2003 at 13:31 (72.19 days ago) Viewed 65 times per day

Gibson Research Corporation is owned and operated by Steve Gibson. The contents
of this page are Copyright (c) 2003 Gibson Research Corporation. Spinrite, ShieldsUP,
NanoProbe, and the slogan "It's MY Computer" are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.

Attack Source IP	Machine Name	Attack Date	Attack Type
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.27.169.178	dsl027-169-178.atl1.dsl.speakeasy.net	06/20/01	ICMP Flood
216.16.194.77	SCI-DEV01	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.21.8.94		06/20/01	ICMP Flood
216.5.184.138	ASGARD	06/20/01	ICMP Flood
216.4.203.3	STGBDC01	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.1.23.14	IS~WEBSERVER1	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.4.180.130		06/20/01	ICMP Flood
216.4.63.149	SERVER1	06/20/01	ICMP Flood
216.2.82.6		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.1.132.203		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.23.18.230	HOSTED-EXC	06/20/01	ICMP Flood
216.21.202.5	216-21-202-5.spectrumdsl.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.3.74.106		06/20/01	ICMP Flood
216.18.113.193	193.113.18.216.gt-est.net	06/20/01	ICMP Flood
216.3.223.149	web01.aimfire.net	06/20/01	ICMP Flood
216.28.41.215		06/20/01	ICMP Flood
216.17.33.32	pix23.gage.com	06/20/01	ICMP Flood
216.18.84.161	h216-18-84-161.gtconnect.net	06/20/01	ICMP Flood
216.4.95.222	INTERNETT1	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.18.101.3		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.26.139.82		06/20/01	ICMP Flood
216.27.61.92		06/20/01	ICMP Flood
216.25.245.158	MATUREDEV	06/20/01	ICMP Flood
216.23.61.166	IS~THOMWWW2	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.5.83.135	AFS2000	06/20/01	ICMP Flood
216.18.113.114	114.113.18.216.gt-est.net	06/20/01	ICMP Flood
216.5.43.240	host240.novaratech.com	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.7.20.52		06/20/01	ICMP Flood
216.13.55.34	SVRDOC	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.5.139.196	kt-nat-196.motion.net	06/20/01	ICMP Flood
216.3.57.34	glvlv34.gilmorevalve.com	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.12.88.23	2pms6.cv.mvl.intelos.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.3.175.228	www.tmw-atlanta.com	06/20/01	ICMP Flood
216.7.141.186	WPI	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.5.161.196	WREN	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.5.84.2	EDGAR	06/20/01	ICMP Flood
216.5.112.195	AIS-A2XIZA75XSJ	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.13.164.238	IS~SOPHIA	06/20/01	ICMP Flood
64.81.246.97	dsl081-246-097.sfo1.dsl.speakeasy.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.26.44.241	ip216-26-44-241.dsl.du.teleport.com	06/20/01	ICMP Flood
216.201.134.25		06/20/01	ICMP Flood
216.27.184.171	dsl027-184-171.sfo1.dsl.speakeasy.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.3.182.93	02-093.033.popsite.net	06/20/01	ICMP Flood
216.4.90.162	WIN_PDC	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.20.123.13	fhsgate.fitchburg.k12.ma.us	06/20/01	ICMP Flood
216.4.216.132	BBRVPN	06/20/01	ICMP Flood
216.2.58.196	mail.sclegal.com	06/20/01	ICMP Flood
216.7.221.42	FASTVIBE-DQRUIB	06/20/01	ICMP Flood
216.21.207.61	216-21-207-61.spectrumdsl.net	06/20/01	ICMP Flood
216.216.16.195		06/20/01	ICMP Flood
216.7.68.49	fra1-1-167.belldsl.dcr.net	06/20/01	ICMP Flood
216.1.250.58	NETSERVER	06/20/01	ICMP Flood
216.4.101.235	SERVER	06/20/01	ICMP Flood
216.21.196.42		06/20/01	ICMP Flood
216.216.24.11	faxserver.sysdesign.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
209.219.152.194		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.4.209.162	BROOKSIDESL	06/20/01	ICMP Flood
216.17.55.169	MN-PROXY2	06/20/01	ICMP Flood
216.216.99.3		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.2.79.6		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.216.26.76	ATHM-216-216-xxx-76.home.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.216.116.165		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.28.136.81	OLFTRACKING	06/20/01	ICMP Flood
64.232.104.46	ATHM-64-232-xxx-46.home.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.6.90.37	MTSERVER	06/20/01	ICMP Flood
216.6.207.250	MAINSERVER	06/20/01	ICMP Flood
216.7.139.196		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.5.242.158		06/20/01	ICMP Flood
216.216.83.248	ATHM-216-216-xxx-248.home.net	06/20/01	ICMP Flood
216.24.228.95		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.18.113.89	89.113.18.216.gt-est.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.6.139.136	eisele.ul.warwick.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.19.141.181	user181.216.19.141.dsli.com	06/20/01	ICMP Flood
216.27.137.115	dsl027-137-115.nyc1.dsl.speakeasy.net	06/20/01	ICMP Flood
216.216.87.109	okc1C-hfc-0251-d8d8576d.ok.coxatwork.com	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.21.207.116	216-21-207-116.spectrumdsl.net	06/20/01	ICMP Flood
216.3.31.35	SEIS1	06/20/01	ICMP Flood
216.5.197.18	infotech.co.za	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.21.194.162	216-21-194-162.spectrumdsl.net	06/20/01	ICMP Flood
216.26.67.40	ip216-26-67-40.dsl.du.teleport.com	06/20/01	ICMP Flood
216.27.27.77	FSC-NT02	06/20/01	ICMP Flood
216.216.8.104	ATHM-216-216-xxx-104.home.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.6.22.33	ACCRAC	06/20/01	ICMP Flood
216.14.34.222		06/20/01	ICMP Flood
216.27.147.119	dsl027-147-119.nyc1.dsl.speakeasy.net	06/20/01	ICMP Flood
216.27.177.67	dsl027-177-067.sfo1.dsl.speakeasy.net	06/20/01	ICMP Flood
216.216.26.67	ATHM-216-216-xxx-67.home.net	06/20/01	ICMP Flood
216.6.103.18	NS	06/20/01	ICMP Flood
216.216.26.70	ATHM-216-216-xxx-70.home.net	06/20/01	ICMP Flood
216.6.121.242	PUZZLE	06/20/01	ICMP Flood
216.26.47.215	ip216-26-47-215.dsl.du.teleport.com	06/20/01	ICMP Flood
66.8.11.78	annex-02.cdsp.co.za	06/20/01	ICMP Flood
216.1.181.231	IS~CWHSE1	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.27.178.142	dsl027-178-142.sfo1.dsl.speakeasy.net	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.4.97.228		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.27.135.233	dsl027-135-233.nyc1.dsl.speakeasy.net	06/20/01	ICMP Flood
216.7.193.13		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.18.153.229	haylux.akota.com	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.6.99.194	mrc-otta2.trytel.com	06/20/01	ICMP Flood
216.15.101.51	dnai-216-15-101-51.cust.dnai.com	06/20/01	ICMP Flood
216.27.22.36	VIRUSWALL	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.6.90.38	NEPZMT1	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.29.38.192		06/20/01	ICMP Flood
216.23.1.38	iis.prograde.com	06/20/01	ICMP Flood
216.27.181.164	dsl027-181-164.sfo1.dsl.speakeasy.net	06/20/01	ICMP Flood
216.2.58.130	mail.cym.com	06/20/01	ICMP Flood
216.4.160.170	NA.sdn.net.za	06/20/01	ICMP Flood
216.5.108.25	PDCUDTCORP	06/20/01	ICMP Flood
216.15.101.34	dnai-216-15-101-34.cust.dnai.com	06/20/01	ICMP Flood
216.27.180.196	dsl027-180-196.sea1.dsl.speakeasy.net	06/20/01	ICMP Flood
216.29.38.182		06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.28.22.67	OARTERM1	06/20/01	ICMP Flood
216.29.39.66	SERVER	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.6.103.50	SVRSEC	06/20/01	ICMP Flood
216.25.136.184	allegiance.redpub.eclipse.net	06/20/01	ICMP Flood
216.29.36.98	THEMINISTRY	06/20/01	ICMP Flood
216.7.173.195		06/20/01	ICMP Flood
216.4.216.130	BBRSERVER	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.25.140.126	IFS	06/20/01	ICMP Flood
216.25.147.206	OFP-SERVER	06/20/01	ICMP Flood
216.*..**	<system secured by owner>	06/20/01	ICMP Flood
216.28.22.125	OAR-EX	06/20/01	ICMP Flood