We recieved a complaint about networkscan from IP 000.000.000.000.
Please see the attached set of logs from the security software.
It might be that your host has been taken over by intruders.
Please disconnect this host IMMEDIATELY and investigate its security status.
Otherwise please identify your customer operating from the above
address at the time mentioned, and immediately terminate his hacking
activities. Please prevent him from continuing this kind of activity
in the future as well.
This incident has been assigned the following number:
For future reference, please include this number in the subject line of your e-mail.
DK*CERT Abuse Team,
DTU, Centrifugevej, bygning 356
2800 Kgs. Lyngby
Telefon: +45 3587 8887
If nothing else mentioned below, timezone is believed to be UTC+0100(CET)
Destination address(es): Adresser i nettene 18.104.22.168/22 og 22.214.171.124/25
#Nov 25 04:00:15 2009 .. Nov 25 04:39:57 2009
# Scan from 000.000.000.000 affecting at least
# 64 addresses targeting TCP:1024, TCP:3072.