Logs: 02-20-02


To: jsage@finchhaven.com
Cc: root@sparky.finchhaven.net
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 02/20/2002

Logs at FinchHaven for 02/20/2002 extracted from /var/log/messages
Report generated 04:01:01 (TZ -08:00) 02/21/2002

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7


Feb 20 05:45:44 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:44 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:45 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:45 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:47 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:47 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:48 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:48 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:50 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:50 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:51 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:45:51 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:19 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:19 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:21 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:21 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:22 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:22 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:24 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:24 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:25 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:25 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:27 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 169.254.121.26   Source port: 137 
Source host: 169.254.121.26
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net

Feb 20 05:50:27 - snort [1:0:0] UDP to 137 netBIOS ns 
  Source IP: 211.228.134.118   Source port: 137 
Source host: 211.228.134.118
  Target IP: 12.82.128.114   Target port: 137   Proto: UDP 
Target host: 114.seattle-01-02rs.wa.dial-access.att.net



Feb 20 08:15:18 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.243.108.143   Source port: 2455 
Source host: 12-243-108-143.client.attbi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 08:15:21 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.243.108.143   Source port: 2455 
Source host: 12-243-108-143.client.attbi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 08:55:38 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.234.91.23   Source port: 2456 
Source host: 12-234-91-23.client.attbi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 08:55:41 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.234.91.23   Source port: 2456 
Source host: 12-234-91-23.client.attbi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 09:40:25 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.139.116   Source port: 3845 
Source host: 116.seattle-28-29rs.wa.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 09:40:28 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.139.116   Source port: 3845 
Source host: 116.seattle-28-29rs.wa.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 09:46:57 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.137.186   Source port: 3454 
Source host: 186.seattle-23-24rs.wa.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 09:46:59 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.137.186   Source port: 3454 
Source host: 186.seattle-23-24rs.wa.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 10:48:23 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.135.193   Source port: 3915 
Source host: 193.seattle-18-19rs.wa.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 10:48:26 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.135.193   Source port: 3915 
Source host: 193.seattle-18-19rs.wa.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 11:05:23 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.253.22.153   Source port: 2316 
Source host: 12-253-22-153.client.attbi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 11:05:26 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.253.22.153   Source port: 2316 
Source host: 12-253-22-153.client.attbi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 11:05:43 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.236.60.2   Source port: 3529 
Source host: 12-236-60-2.client.attbi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 11:05:46 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.236.60.2   Source port: 3529 
Source host: 12-236-60-2.client.attbi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 11:46:54 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.235.71.175   Source port: 2878 
Source host: 12-235-71-175.client.attbi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 12:04:49 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.163.7   Source port: 3314 
Source host: 7.seattle10rh16rt.wa.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 12:04:51 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.163.7   Source port: 3314 
Source host: 7.seattle10rh16rt.wa.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 12:08:14 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.246.136   Source port: 4393 
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 12:08:16 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.246.136   Source port: 4393 
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 12:53:55 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.246.136   Source port: 1679 
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 12:53:58 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.246.136   Source port: 1679 
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 12:58:34 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.246.136   Source port: 1033 
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 13:27:30 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.246.136   Source port: 4643 
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 13:27:33 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.246.136   Source port: 4643 
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 15:26:29 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.217.143.225   Source port: 3983 
Source host: 12-217-143-225.client.mchsi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net

Feb 20 15:26:32 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.217.143.225   Source port: 3983 
Source host: 12-217-143-225.client.mchsi.com
  Target IP: 12.82.128.178   Target port: 80   Proto: TCP 
Target host: 178.seattle-01-02rs.wa.dial-access.att.net


Feb 20 21:10:17 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.224.158   Source port: 3733 
Source host: 158.houston-01rh15rt.tx.dial-access.att.net
  Target IP: 12.82.131.101   Target port: 80   Proto: TCP 
Target host: 101.seattle-08-09rs.wa.dial-access.att.net

Feb 20 21:10:21 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.224.158   Source port: 3733 
Source host: 158.houston-01rh15rt.tx.dial-access.att.net
  Target IP: 12.82.131.101   Target port: 80   Proto: TCP 
Target host: 101.seattle-08-09rs.wa.dial-access.att.net


Feb 20 22:29:41 - snort [1:0:0] TCP to 21 ftp 
  Source IP: 212.179.251.105   Source port: 3517 
Source host: bzq-251-105.red.bezeqint.net
  Target IP: 12.82.131.101   Target port: 21   Proto: TCP 
Target host: 101.seattle-08-09rs.wa.dial-access.att.net

Feb 20 22:29:43 - snort [1:0:0] TCP to 21 ftp 
  Source IP: 212.179.251.105   Source port: 3517 
Source host: bzq-251-105.red.bezeqint.net
  Target IP: 12.82.131.101   Target port: 21   Proto: TCP 
Target host: 101.seattle-08-09rs.wa.dial-access.att.net

Feb 20 22:29:49 - snort [1:0:0] TCP to 21 ftp 
  Source IP: 212.179.251.105   Source port: 3517 
Source host: bzq-251-105.red.bezeqint.net
  Target IP: 12.82.131.101   Target port: 21   Proto: TCP 
Target host: 101.seattle-08-09rs.wa.dial-access.att.net




This report generated 02/21/2002 at 04:01:01
by a perl script written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl


jsage@finchhaven.com
Last modified: Thu Feb 21 22:54:01 2002