Incident 02-21-02 21:37pm


snort2html.plx:

Feb 21 21:37:54 - snort [1:0:0] TCP to 21 ftp
  Source IP: 80.134.16.16   Source port: 3009
Source host: p50861010.dip.t-dialin.net
  Target IP: 12.82.140.70   Target port: 21   Proto: TCP
Target host: 70.seattle-05-10rs.wa.dial-access.att.net 

Feb 21 21:37:57 - snort [1:0:0] TCP to 21 ftp
  Source IP: 80.134.16.16   Source port: 3009
Source host: p50861010.dip.t-dialin.net
  Target IP: 12.82.140.70   Target port: 21   Proto: TCP
Target host: 70.seattle-05-10rs.wa.dial-access.att.net 

Feb 21 21:38:02 - snort [1:0:0] TCP to 21 ftp
  Source IP: 80.134.16.16   Source port: 3009
Source host: p50861010.dip.t-dialin.net
  Target IP: 12.82.140.70   Target port: 21   Proto: TCP
Target host: 70.seattle-05-10rs.wa.dial-access.att.net


snort:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/21-21:37:54.084187 80.134.16.16:3009 -> 12.82.140.70:21
TCP TTL:116 TOS:0x0 ID:53147 IpLen:20 DgmLen:52 DF
******S* Seq: 0xA65EE1B  Ack: 0x0  Win: 0x7FFF  TcpLen: 32
TCP Options (6) => MSS: 1452 NOP WS: 0 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/21-21:37:57.014437 80.134.16.16:3009 -> 12.82.140.70:21
TCP TTL:116 TOS:0x0 ID:53754 IpLen:20 DgmLen:52 DF
******S* Seq: 0xA65EE1B  Ack: 0x0  Win: 0x7FFF  TcpLen: 32
TCP Options (6) => MSS: 1452 NOP WS: 0 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/21-21:38:02.985017 80.134.16.16:3009 -> 12.82.140.70:21
TCP TTL:116 TOS:0x0 ID:54954 IpLen:20 DgmLen:52 DF
******S* Seq: 0xA65EE1B  Ack: 0x0  Win: 0x7FFF  TcpLen: 32
TCP Options (6) => MSS: 1452 NOP WS: 0 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html 

inetnum:      80.128.0.0 - 80.146.159.255
netname:      DTAG-DIAL16
descr:        Deutsche Telekom AG
country:      DE
admin-c:      DTIP-RIPE
tech-c:       ST5359-RIPE
status:       ASSIGNED PA
remarks:      *****************************************************************
remarks:      * ABUSE CONTACT: abuse@t-ipnet.de IN CASE OF HACK ATTACKS,      *
remarks:      * ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.        *
remarks:      *****************************************************************
notify:       auftrag@nic.telekom.de
notify:       dbd@nic.dtag.de
mnt-by:       DTAG-NIC
changed:      auftrag@nic.telekom.de 20020108
source:       RIPE 

route:        80.128.0.0/11
descr:        Deutsche Telekom AG, Internet service provider
origin:       AS3320
mnt-by:       DTAG-RR
changed:      bp@nic.dtag.de 20010807
source:       RIPE 

person:       DTAG Global IP-Adressing
address:      Deutsche Telekom AG
address:      Postfach 900110
address:      D-90492 Nuernberg
address:      Germany
phone:        +49 911 68909856
e-mail:       cc-ip-eingang.nbg@telekom.de
nic-hdl:      DTIP-RIPE
mnt-by:       DTAG-NIC
changed:      auftrag@nic.telekom.de 20011205
source:       RIPE


jsage@finchhaven.com
Last modified: Fri Feb 22 15:02:17 2002