Incident: 02-28-02 13:47pm

tcp:21 ftp

Pretty unremarkable, really. W4r3z k1ddi3s...


syslog/logcheck:

Feb 28 13:47:53 - snort [1:0:0] TCP to 21 ftp 
  Source IP: 137.250.65.90   Source port: 3907 
Source host: pc-65-090.Phil.Uni-Augsburg.DE
  Target IP: 12.82.128.22   Target port: 21   Proto: TCP 
Target host: 22.seattle-01-02rs.wa.dial-access.att.net


snort packet log:

02/28-13:47:53.036942 137.250.65.90:3907 -> 12.82.128.22:21
TCP TTL:108 TOS:0x0 ID:42670 IpLen:20 DgmLen:44 DF
******S* Seq: 0x42CB94F0  Ack: 0x0  Win: 0x2000  TcpLen: 24
TCP Options (1) => MSS: 1460 


ipchains:

Feb 28 13:47:53 greatwall kernel: Packet log: input DENY ppp0 PROTO=6
 137.250.65.90:3907 12.82.128.22:21
 L=44 S=0x00 I=42670 F=0x4000 T=108 SYN (#64)




BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

University of Augsburg (NET-AUX)
   D-8900 Augsburg
   DE    

Netname: AUX
   Netblock: 137.250.0.0 - 137.250.255.255    Coordinator:
      Stindl, Siegfried  (SS297-ARIN)  stindl@UNI-AUGSBURG.DE
      +49 821 598 2006    

Domain System inverse mapping provided by:    
   BBIWY.CC.UNI-AUGSBURG.DE137.250.1.254
   RZSUN2.RZ.UNI-AUGSBURG.DE137.250.111.4
   DENEB.DFN.DE192.76.176.9




jsage@finchhaven.com
Last modified: Sat Mar 2 20:51:25 2002