Logs: 03-02-02
To: jsage@finchhaven.com
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 03/2/2002
Logs at FinchHaven for 03/2/2002 extracted from /var/log/messages
Report generated 04:01:00 (TZ -08:00) 03/ 3/2002
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
In /var/log/messages: Probes to port 21 ftp: 4
Probes to port 22 ssh: 0
Probes to port 23 telnet: 0
Probes to port 53 dns: 12
Probes to port 80 http: 46
Probes to port 111 sunrpc: 0
Probes to port 137 netbios-ns: 1
Probes to port 139 netbios-ssn: 0
Probes to port 445 ms-ds: 0
Probes to port 515 lpr: 0
Total, probes to all ports: 104
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Mar 2 07:52:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.245.236.184 Source port: 3818
Source host: 12-245-236-184.client.attbi.com
Target IP: 12.82.142.113 Target port: 80 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:52:38 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.245.236.184 Source port: 3818
Source host: 12-245-236-184.client.attbi.com
Target IP: 12.82.142.113 Target port: 80 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:57:48 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:57:54 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:58:00 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:58:06 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:58:10 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:58:14 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:58:20 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:58:24 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:58:30 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:58:34 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:58:38 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 07:58:44 - snort [1:0:0] ICMP echo request
Source IP: 12.129.11.29 Source port: -N/A-
Source host: a12-129-11-29.deploy.akamaitechnologies.com
Target IP: 12.82.142.113 Target port: -N/A- Proto: ICMP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 10:34:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.232.122 Source port: 4779
Source host: 122.houston-05rh15rt.tx.dial-access.att.net
Target IP: 12.82.142.113 Target port: 80 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 10:34:24 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.232.122 Source port: 4779
Source host: 122.houston-05rh15rt.tx.dial-access.att.net
Target IP: 12.82.142.113 Target port: 80 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 11:07:33 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.253.225.171 Source port: 2059
Source host: 12-253-225-171.client.attbi.com
Target IP: 12.82.142.113 Target port: 80 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 11:07:36 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.253.225.171 Source port: 2059
Source host: 12-253-225-171.client.attbi.com
Target IP: 12.82.142.113 Target port: 80 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 11:11:05 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 12.82.142.235 Source port: 1066
Source host: 235.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.142.113 Target port: 137 Proto: UDP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 11:21:01 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.232.122 Source port: 2694
Source host: 122.houston-05rh15rt.tx.dial-access.att.net
Target IP: 12.82.142.113 Target port: 80 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 11:21:04 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.232.122 Source port: 2694
Source host: 122.houston-05rh15rt.tx.dial-access.att.net
Target IP: 12.82.142.113 Target port: 80 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 12:25:55 - snort [1:0:0] TCP to 1080 socks
Source IP: 4.40.25.17 Source port: 4688
Source host: lsanca1-ar6-025-017.lsanca1.dsl.gtei.net
Target IP: 12.82.142.113 Target port: 1080 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 12:25:58 - snort [1:0:0] TCP to 1080 socks
Source IP: 4.40.25.17 Source port: 4688
Source host: lsanca1-ar6-025-017.lsanca1.dsl.gtei.net
Target IP: 12.82.142.113 Target port: 1080 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 15:23:17 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.142.254 Source port: 1082
Source host: 254.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.142.113 Target port: 12345 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 15:23:21 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.142.254 Source port: 1082
Source host: 254.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.142.113 Target port: 12345 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 15:23:29 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.142.254 Source port: 1082
Source host: 254.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.142.113 Target port: 12345 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 15:23:39 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.142.254 Source port: 1082
Source host: 254.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.142.113 Target port: 12345 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 15:24:10 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.142.254 Source port: 1083
Source host: 254.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.142.113 Target port: 12345 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 15:24:13 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.142.254 Source port: 1083
Source host: 254.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.142.113 Target port: 12345 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 15:24:19 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.142.254 Source port: 1083
Source host: 254.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.142.113 Target port: 12345 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 15:24:31 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.142.254 Source port: 1083
Source host: 254.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.142.113 Target port: 12345 Proto: TCP
Target host: 113.seattle-25-30rs.wa.dial-access.att.net
Mar 2 15:32:54 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 207.95.12.112 Source port: 3504
Source host: smf-ca2a-112.rasserver.net
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 15:32:57 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 207.95.12.112 Source port: 3504
Source host: smf-ca2a-112.rasserver.net
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 15:33:03 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 207.95.12.112 Source port: 3504
Source host: smf-ca2a-112.rasserver.net
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 16:44:00 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 207.95.8.148 Source port: 4665
Source host: 207.95.8.148
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 16:44:03 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 207.95.8.148 Source port: 4665
Source host: 207.95.8.148
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 16:44:08 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 207.95.8.148 Source port: 4665
Source host: 207.95.8.148
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 17:42:06 - snort [1:0:0] TCP to 21 ftp
Source IP: 217.81.92.110 Source port: 3270
Source host: pD9515C6E.dip.t-dialin.net
Target IP: 12.82.129.120 Target port: 21 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 18:22:38 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 1166
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 18:22:40 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 1166
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 18:55:05 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 3554
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 18:55:07 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 3554
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:06:18 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 4553
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:06:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 4553
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:13:52 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 2920
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:13:54 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 2920
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:23:38 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 149.61.136.46 Source port: 1193
Source host: 149.61.136.46
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:23:41 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 149.61.136.46 Source port: 1193
Source host: 149.61.136.46
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:23:47 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 149.61.136.46 Source port: 1193
Source host: 149.61.136.46
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:23:59 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 149.61.136.46 Source port: 1193
Source host: 149.61.136.46
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:41:28 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 3694
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:41:30 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 3694
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:52:40 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 4717
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:52:42 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 4717
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:55:22 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.102 Source port: 1573
Source host: 102.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 19:55:25 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.102 Source port: 1573
Source host: 102.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:08:25 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.102 Source port: 3943
Source host: 102.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:09:17 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.102 Source port: 1826
Source host: 102.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:14:53 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 3361
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:14:56 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 3361
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:23:52 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.154.110 Source port: 2026
Source host: 110.seattle06rh15rt.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:23:55 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.154.110 Source port: 2026
Source host: 110.seattle06rh15rt.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:26:54 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 1325
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:26:57 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 1325
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:27:33 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.154.110 Source port: 3877
Source host: 110.seattle06rh15rt.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:27:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.154.110 Source port: 3877
Source host: 110.seattle06rh15rt.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:31:43 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 68.82.76.70 Source port: 29462
Source host: pcp01473252pcs.lncstr01.pa.comcast.net
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:31:46 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 68.82.76.70 Source port: 29462
Source host: pcp01473252pcs.lncstr01.pa.comcast.net
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:31:51 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 68.82.76.70 Source port: 29462
Source host: pcp01473252pcs.lncstr01.pa.comcast.net
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:32:04 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 68.82.76.70 Source port: 29462
Source host: pcp01473252pcs.lncstr01.pa.comcast.net
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 20:32:27 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 68.82.76.70 Source port: 29462
Source host: pcp01473252pcs.lncstr01.pa.comcast.net
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 21:03:17 - snort [1:0:0] ICMP echo request
Source IP: 62.212.118.14 Source port: -N/A-
Source host: aboukir-101-1-29-14.adsl.nerim.net
Target IP: 12.82.129.120 Target port: -N/A- Proto: ICMP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 21:35:34 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 4098
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 21:35:37 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.53 Source port: 4098
Source host: 53.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 21:51:58 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 216.89.55.150 Source port: 1802
Source host: breckuser150.texasisp.com
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 21:52:01 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 216.89.55.150 Source port: 1802
Source host: breckuser150.texasisp.com
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 21:52:07 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 216.89.55.150 Source port: 1802
Source host: breckuser150.texasisp.com
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 21:52:19 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 216.89.55.150 Source port: 1802
Source host: breckuser150.texasisp.com
Target IP: 12.82.129.120 Target port: 6346 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 23:25:17 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.130.126 Source port: 3716
Source host: 126.seattle-06-07rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 23:25:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.130.126 Source port: 3716
Source host: 126.seattle-06-07rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 23:26:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.130.126 Source port: 2785
Source host: 126.seattle-06-07rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 23:26:24 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.130.126 Source port: 2785
Source host: 126.seattle-06-07rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 80 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 23:29:29 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.129.45 Source port: 1151
Source host: 45.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 12345 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 23:29:31 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.129.45 Source port: 1151
Source host: 45.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 12345 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 23:29:38 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.129.45 Source port: 1151
Source host: 45.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 12345 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 23:29:49 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.129.45 Source port: 1151
Source host: 45.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.120 Target port: 12345 Proto: TCP
Target host: 120.seattle-03-04rs.wa.dial-access.att.net
Mar 2 23:32:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.248.95.242 Source port: 4436
Source host: 12-248-95-242.client.attbi.com
Target IP: 12.82.137.178 Target port: 80 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
Mar 2 23:32:24 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.248.95.242 Source port: 4436
Source host: 12-248-95-242.client.attbi.com
Target IP: 12.82.137.178 Target port: 80 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
Mar 2 23:33:02 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.151.94 Source port: 3974
Source host: 94.seattle04rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.178 Target port: 80 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
Mar 2 23:33:05 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.151.94 Source port: 3974
Source host: 94.seattle04rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.178 Target port: 80 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
Mar 2 23:34:43 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.130.126 Source port: 4500
Source host: 126.seattle-06-07rs.wa.dial-access.att.net
Target IP: 12.82.137.178 Target port: 80 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
Mar 2 23:34:46 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.130.126 Source port: 4500
Source host: 126.seattle-06-07rs.wa.dial-access.att.net
Target IP: 12.82.137.178 Target port: 80 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
Mar 2 23:42:52 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.237.40.110 Source port: 1840
Source host: 12-237-40-110.client.attbi.com
Target IP: 12.82.137.178 Target port: 80 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
Mar 2 23:42:55 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.237.40.110 Source port: 1840
Source host: 12-237-40-110.client.attbi.com
Target IP: 12.82.137.178 Target port: 80 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
Mar 2 23:48:41 - snort [1:0:0] TCP to 21 ftp
Source IP: 65.93.192.19 Source port: 3711
Source host: Quebec-HSE-ppp3612398.sympatico.ca
Target IP: 12.82.137.178 Target port: 21 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
Mar 2 23:48:44 - snort [1:0:0] TCP to 21 ftp
Source IP: 65.93.192.19 Source port: 3711
Source host: Quebec-HSE-ppp3612398.sympatico.ca
Target IP: 12.82.137.178 Target port: 21 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
Mar 2 23:48:50 - snort [1:0:0] TCP to 21 ftp
Source IP: 65.93.192.19 Source port: 3711
Source host: Quebec-HSE-ppp3612398.sympatico.ca
Target IP: 12.82.137.178 Target port: 21 Proto: TCP
Target host: 178.seattle-23-24rs.wa.dial-access.att.net
This report generated 03/ 3/2002 at 04:01:00
by a perl script written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl
jsage@finchhaven.com
Last modified: Sun Mar 3 17:15:52 2002