Logs: 03-05-02



To: jsage@finchhaven.com
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 03/5/2002

Logs at FinchHaven for 03/5/2002 extracted from /var/log/messages
Report generated 04:01:00 (TZ -08:00) 03/ 6/2002

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
In /var/log/messages:  Probes to port 21 ftp:        0
                       Probes to port 22 ssh:        0
                    Probes to port 23 telnet:        0
                       Probes to port 53 dns:        6
                      Probes to port 80 http:       63
                   Probes to port 111 sunrpc:        0
               Probes to port 137 netbios-ns:        0
              Probes to port 139 netbios-ssn:        0
                    Probes to port 445 ms-ds:        0
                      Probes to port 515 lpr:        2
                  Total, probes to all ports:       85
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

Mar  5 04:05:21 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.253.225.171   Source port: 1297 
Source host: 12-253-225-171.client.attbi.com
  Target IP: 12.82.132.166   Target port: 80   Proto: TCP 
Target host: 166.seattle-11-12rs.wa.dial-access.att.net



Mar  5 09:19:19 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.132.222   Source port: 2762 
Source host: 222.seattle-11-12rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 09:19:21 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.132.222   Source port: 2762 
Source host: 222.seattle-11-12rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 10:14:01 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 4014 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 10:14:04 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 4014 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 10:17:00 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.251.38.140   Source port: 1936 
Source host: 12-251-38-140.client.attbi.com
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 10:17:03 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.251.38.140   Source port: 1936 
Source host: 12-251-38-140.client.attbi.com
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 10:30:26 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.224.242.126   Source port: 3383 
Source host: 12-224-242-126.client.attbi.com
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 10:30:29 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.224.242.126   Source port: 3383 
Source host: 12-224-242-126.client.attbi.com
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 10:57:56 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1440 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 10:57:59 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1440 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 11:24:15 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.248.236.211   Source port: 25373 
Source host: 12-248-236-211.client.attbi.com
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 11:36:08 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.160.197   Source port: 4228 
Source host: 197.seattle09rh15rt.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 11:36:11 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.160.197   Source port: 4228 
Source host: 197.seattle09rh15rt.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 11:50:35 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.140.76   Source port: 1700 
Source host: 76.seattle-05-10rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 11:50:37 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.140.76   Source port: 1700 
Source host: 76.seattle-05-10rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 11:51:30 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.237.252   Source port: 2776 
Source host: 252.houston-07rh16rt.tx.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 11:51:35 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.237.252   Source port: 2776 
Source host: 252.houston-07rh16rt.tx.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 12:00:32 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 3778 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 12:00:35 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 3778 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net


Mar  5 12:11:37 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1683 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 12:11:40 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1683 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 12:12:54 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.140.76   Source port: 2180 
Source host: 76.seattle-05-10rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 12:12:57 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.140.76   Source port: 2180 
Source host: 76.seattle-05-10rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 12:37:18 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.150.51   Source port: 1083 
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 12:37:21 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.150.51   Source port: 1083 
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 12:49:05 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1752 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 12:49:08 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1752 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 12:50:32 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.252.152.237   Source port: 2607 
Source host: 12-252-152-237.client.attbi.com
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 12:50:35 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.252.152.237   Source port: 2607 
Source host: 12-252-152-237.client.attbi.com
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 13:01:40 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.150.51   Source port: 1297 
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:01:43 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.150.51   Source port: 1297 
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net


Mar  5 13:14:44 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.150.51   Source port: 2280 
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:14:47 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.150.51   Source port: 2280 
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 13:38:01 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:02 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:03 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:04 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:05 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:06 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:07 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:08 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:09 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:10 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:11 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:12 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:13 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:14 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:38:15 - snort [1:0:0] ICMP echo request 
  Source IP: 63.136.120.74     Source port: -N/A-
Source host: 63.136.120.74  
  Target IP: 12.82.140.117   Target port: -N/A-   Proto: ICMP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net


BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

Cable & Wireless USA (NETBLK-CW-11BLK) CW-11BLK 
  63.136.0.0 - 63.137.255.255

CAIMIS (NETBLK-CW-63-136-120-64)CW-63-136-120-64
 63.136.120.64 - 63.136.120.95


BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

CAIMIS (NETBLK-CW-63-136-120-64)
   3051 Miller Road
   Ann Arbor, MI 48103
   US    

Netname: CW-63-136-120-64
   Netblock: 63.136.120.64 - 63.136.120.95    

Coordinator:
      Beecher, Bryan  (BB1195-ARIN)  bryan@caimis.com
      (734) 730 - 1071 

   Record last updated on 15-Mar-2001.
   Database last updated on  5-Mar-2002 19:57:42 EDT.




Mar  5 13:40:24 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 4259 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:40:27 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 4259 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net


Mar  5 13:42:22 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1402 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 13:42:25 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1402 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 14:02:18 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.150.66   Source port: 1301 
Source host: 66.seattle04rh15rt.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 14:02:21 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.150.66   Source port: 1301 
Source host: 66.seattle04rh15rt.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 14:35:28 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.251.120.72   Source port: 3768 
Source host: 12-251-120-72.client.attbi.com
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 14:35:30 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.251.120.72   Source port: 3768 
Source host: 12-251-120-72.client.attbi.com
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 14:45:56 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1620 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 14:45:59 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1620 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net


Mar  5 14:55:15 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 2501 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 14:55:18 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 2501 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net


Mar  5 15:06:33 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1249 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net

Mar  5 15:06:36 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.136.107   Source port: 1249 
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
  Target IP: 12.82.140.117   Target port: 80   Proto: TCP 
Target host: 117.seattle-05-10rs.wa.dial-access.att.net



Mar  5 18:07:08 - snort [1:0:0] TCP to 515 lpr 
  Source IP: 203.125.152.67   Source port: 4041 
Source host: 203.125.152.67
  Target IP: 12.82.129.170   Target port: 515   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net



Mar  5 18:17:43 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.87.60.125   Source port: 4419 
Source host: 125.detroit-11-12rs.mi.dial-access.att.net
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net

Mar  5 18:17:46 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.87.60.125   Source port: 4419 
Source host: 125.detroit-11-12rs.mi.dial-access.att.net
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net



Mar  5 18:22:34 - snort [1:0:0] TCP to 515 lpr 
  Source IP: 62.177.158.170   Source port: 2212 
Source host: 62-177-158-170.bbeyond.nl
  Target IP: 12.82.129.170   Target port: 515   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net



Mar  5 18:52:50 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.254.213.31   Source port: 2513 
Source host: 12-254-213-31.client.attbi.com
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net

Mar  5 18:52:53 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.254.213.31   Source port: 2513 
Source host: 12-254-213-31.client.attbi.com
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net



Mar  5 18:56:09 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.234.64.6   Source port: 1863 
Source host: 12-234-64-6.client.attbi.com
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net

Mar  5 18:56:12 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.234.64.6   Source port: 1863 
Source host: 12-234-64-6.client.attbi.com
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net



Mar  5 19:01:47 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.230.160.36   Source port: 3835 
Source host: 12-230-160-36.client.attbi.com
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net



Mar  5 19:44:08 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.90.111.21   Source port: 4952 
Source host: 21.pittsburgh-04rh16rt.pa.dial-access.att.net
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net

Mar  5 19:44:11 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.90.111.21   Source port: 4952 
Source host: 21.pittsburgh-04rh16rt.pa.dial-access.att.net
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net



Mar  5 22:09:11 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.173.80   Source port: 2852 
Source host: 80.seattle15rh16rt.wa.dial-access.att.net
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net

Mar  5 22:09:14 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.82.173.80   Source port: 2852 
Source host: 80.seattle15rh16rt.wa.dial-access.att.net
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net



Mar  5 22:22:39 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.228.50.13   Source port: 1482 
Source host: 12-228-50-13.client.attbi.com
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net

Mar  5 22:22:42 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.228.50.13   Source port: 1482 
Source host: 12-228-50-13.client.attbi.com
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net



Mar  5 23:30:15 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.234.11.160   Source port: 1262 
Source host: 12-234-11-160.client.attbi.com
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net

Mar  5 23:30:18 - snort [1:0:0] Potential CodeRed/Nimda probe 
  Source IP: 12.234.11.160   Source port: 1262 
Source host: 12-234-11-160.client.attbi.com
  Target IP: 12.82.129.170   Target port: 80   Proto: TCP 
Target host: 170.seattle-03-04rs.wa.dial-access.att.net



This report generated 03/ 6/2002 at 04:01:00 
by a perl script written by John Sage at FinchHaven.com, 
based upon the work of Dan Swan in his script snort2html.pl



jsage@finchhaven.com
Last modified: Wed Mar 6 06:21:40 2002