Logs: 03-11-02
To: jsage@finchhaven.com
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 03/11/2002
Logs at FinchHaven for 03/11/2002 extracted from /var/log/messages
Report generated 04:01:01 (TZ -08:00) 03/12/2002
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
In /var/log/messages: Probes to port 21 ftp: 0
Probes to port 22 ssh: 0
Probes to port 23 telnet: 0
Probes to port 53 dns: 0
Probes to port 80 http: 11
Probes to port 111 sunrpc: 1
Probes to port 137 netbios-ns: 0
Probes to port 139 netbios-ssn: 4
Probes to port 445 ms-ds: 0
Probes to port 515 lpr: 0
Total, probes to all ports: 34
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Mar 11 06:27:48 - snort [1:0:0] TCP to 111 sunrpc
Source IP: 208.187.197.126 Source port: 3261
Source host: 208.187.197.126
Target IP: 12.82.128.99 Target port: 111 Proto: TCP
Target host: 99.seattle-01-02rs.wa.dial-access.att.net
Mar 11 06:57:37 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 62.80.192.132 Source port: 33001
Source host: 62.80.192.132
Target IP: 12.82.128.99 Target port: 80 Proto: TCP
Target host: 99.seattle-01-02rs.wa.dial-access.att.net
Mar 11 06:57:40 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 62.80.192.132 Source port: 33001
Source host: 62.80.192.132
Target IP: 12.82.128.99 Target port: 80 Proto: TCP
Target host: 99.seattle-01-02rs.wa.dial-access.att.net
Mar 11 06:57:47 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 62.80.192.132 Source port: 33001
Source host: 62.80.192.132
Target IP: 12.82.128.99 Target port: 80 Proto: TCP
Target host: 99.seattle-01-02rs.wa.dial-access.att.net
Mar 11 20:08:18 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:08:20 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:08:25 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:08:33 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:08:51 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:09:26 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:10:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:12:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:14:36 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:16:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:18:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:20:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:22:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:24:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:26:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:28:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:30:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 63.215.124.14 Source port: 80
Source host: unknown.Level3.net
Target IP: 12.82.136.5 Target port: 1041 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:43:51 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.79 Source port: 3247
Source host: 79.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.136.5 Target port: 80 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 20:43:54 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.79 Source port: 3247
Source host: 79.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.136.5 Target port: 80 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 21:27:46 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.79 Source port: 2416
Source host: 79.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.136.5 Target port: 80 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 21:27:49 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.79 Source port: 2416
Source host: 79.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.136.5 Target port: 80 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 21:32:32 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.65.158.24 Source port: 2083
Source host: 194.65.158.24
Target IP: 12.82.136.5 Target port: 139 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 21:32:35 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.65.158.24 Source port: 2083
Source host: 194.65.158.24
Target IP: 12.82.136.5 Target port: 139 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 21:32:42 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.65.158.24 Source port: 2083
Source host: 194.65.158.24
Target IP: 12.82.136.5 Target port: 139 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 21:32:55 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.65.158.24 Source port: 2083
Source host: 194.65.158.24
Target IP: 12.82.136.5 Target port: 139 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 22:10:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.131 Source port: 4245
Source host: 131.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.136.5 Target port: 80 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 22:10:23 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.131 Source port: 4245
Source host: 131.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.136.5 Target port: 80 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 22:15:58 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.131 Source port: 3806
Source host: 131.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.136.5 Target port: 80 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 11 22:16:01 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.131 Source port: 3806
Source host: 131.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.136.5 Target port: 80 Proto: TCP
Target host: 5.seattle-21-22rs.wa.dial-access.att.net
Mar 12 01:47:02 - snort [1:0:0] UDP to 161 snmp
Source IP: 203.194.147.237 Source port: 32770
Source host: 203.194.147.237
Target IP: 12.82.128.89 Target port: 161 Proto: UDP
Target host: 89.seattle-01-02rs.wa.dial-access.att.net
This report generated 03/12/2002 at 04:01:01
by a perl script written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl
jsage@finchhaven.com
Last modified: Sat Mar 16 13:28:33 2002