Incident: 03-12-02 tcp:53


Mar 12 23:28:22 - snort [1:0:0] TCP to 53 domain 
  Source IP:   Source port: 4080 
Source host:
  Target IP:   Target port: 53   Proto: TCP 
Target host:

snort packet dump:

[**] [1:0:0] TCP to 53 domain [**]
03/12-23:28:22.700060 ->
TCP TTL:51 TOS:0x0 ID:21839 IpLen:20 DgmLen:60 DF
******S* Seq: 0xEFBE062C  Ack: 0x0  Win: 0x7D78  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 17578046 0 NOP WS: 0


BW whois 2.9 by Bill Weinman (
 1999-2001 William E. Weinman 

connecting to [] ...
connecting to WHOIS.APNIC.NET [] ... 

% Rights restricted by copyright. See
% ( 

inetnum: -
netname:     JPNIC-NET-JP
descr:       Japan Network Information Center
country:     JP
admin-c:     JNIC1-AP
tech-c:      JNIC1-AP
remarks:     JPNIC Allocation Block
remarks:     Authoritative information regarding assignments and
remarks:     allocations made from within this block can also be
remarks:     queried at To obtain an English
remarks:     output query whois -h x.x.x.x/e

[ JPNIC database provides information on network administration. Its use is   ]
[ restricted to network administration purposes. For further information, use ]
[ 'whois -h help'. To suppress Japanese output, add '/e' at   ]
[ the end of command, e.g. 'whois -h xxx/e'.                  ] 

Network Information:
a. [Network Number]   
b. [Network Name]               AMR-NET
g. [Organization]               AMR Inc.
m. [Administrative Contact]     SK114JP
n. [Technical Contact]          IN012JP
p. [Nameserver]       
p. [Nameserver]       
y. [Reply Mail]       
[Assigned Date]                 
[Return Date]                   
[Last Update]                   1997/07/08 22:25:07 (JST)

http to

Last modified: Sat Mar 16 14:15:03 2002