Incident: 03-12-02 tcp:53

snort2html.plx:

Mar 12 23:28:22 - snort [1:0:0] TCP to 53 domain 
  Source IP: 202.237.14.185   Source port: 4080 
Source host: ginza.ne.jp
  Target IP: 12.82.141.8   Target port: 53   Proto: TCP 
Target host: 8.seattle-15-20rs.wa.dial-access.att.net


snort packet dump:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[**] [1:0:0] TCP to 53 domain [**]
03/12-23:28:22.700060 202.237.14.185:4080 -> 12.82.141.8:53
TCP TTL:51 TOS:0x0 ID:21839 IpLen:20 DgmLen:60 DF
******S* Seq: 0xEFBE062C  Ack: 0x0  Win: 0x7D78  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 17578046 0 NOP WS: 0

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman 

Request: 202.237.14.185
connecting to whois.arin.net [63.146.182.182:43] ...
connecting to WHOIS.APNIC.NET [202.12.29.13:43] ... 

% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html
% (whois6.apnic.net) 

inetnum:     202.236.0.0 - 202.239.255.255
netname:     JPNIC-NET-JP
descr:       Japan Network Information Center
country:     JP
admin-c:     JNIC1-AP
tech-c:      JNIC1-AP
remarks:     JPNIC Allocation Block
remarks:     Authoritative information regarding assignments and
remarks:     allocations made from within this block can also be
remarks:     queried at whois.nic.ad.jp. To obtain an English
remarks:     output query whois -h whois.nic.ad.jp x.x.x.x/e



[ JPNIC database provides information on network administration. Its use is   ]
[ restricted to network administration purposes. For further information, use ]
[ 'whois -h whois.nic.ad.jp help'. To suppress Japanese output, add '/e' at   ]
[ the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'.                  ] 

Network Information:
a. [Network Number]             202.237.14.0
b. [Network Name]               AMR-NET
g. [Organization]               AMR Inc.
m. [Administrative Contact]     SK114JP
n. [Technical Contact]          IN012JP
p. [Nameserver]                 ns.amr.co.jp
p. [Nameserver]                 ns.hmd.co.jp
y. [Reply Mail]                 KGE02170@niftyserve.or.jp
[Assigned Date]                 
[Return Date]                   
[Last Update]                   1997/07/08 22:25:07 (JST)
                                koh@amr.co.jp



http to 202.237.14.185:

<html><body>GINZA.NE.JP</body></html>
jsage@finchhaven.com
Last modified: Sat Mar 16 14:15:03 2002