03-31-02 ACID
Sorted by time
To: toot@sparky.finchhaven.net
Subject: ACID Incident Report
From: ACID Alert
Generated by ACID v0.9.6b21 on Thu April 04, 2002 18:54:56
------------------------------------------------------------------------------
#(12 - 1) [2002-03-31 06:41:19] TCP to 27374 SubSeven
IPv4: 172.184.70.38 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=30736 flags=0 offset=0 TTL=104 chksum=6740
TCP: port=4610 -> dport: 27374 flags=******S* seq=571982
ack=0 off=7 res=0 win=32767 urp=0 chksum=19363
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 2) [2002-03-31 06:41:31] TCP to 27374 SubSeven
IPv4: 172.184.70.38 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=64528 flags=0 offset=0 TTL=104 chksum=38483
TCP: port=4610 -> dport: 27374 flags=******S* seq=571982
ack=0 off=7 res=0 win=32767 urp=0 chksum=19363
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 3) [2002-03-31 06:59:33] Potential CodeRed/Nimda probe
IPv4: 12.82.66.117 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=23205 flags=0 offset=0 TTL=119 chksum=52438
TCP: port=1741 -> dport: 80 flags=******S* seq=3199384173
ack=0 off=7 res=0 win=8760 urp=0 chksum=1118
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 4) [2002-03-31 06:59:36] Potential CodeRed/Nimda probe
IPv4: 12.82.66.117 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=23597 flags=0 offset=0 TTL=119 chksum=52046
TCP: port=1741 -> dport: 80 flags=******S* seq=3199384173
ack=0 off=7 res=0 win=8760 urp=0 chksum=1118
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 5) [2002-03-31 07:10:49] Potential CodeRed/Nimda probe
IPv4: 12.82.66.117 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=25034 flags=0 offset=0 TTL=119 chksum=50609
TCP: port=2570 -> dport: 80 flags=******S* seq=486145982
ack=0 off=7 res=0 win=8760 urp=0 chksum=23945
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 6) [2002-03-31 07:10:52] Potential CodeRed/Nimda probe
IPv4: 12.82.66.117 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=25277 flags=0 offset=0 TTL=119 chksum=50366
TCP: port=2570 -> dport: 80 flags=******S* seq=486145982
ack=0 off=7 res=0 win=8760 urp=0 chksum=23945
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 7) [2002-03-31 07:39:45] UDP to 137 netBIOS ns
IPv4: 202.161.133.80 -> 12.82.129.51
hlen=5 TOS=0 dlen=78 ID=58858 flags=0 offset=0 TTL=116 chksum=33597
UDP: port=1046 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(12 - 8) [2002-03-31 07:42:39] UDP to 137 netBIOS ns
IPv4: 67.8.46.176 -> 12.82.129.51
hlen=5 TOS=0 dlen=78 ID=23003 flags=0 offset=0 TTL=107 chksum=63110
UDP: port=1025 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 9) [2002-03-31 09:18:07] TCP to range 1025-60999
IPv4: 211.100.7.73 -> 12.82.129.51
hlen=5 TOS=0 dlen=40 ID=5118 flags=0 offset=0 TTL=116 chksum=51871
TCP: port=5454 -> dport: 5454 flags=******S* seq=2096827682
ack=796183261 off=5 res=0 win=49945 urp=0 chksum=54666
Payload: none
------------------------------------------------------------------------------
<snip>
apc-tcp-udp-4 5454/tcp #apc-tcp-udp-4
apc-tcp-udp-4 5454/udp #apc-tcp-udp-4
<snip>
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html
% (whois6.apnic.net)
inetnum: 211.100.7.64 - 211.100.7.95
netname: GUANGQIAO
descr: co-location user
country: CN
admin-c: JY74-AP
tech-c: JY74-AP
mnt-by: MAINT-CN-263
changed: zhx@263.net.cn 20000918
source: APNIC
person: JIAN FENG YAN
address: 15th Building 1st District of Xiao Huang Zhuang,
address: District Dong Cheng, CHINA
country: CN
phone: +86-010-84287565
fax-no: +86-010-84286328
e-mail: haixia.zhao@net263.com
nic-hdl: JY74-AP
mnt-by: MAINT-CNNIC-AP
changed: ipas@cnnic.net.cn 20000927
changed: apnic-dbm@apnic.net 20010514
source: APNIC
------------------------------------------------------------------------------
#(12 - 10) [2002-03-31 09:53:08] Potential CodeRed/Nimda probe
IPv4: 12.82.129.120 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=11980 flags=0 offset=0 TTL=127 chksum=45484
TCP: port=2647 -> dport: 80 flags=******S* seq=3857032179
ack=0 off=7 res=0 win=16384 urp=0 chksum=37711
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 11) [2002-03-31 09:53:10] Potential CodeRed/Nimda probe
IPv4: 12.82.129.120 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=12239 flags=0 offset=0 TTL=127 chksum=45225
TCP: port=2647 -> dport: 80 flags=******S* seq=3857032179
ack=0 off=7 res=0 win=16384 urp=0 chksum=37711
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 12) [2002-03-31 10:13:56] TCP to 27374 SubSeven
IPv4: 172.132.205.183 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=4149 flags=0 offset=0 TTL=107 chksum=63441
TCP: port=4593 -> dport: 27374 flags=******S* seq=120532605
ack=0 off=7 res=0 win=8760 urp=0 chksum=42678
Options:
#1 - MSS len=4 data=0598
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 13) [2002-03-31 10:13:59] TCP to 27374 SubSeven
IPv4: 172.132.205.183 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=4293 flags=0 offset=0 TTL=107 chksum=63297
TCP: port=4593 -> dport: 27374 flags=******S* seq=120532605
ack=0 off=7 res=0 win=8760 urp=0 chksum=42678
Options:
#1 - MSS len=4 data=0598
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 14) [2002-03-31 10:14:05] TCP to 27374 SubSeven
IPv4: 172.132.205.183 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=4556 flags=0 offset=0 TTL=107 chksum=63034
TCP: port=4593 -> dport: 27374 flags=******S* seq=120532605
ack=0 off=7 res=0 win=8760 urp=0 chksum=42678
Options:
#1 - MSS len=4 data=0598
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 15) [2002-03-31 10:26:47] Potential CodeRed/Nimda probe
IPv4: 12.82.129.120 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=6225 flags=0 offset=0 TTL=127 chksum=51239
TCP: port=2287 -> dport: 80 flags=******S* seq=4077446718
ack=0 off=7 res=0 win=16384 urp=0 chksum=17737
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 16) [2002-03-31 10:26:50] Potential CodeRed/Nimda probe
IPv4: 12.82.129.120 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=6810 flags=0 offset=0 TTL=127 chksum=50654
TCP: port=2287 -> dport: 80 flags=******S* seq=4077446718
ack=0 off=7 res=0 win=16384 urp=0 chksum=17737
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 19) [2002-03-31 11:34:10] TCP to 27374 SubSeven
IPv4: 62.99.9.121 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=1037 flags=0 offset=0 TTL=108 chksum=13658
TCP: port=2173 -> dport: 27374 flags=******S* seq=684759587
ack=0 off=7 res=0 win=2144 urp=0 chksum=29339
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 20) [2002-03-31 11:34:13] TCP to 27374 SubSeven
IPv4: 62.99.9.121 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=1074 flags=0 offset=0 TTL=108 chksum=13621
TCP: port=2173 -> dport: 27374 flags=******S* seq=684759587
ack=0 off=7 res=0 win=2144 urp=0 chksum=29339
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 21) [2002-03-31 11:34:19] TCP to 27374 SubSeven
IPv4: 62.99.9.121 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=1152 flags=0 offset=0 TTL=108 chksum=13543
TCP: port=2173 -> dport: 27374 flags=******S* seq=684759587
ack=0 off=7 res=0 win=2144 urp=0 chksum=29339
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 22) [2002-03-31 12:01:11] TCP to 27374 SubSeven
IPv4: 24.161.117.147 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=58740 flags=0 offset=0 TTL=105 chksum=4250
TCP: port=2475 -> dport: 27374 flags=******S* seq=874403208
ack=0 off=7 res=0 win=64240 urp=0 chksum=28213
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 23) [2002-03-31 12:01:14] TCP to 27374 SubSeven
IPv4: 24.161.117.147 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=58806 flags=0 offset=0 TTL=105 chksum=4184
TCP: port=2475 -> dport: 27374 flags=******S* seq=874403208
ack=0 off=7 res=0 win=64240 urp=0 chksum=28213
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 24) [2002-03-31 12:01:20] TCP to 27374 SubSeven
IPv4: 24.161.117.147 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=58935 flags=0 offset=0 TTL=105 chksum=4055
TCP: port=2475 -> dport: 27374 flags=******S* seq=874403208
ack=0 off=7 res=0 win=64240 urp=0 chksum=28213
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 25) [2002-03-31 12:26:57] Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=7261 flags=0 offset=0 TTL=125 chksum=50509
TCP: port=4056 -> dport: 80 flags=******S* seq=4095109078
ack=0 off=7 res=0 win=16384 urp=0 chksum=47852
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 26) [2002-03-31 12:27:00] Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=7530 flags=0 offset=0 TTL=125 chksum=50240
TCP: port=4056 -> dport: 80 flags=******S* seq=4095109078
ack=0 off=7 res=0 win=16384 urp=0 chksum=47852
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 27) [2002-03-31 12:28:59] Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=18800 flags=0 offset=0 TTL=125 chksum=38970
TCP: port=1205 -> dport: 80 flags=******S* seq=57506324
ack=0 off=7 res=0 win=16384 urp=0 chksum=42107
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 28) [2002-03-31 12:29:00] Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=19087 flags=0 offset=0 TTL=125 chksum=38683
TCP: port=1205 -> dport: 80 flags=******S* seq=57506324
ack=0 off=7 res=0 win=16384 urp=0 chksum=42107
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 29) [2002-03-31 13:08:49] TCP to 21 ftp
IPv4: 144.132.9.185 -> 12.82.129.51
hlen=5 TOS=0 dlen=60 ID=49581 flags=0 offset=0 TTL=43 chksum=26188
TCP: port=4285 -> dport: 21 flags=******S* seq=311773264
ack=0 off=10 res=0 win=16060 urp=0 chksum=60553
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=0F437A0400000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 30) [2002-03-31 13:36:06] Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=3080 flags=0 offset=0 TTL=125 chksum=54690
TCP: port=3243 -> dport: 80 flags=******S* seq=346939806
ack=0 off=7 res=0 win=16384 urp=0 chksum=9147
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 31) [2002-03-31 13:36:10] Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=3348 flags=0 offset=0 TTL=125 chksum=54422
TCP: port=3243 -> dport: 80 flags=******S* seq=346939806
ack=0 off=7 res=0 win=16384 urp=49409 chksum=25273
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 32) [2002-03-31 13:39:01] Potential CodeRed/Nimda probe
IPv4: 12.236.100.241 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=55333 flags=0 offset=0 TTL=118 chksum=11584
TCP: port=1943 -> dport: 80 flags=******S* seq=174509795
ack=0 off=7 res=0 win=16384 urp=0 chksum=25228
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 33) [2002-03-31 13:39:04] Potential CodeRed/Nimda probe
IPv4: 12.236.100.241 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=56689 flags=0 offset=0 TTL=118 chksum=10228
TCP: port=1943 -> dport: 80 flags=******S* seq=174509795
ack=0 off=7 res=0 win=16384 urp=0 chksum=25228
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 34) [2002-03-31 13:52:13] UDP to 137 netBIOS ns
IPv4: 141.158.77.73 -> 12.82.129.51
hlen=5 TOS=0 dlen=78 ID=4940 flags=0 offset=0 TTL=116 chksum=51942
UDP: port=1042 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 35) [2002-03-31 13:53:52] Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=38356 flags=0 offset=0 TTL=125 chksum=19414
TCP: port=2429 -> dport: 80 flags=******S* seq=2725424946
ack=0 off=7 res=0 win=16384 urp=0 chksum=52111
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 36) [2002-03-31 13:53:55] Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=38611 flags=0 offset=0 TTL=125 chksum=19159
TCP: port=2429 -> dport: 80 flags=******S* seq=2725424946
ack=0 off=7 res=0 win=16384 urp=0 chksum=52111
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 37) [2002-03-31 14:05:33] TCP to 27374 SubSeven
IPv4: 66.24.109.6 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=57716 flags=0 offset=0 TTL=105 chksum=62383
TCP: port=4392 -> dport: 27374 flags=******S* seq=403946547
ack=0 off=7 res=0 win=5360 urp=0 chksum=57646
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 38) [2002-03-31 14:05:36] TCP to 27374 SubSeven
IPv4: 66.24.109.6 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=57847 flags=0 offset=0 TTL=105 chksum=62252
TCP: port=4392 -> dport: 27374 flags=******S* seq=403946547
ack=0 off=7 res=0 win=5360 urp=0 chksum=57646
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 39) [2002-03-31 14:05:42] TCP to 27374 SubSeven
IPv4: 66.24.109.6 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=58114 flags=0 offset=0 TTL=105 chksum=61985
TCP: port=4392 -> dport: 27374 flags=******S* seq=403946547
ack=0 off=7 res=0 win=5360 urp=0 chksum=57646
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 40) [2002-03-31 14:11:42] Potential CodeRed/Nimda probe
IPv4: 12.82.140.180 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=51204 flags=0 offset=0 TTL=125 chksum=3896
TCP: port=4626 -> dport: 80 flags=******S* seq=2829423283
ack=0 off=7 res=0 win=8760 urp=0 chksum=60576
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 41) [2002-03-31 14:11:45] Potential CodeRed/Nimda probe
IPv4: 12.82.140.180 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=51445 flags=0 offset=0 TTL=125 chksum=3655
TCP: port=4626 -> dport: 80 flags=******S* seq=2829423283
ack=0 off=7 res=0 win=8760 urp=0 chksum=60576
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(12 - 42) [2002-03-31 14:32:07] Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=57909 flags=0 offset=0 TTL=125 chksum=65396
TCP: port=3513 -> dport: 80 flags=******S* seq=3509524230
ack=0 off=7 res=0 win=16384 urp=49409 chksum=28609
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 43) [2002-03-31 14:32:11] Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
hlen=5 TOS=0 dlen=48 ID=58167 flags=0 offset=0 TTL=125 chksum=65138
TCP: port=3513 -> dport: 80 flags=******S* seq=3509524230
ack=0 off=7 res=0 win=16384 urp=0 chksum=12483
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 1) [2002-03-31 15:03:20] TCP to 6346 gnutella
IPv4: 198.92.157.109 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=25384 flags=0 offset=0 TTL=114 chksum=46286
TCP: port=4097 -> dport: 6346 flags=******S* seq=280555476
ack=0 off=7 res=0 win=8192 urp=0 chksum=19602
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 2) [2002-03-31 15:03:23] TCP to 6346 gnutella
IPv4: 198.92.157.109 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=32296 flags=0 offset=0 TTL=114 chksum=39374
TCP: port=4097 -> dport: 6346 flags=******S* seq=280555476
ack=0 off=7 res=0 win=8192 urp=0 chksum=19602
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 3) [2002-03-31 15:03:41] TCP to 6346 gnutella
IPv4: 198.92.157.109 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=15913 flags=0 offset=0 TTL=114 chksum=55757
TCP: port=4097 -> dport: 6346 flags=******S* seq=280555476
ack=0 off=7 res=0 win=8192 urp=0 chksum=19602
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 4) [2002-03-31 15:05:35] Potential CodeRed/Nimda probe
IPv4: 12.82.140.180 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=61008 flags=0 offset=0 TTL=125 chksum=59753
TCP: port=3857 -> dport: 80 flags=******S* seq=1624679689
ack=0 off=7 res=0 win=8760 urp=0 chksum=9625
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 9) [2002-03-31 15:18:42] Potential CodeRed/Nimda probe
IPv4: 12.235.51.212 -> 12.82.128.181
hlen=5 TOS=0 dlen=64 ID=53565 flags=0 offset=0 TTL=118 chksum=26036
TCP: port=1721 -> dport: 80 flags=******S* seq=900380473
ack=0 off=11 res=0 win=16384 urp=0 chksum=13390
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - WS len=3 data=00
#4 - NOP len=0
#5 - NOP len=0
#6 - TS len=10 data=0000000000000000
#7 - NOP len=0
#8 - NOP len=0
#9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 10) [2002-03-31 15:18:45] Potential CodeRed/Nimda probe
IPv4: 12.235.51.212 -> 12.82.128.181
hlen=5 TOS=0 dlen=64 ID=54091 flags=0 offset=0 TTL=118 chksum=25510
TCP: port=1721 -> dport: 80 flags=******S* seq=900380473
ack=0 off=11 res=0 win=16384 urp=0 chksum=13390
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - WS len=3 data=00
#4 - NOP len=0
#5 - NOP len=0
#6 - TS len=10 data=0000000000000000
#7 - NOP len=0
#8 - NOP len=0
#9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 11) [2002-03-31 15:20:28] Potential CodeRed/Nimda probe
IPv4: 12.235.81.75 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=41443 flags=0 offset=0 TTL=117 chksum=30887
TCP: port=4605 -> dport: 80 flags=******S* seq=692990197
ack=0 off=7 res=0 win=16384 urp=0 chksum=60241
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 12) [2002-03-31 15:20:31] Potential CodeRed/Nimda probe
IPv4: 12.235.81.75 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=41779 flags=0 offset=0 TTL=117 chksum=30551
TCP: port=4605 -> dport: 80 flags=******S* seq=692990197
ack=0 off=7 res=0 win=16384 urp=0 chksum=60241
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 29) [2002-03-31 15:55:26] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=57126 flags=0 offset=0 TTL=19 chksum=38521
TCP: port=2468 -> dport: 1214 flags=******S* seq=8451581
ack=0 off=6 res=0 win=8192 urp=0 chksum=33050
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 30) [2002-03-31 15:55:29] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=60198 flags=0 offset=0 TTL=19 chksum=35449
TCP: port=2468 -> dport: 1214 flags=******S* seq=8451581
ack=0 off=6 res=0 win=8192 urp=0 chksum=33050
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 31) [2002-03-31 15:55:35] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=551 flags=0 offset=0 TTL=19 chksum=29561
TCP: port=2468 -> dport: 1214 flags=******S* seq=8451581
ack=0 off=6 res=0 win=8192 urp=0 chksum=33050
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 32) [2002-03-31 15:55:47] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=11815 flags=0 offset=0 TTL=19 chksum=18297
TCP: port=2468 -> dport: 1214 flags=******S* seq=8451581
ack=0 off=6 res=0 win=8192 urp=0 chksum=33050
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 35) [2002-03-31 16:08:51] Potential CodeRed/Nimda probe
IPv4: 12.82.140.30 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=4147 flags=0 offset=0 TTL=126 chksum=50973
TCP: port=1298 -> dport: 80 flags=******S* seq=491717288
ack=0 off=7 res=0 win=8760 urp=0 chksum=5655
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 36) [2002-03-31 16:08:54] Potential CodeRed/Nimda probe
IPv4: 12.82.140.30 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=4515 flags=0 offset=0 TTL=126 chksum=50605
TCP: port=1298 -> dport: 80 flags=******S* seq=491717288
ack=0 off=7 res=0 win=8760 urp=0 chksum=5655
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 37) [2002-03-31 16:10:12] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=54594 flags=0 offset=0 TTL=19 chksum=41053
TCP: port=3284 -> dport: 1214 flags=******S* seq=9337688
ack=0 off=6 res=0 win=8192 urp=0 chksum=63617
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 38) [2002-03-31 16:10:15] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=62530 flags=0 offset=0 TTL=19 chksum=33117
TCP: port=3284 -> dport: 1214 flags=******S* seq=9337688
ack=0 off=6 res=0 win=8192 urp=0 chksum=63617
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 39) [2002-03-31 16:10:21] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=6723 flags=0 offset=0 TTL=19 chksum=23389
TCP: port=3284 -> dport: 1214 flags=******S* seq=9337688
ack=0 off=6 res=0 win=8192 urp=0 chksum=63617
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 40) [2002-03-31 16:10:34] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=30787 flags=0 offset=0 TTL=19 chksum=64860
TCP: port=3284 -> dport: 1214 flags=******S* seq=9337688
ack=0 off=6 res=0 win=8192 urp=0 chksum=63617
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 41) [2002-03-31 16:16:01] TCP to 21 ftp
IPv4: 206.77.41.124 -> 12.82.128.181
hlen=5 TOS=0 dlen=40 ID=43057 flags=0 offset=0 TTL=110 chksum=8142
TCP: port=21 -> dport: 21 flags=******S* seq=105746183
ack=1879457639 off=5 res=0 win=41286 urp=0 chksum=17631
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 42) [2002-03-31 16:18:43] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=27990 flags=0 offset=0 TTL=19 chksum=2122
TCP: port=3910 -> dport: 1214 flags=******S* seq=9848835
ack=0 off=6 res=0 win=8192 urp=0 chksum=10589
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 43) [2002-03-31 16:18:46] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=36438 flags=0 offset=0 TTL=19 chksum=59209
TCP: port=3910 -> dport: 1214 flags=******S* seq=9848835
ack=0 off=6 res=0 win=8192 urp=0 chksum=10589
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 44) [2002-03-31 16:18:52] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=56918 flags=0 offset=0 TTL=19 chksum=38729
TCP: port=3910 -> dport: 1214 flags=******S* seq=9848835
ack=0 off=6 res=0 win=8192 urp=0 chksum=10589
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 45) [2002-03-31 16:19:04] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=26199 flags=0 offset=0 TTL=19 chksum=3913
TCP: port=3910 -> dport: 1214 flags=******S* seq=9848835
ack=0 off=6 res=0 win=8192 urp=0 chksum=10589
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 46) [2002-03-31 16:31:15] Potential CodeRed/Nimda probe
IPv4: 12.228.193.245 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=52897 flags=0 offset=0 TTL=121 chksum=55109
TCP: port=4012 -> dport: 80 flags=******S* seq=78996203
ack=0 off=7 res=0 win=16384 urp=0 chksum=28578
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 47) [2002-03-31 16:33:05] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=5742 flags=0 offset=0 TTL=19 chksum=24370
TCP: port=4462 -> dport: 1214 flags=******S* seq=10711383
ack=0 off=6 res=0 win=8192 urp=0 chksum=64979
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 48) [2002-03-31 16:33:08] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=11374 flags=0 offset=0 TTL=19 chksum=18738
TCP: port=4462 -> dport: 1214 flags=******S* seq=10711383
ack=0 off=6 res=0 win=8192 urp=0 chksum=64979
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 49) [2002-03-31 16:33:15] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=21870 flags=0 offset=0 TTL=19 chksum=8242
TCP: port=4462 -> dport: 1214 flags=******S* seq=10711383
ack=0 off=6 res=0 win=8192 urp=0 chksum=64979
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 50) [2002-03-31 16:33:27] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=44398 flags=0 offset=0 TTL=19 chksum=51249
TCP: port=4462 -> dport: 1214 flags=******S* seq=10711383
ack=0 off=6 res=0 win=8192 urp=0 chksum=64979
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 51) [2002-03-31 16:38:22] TCP to 27374 SubSeven
IPv4: 24.241.0.203 -> 12.82.128.181
hlen=5 TOS=0 dlen=64 ID=54211 flags=0 offset=0 TTL=109 chksum=54065
TCP: port=3958 -> dport: 27374 flags=******S* seq=4096242915
ack=0 off=11 res=0 win=44620 urp=0 chksum=48510
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - WS len=3 data=03
#4 - NOP len=0
#5 - NOP len=0
#6 - TS len=10 data=0000000000000000
#7 - NOP len=0
#8 - NOP len=0
#9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 52) [2002-03-31 16:38:25] TCP to 27374 SubSeven
IPv4: 24.241.0.203 -> 12.82.128.181
hlen=5 TOS=0 dlen=64 ID=54272 flags=0 offset=0 TTL=113 chksum=52980
TCP: port=3958 -> dport: 27374 flags=******S* seq=4096242915
ack=0 off=11 res=0 win=44620 urp=0 chksum=48510
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - WS len=3 data=03
#4 - NOP len=0
#5 - NOP len=0
#6 - TS len=10 data=0000000000000000
#7 - NOP len=0
#8 - NOP len=0
#9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 53) [2002-03-31 16:38:31] TCP to 27374 SubSeven
IPv4: 24.241.0.203 -> 12.82.128.181
hlen=5 TOS=0 dlen=64 ID=54404 flags=0 offset=0 TTL=109 chksum=53872
TCP: port=3958 -> dport: 27374 flags=******S* seq=4096242915
ack=0 off=11 res=0 win=44620 urp=0 chksum=48510
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - WS len=3 data=03
#4 - NOP len=0
#5 - NOP len=0
#6 - TS len=10 data=0000000000000000
#7 - NOP len=0
#8 - NOP len=0
#9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 54) [2002-03-31 16:47:27] TCP to 6346 gnutella
IPv4: 172.169.141.5 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=62150 flags=0 offset=0 TTL=106 chksum=22347
TCP: port=1132 -> dport: 6346 flags=******S* seq=715051676
ack=0 off=7 res=0 win=16384 urp=0 chksum=25180
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 55) [2002-03-31 16:47:30] TCP to 6346 gnutella
IPv4: 172.169.141.5 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=62189 flags=0 offset=0 TTL=106 chksum=22308
TCP: port=1132 -> dport: 6346 flags=******S* seq=715051676
ack=0 off=7 res=0 win=16384 urp=0 chksum=25180
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 56) [2002-03-31 16:51:11] TCP to 6346 gnutella
IPv4: 216.78.102.106 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=35295 flags=0 offset=0 TTL=113 chksum=46120
TCP: port=3485 -> dport: 6346 flags=******S* seq=3945468428
ack=0 off=7 res=0 win=8160 urp=0 chksum=29764
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 57) [2002-03-31 16:51:13] TCP to 6346 gnutella
IPv4: 216.78.102.106 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=35354 flags=0 offset=0 TTL=113 chksum=46061
TCP: port=3485 -> dport: 6346 flags=******S* seq=3945468428
ack=0 off=7 res=0 win=8160 urp=0 chksum=29764
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 58) [2002-03-31 16:52:21] TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=34703 flags=0 offset=0 TTL=19 chksum=60944
TCP: port=1461 -> dport: 1214 flags=******S* seq=11827130
ack=0 off=6 res=0 win=8192 urp=0 chksum=793
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 59) [2002-03-31 17:18:33] TCP to 6346 gnutella
IPv4: 172.169.141.5 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=19261 flags=0 offset=0 TTL=106 chksum=65236
TCP: port=2407 -> dport: 6346 flags=******S* seq=1215651677
ack=0 off=7 res=0 win=16384 urp=0 chksum=45769
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 60) [2002-03-31 17:18:36] TCP to 6346 gnutella
IPv4: 172.169.141.5 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=19291 flags=0 offset=0 TTL=106 chksum=65206
TCP: port=2407 -> dport: 6346 flags=******S* seq=1215651677
ack=0 off=7 res=0 win=16384 urp=0 chksum=45769
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 61) [2002-03-31 17:19:48] Potential CodeRed/Nimda probe
IPv4: 12.228.110.226 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=18547 flags=0 offset=0 TTL=121 chksum=45191
TCP: port=1999 -> dport: 80 flags=******S* seq=628626479
ack=0 off=7 res=0 win=16384 urp=0 chksum=63627
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 62) [2002-03-31 17:19:50] Potential CodeRed/Nimda probe
IPv4: 12.228.110.226 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=19180 flags=0 offset=0 TTL=121 chksum=44558
TCP: port=1999 -> dport: 80 flags=******S* seq=628626479
ack=0 off=7 res=0 win=16384 urp=0 chksum=63627
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 64) [2002-03-31 17:38:45] UDP to 137 netBIOS ns
IPv4: 12.82.128.203 -> 12.82.128.181
hlen=5 TOS=0 dlen=78 ID=37406 flags=0 offset=0 TTL=127 chksum=36700
UDP: port=1110 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 65) [2002-03-31 17:48:07] Potential CodeRed/Nimda probe
IPv4: 12.238.89.135 -> 12.82.128.181
hlen=5 TOS=0 dlen=64 ID=8997 flags=0 offset=0 TTL=116 chksum=61462
TCP: port=1189 -> dport: 80 flags=******S* seq=1753785364
ack=0 off=11 res=0 win=64240 urp=0 chksum=13826
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - WS len=3 data=00
#4 - NOP len=0
#5 - NOP len=0
#6 - TS len=10 data=0000000000000000
#7 - NOP len=0
#8 - NOP len=0
#9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 66) [2002-03-31 17:48:10] Potential CodeRed/Nimda probe
IPv4: 12.238.89.135 -> 12.82.128.181
hlen=5 TOS=0 dlen=64 ID=9379 flags=0 offset=0 TTL=116 chksum=61080
TCP: port=1189 -> dport: 80 flags=******S* seq=1753785364
ack=0 off=11 res=0 win=64240 urp=0 chksum=13826
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - WS len=3 data=00
#4 - NOP len=0
#5 - NOP len=0
#6 - TS len=10 data=0000000000000000
#7 - NOP len=0
#8 - NOP len=0
#9 - SACKOK len=0
Payload: none
OS Guess: OpenBSD
TTL = decrement from 64 -- nope: decrement from 128, above...
Win Size = 0x4000 = 16384 dec -- nope: 64240, above
*TCP options* = 9 = MSS, timestamp, SAckOK, WScale, 5 NOP's
IP ID = random, need 2 packets
*SYN Packet (DgmLen) length* = 64 -- good
(TOS = 0x10?)
p0f:
Sun Mar 31 17:48:07 2002 12.238.89.135: UNKNOWN [64240:116:1460:1:0:1:1:64].
+ 12.238.89.135:1189 -> 12.82.128.181:80 (timestamp: 0 @1017625687)
Sun Mar 31 17:48:10 2002 12.238.89.135: UNKNOWN [64240:116:1460:1:0:1:1:64].
+ 12.238.89.135:1189 -> 12.82.128.181:80 (timestamp: 0 @1017625690)
------------------------------------------------------------------------------
#(13 - 78) [2002-03-31 18:05:58] Potential CodeRed/Nimda probe
IPv4: 12.234.62.56 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=21890 flags=0 offset=0 TTL=118 chksum=55068
TCP: port=4897 -> dport: 80 flags=******S* seq=3148137758
ack=0 off=7 res=0 win=16384 urp=0 chksum=55077
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 79) [2002-03-31 18:06:01] Potential CodeRed/Nimda probe
IPv4: 12.234.62.56 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=22353 flags=0 offset=0 TTL=118 chksum=54605
TCP: port=4897 -> dport: 80 flags=******S* seq=3148137758
ack=0 off=7 res=0 win=16384 urp=0 chksum=55077
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 80) [2002-03-31 18:26:02] Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=63786 flags=0 offset=0 TTL=125 chksum=58875
TCP: port=2641 -> dport: 80 flags=******S* seq=417015047
ack=0 off=7 res=0 win=8760 urp=0 chksum=63938
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 81) [2002-03-31 18:26:05] Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=64060 flags=0 offset=0 TTL=125 chksum=58601
TCP: port=2641 -> dport: 80 flags=******S* seq=417015047
ack=0 off=7 res=0 win=8760 urp=0 chksum=63938
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 83) [2002-03-31 18:42:46] Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=38467 flags=0 offset=0 TTL=125 chksum=18659
TCP: port=1759 -> dport: 80 flags=******S* seq=2772595514
ack=0 off=7 res=0 win=8760 urp=0 chksum=8858
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 84) [2002-03-31 18:42:49] Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=38767 flags=0 offset=0 TTL=125 chksum=18359
TCP: port=1759 -> dport: 80 flags=******S* seq=2772595514
ack=0 off=7 res=0 win=8760 urp=0 chksum=8858
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 85) [2002-03-31 18:44:44] Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=49874 flags=0 offset=0 TTL=125 chksum=7252
TCP: port=2678 -> dport: 80 flags=******S* seq=3040579247
ack=0 off=7 res=0 win=8760 urp=0 chksum=62356
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 86) [2002-03-31 18:44:47] Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=50125 flags=0 offset=0 TTL=125 chksum=7001
TCP: port=2678 -> dport: 80 flags=******S* seq=3040579247
ack=0 off=7 res=0 win=8760 urp=0 chksum=62356
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 87) [2002-03-31 18:58:11] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=33546 flags=0 offset=0 TTL=18 chksum=63781
TCP: port=2142 -> dport: 1214 flags=******S* seq=5305380
ack=0 off=6 res=0 win=8192 urp=0 chksum=35321
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 88) [2002-03-31 18:58:15] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=43018 flags=0 offset=0 TTL=18 chksum=54309
TCP: port=2142 -> dport: 1214 flags=******S* seq=5305380
ack=0 off=6 res=0 win=8192 urp=0 chksum=35321
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 89) [2002-03-31 18:58:21] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=779 flags=0 offset=0 TTL=18 chksum=31013
TCP: port=2142 -> dport: 1214 flags=******S* seq=5305380
ack=0 off=6 res=0 win=8192 urp=0 chksum=35321
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 90) [2002-03-31 18:58:33] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=46603 flags=0 offset=0 TTL=18 chksum=50724
TCP: port=2142 -> dport: 1214 flags=******S* seq=5305380
ack=0 off=6 res=0 win=8192 urp=0 chksum=35321
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 91) [2002-03-31 18:59:40] TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=32689 flags=0 offset=0 TTL=111 chksum=40633
TCP: port=2462 -> dport: 139 flags=******S* seq=3800115400
ack=0 off=6 res=0 win=8192 urp=0 chksum=30034
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 92) [2002-03-31 18:59:43] TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=38577 flags=0 offset=0 TTL=111 chksum=34745
TCP: port=2462 -> dport: 139 flags=******S* seq=3800115400
ack=0 off=6 res=0 win=8192 urp=0 chksum=30034
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 93) [2002-03-31 18:59:49] TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=47537 flags=0 offset=0 TTL=111 chksum=25785
TCP: port=2462 -> dport: 139 flags=******S* seq=3800115400
ack=0 off=6 res=0 win=8192 urp=0 chksum=30034
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 94) [2002-03-31 19:00:02] TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=11698 flags=0 offset=0 TTL=111 chksum=61624
TCP: port=2462 -> dport: 139 flags=******S* seq=3800115400
ack=0 off=6 res=0 win=8192 urp=0 chksum=30034
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 95) [2002-03-31 19:07:37] Potential CodeRed/Nimda probe
IPv4: 12.239.80.104 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=4945 flags=0 offset=0 TTL=117 chksum=2073
TCP: port=1288 -> dport: 80 flags=******S* seq=4062097792
ack=0 off=7 res=0 win=16384 urp=0 chksum=45001
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 96) [2002-03-31 19:07:40] Potential CodeRed/Nimda probe
IPv4: 12.239.80.104 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=5188 flags=0 offset=0 TTL=117 chksum=1830
TCP: port=1288 -> dport: 80 flags=******S* seq=4062097792
ack=0 off=7 res=0 win=16384 urp=0 chksum=45001
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 97) [2002-03-31 19:14:33] Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=42244 flags=0 offset=0 TTL=125 chksum=14882
TCP: port=2532 -> dport: 80 flags=******S* seq=2889329988
ack=0 off=7 res=0 win=8760 urp=0 chksum=56981
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 98) [2002-03-31 19:14:36] Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=42595 flags=0 offset=0 TTL=125 chksum=14531
TCP: port=2532 -> dport: 80 flags=******S* seq=2889329988
ack=0 off=7 res=0 win=8760 urp=0 chksum=56981
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 99) [2002-03-31 19:14:43] TCP to 6346 gnutella
IPv4: 209.94.201.241 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=35223 flags=0 offset=0 TTL=115 chksum=21977
TCP: port=3704 -> dport: 6346 flags=******S* seq=48092800
ack=0 off=7 res=0 win=8192 urp=0 chksum=15812
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 102) [2002-03-31 19:16:04] TCP to 6346 gnutella
IPv4: 209.94.201.241 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=61337 flags=0 offset=0 TTL=115 chksum=61398
TCP: port=3791 -> dport: 6346 flags=******S* seq=48187017
ack=0 off=7 res=0 win=8192 urp=0 chksum=52578
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 103) [2002-03-31 19:16:07] TCP to 6346 gnutella
IPv4: 209.94.201.241 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=1946 flags=0 offset=0 TTL=115 chksum=55254
TCP: port=3791 -> dport: 6346 flags=******S* seq=48187017
ack=0 off=7 res=0 win=8192 urp=0 chksum=52578
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 104) [2002-03-31 19:16:12] TCP to 6346 gnutella
IPv4: 209.94.201.241 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=13978 flags=0 offset=0 TTL=115 chksum=43222
TCP: port=3791 -> dport: 6346 flags=******S* seq=48187017
ack=0 off=7 res=0 win=8192 urp=0 chksum=52578
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 105) [2002-03-31 19:16:24] TCP to 6346 gnutella
IPv4: 209.94.201.241 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=39578 flags=0 offset=0 TTL=115 chksum=17622
TCP: port=3791 -> dport: 6346 flags=******S* seq=48187017
ack=0 off=7 res=0 win=8192 urp=0 chksum=52578
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 100) [2002-03-31 19:14:52] ICMP echo request
IPv4: 196.3.132.1 -> 12.82.128.181
hlen=5 TOS=0 dlen=1500 ID=30576 flags=0 offset=0 TTL=240 chksum=14500
ICMP: type=Echo Request code=0
checksum=63487 id=0 seq=0
Payload: length = 1472
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
200 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
210 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
220 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
230 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
240 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
250 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
300 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
310 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
320 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
330 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
340 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
350 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
360 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
370 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
380 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
------------------------------------------------------------------------------
#(13 - 101) [2002-03-31 19:15:17] ICMP echo request
IPv4: 196.3.132.1 -> 12.82.128.181
hlen=5 TOS=0 dlen=1500 ID=33949 flags=0 offset=0 TTL=240 chksum=11127
ICMP: type=Echo Request code=0
checksum=63485 id=0 seq=2
Payload: length = 1472
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
200 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
210 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
220 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
230 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
240 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
250 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
300 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
310 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
320 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
330 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
340 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
350 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
360 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
370 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
380 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 106) [2002-03-31 19:26:53] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=7985 flags=0 offset=0 TTL=18 chksum=23807
TCP: port=3351 -> dport: 1214 flags=******S* seq=7027779
ack=0 off=6 res=0 win=8192 urp=0 chksum=15623
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 107) [2002-03-31 19:26:57] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=13361 flags=0 offset=0 TTL=18 chksum=18431
TCP: port=3351 -> dport: 1214 flags=******S* seq=7027779
ack=0 off=6 res=0 win=8192 urp=0 chksum=15623
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 108) [2002-03-31 19:27:02] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=18481 flags=0 offset=0 TTL=18 chksum=13311
TCP: port=3351 -> dport: 1214 flags=******S* seq=7027779
ack=0 off=6 res=0 win=8192 urp=0 chksum=15623
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 109) [2002-03-31 19:27:16] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=36657 flags=0 offset=0 TTL=18 chksum=60670
TCP: port=3351 -> dport: 1214 flags=******S* seq=7027779
ack=0 off=6 res=0 win=8192 urp=0 chksum=15623
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 110) [2002-03-31 19:40:04] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=57158 flags=0 offset=0 TTL=18 chksum=40169
TCP: port=3974 -> dport: 1214 flags=******S* seq=7818767
ack=0 off=6 res=0 win=8192 urp=0 chksum=10432
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 111) [2002-03-31 19:40:07] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=2887 flags=0 offset=0 TTL=18 chksum=28905
TCP: port=3974 -> dport: 1214 flags=******S* seq=7818767
ack=0 off=6 res=0 win=8192 urp=0 chksum=10432
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 112) [2002-03-31 19:40:14] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=20551 flags=0 offset=0 TTL=18 chksum=11241
TCP: port=3974 -> dport: 1214 flags=******S* seq=7818767
ack=0 off=6 res=0 win=8192 urp=0 chksum=10432
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 113) [2002-03-31 19:40:25] TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=44 ID=62279 flags=0 offset=0 TTL=18 chksum=35048
TCP: port=3974 -> dport: 1214 flags=******S* seq=7818767
ack=0 off=6 res=0 win=8192 urp=0 chksum=10432
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 114) [2002-03-31 19:54:22] UDP to 137 netBIOS ns
IPv4: 203.176.43.10 -> 12.82.128.181
hlen=5 TOS=0 dlen=78 ID=8229 flags=0 offset=0 TTL=109 chksum=43448
UDP: port=1026 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 115) [2002-03-31 20:10:53] Potential CodeRed/Nimda probe
IPv4: 12.232.135.66 -> 12.82.128.181
hlen=5 TOS=16 dlen=44 ID=2126 flags=0 offset=0 TTL=117 chksum=56380
TCP: port=2582 -> dport: 80 flags=******S* seq=45072868
ack=0 off=6 res=0 win=8192 urp=0 chksum=34811
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 116) [2002-03-31 20:10:55] Potential CodeRed/Nimda probe
IPv4: 12.232.135.66 -> 12.82.128.181
hlen=5 TOS=16 dlen=44 ID=56655 flags=0 offset=0 TTL=117 chksum=1851
TCP: port=2582 -> dport: 80 flags=******S* seq=45072868
ack=0 off=6 res=0 win=8192 urp=0 chksum=34811
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 117) [2002-03-31 20:15:22] Potential CodeRed/Nimda probe
IPv4: 12.82.129.150 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=18147 flags=0 offset=0 TTL=126 chksum=39669
TCP: port=2762 -> dport: 80 flags=******S* seq=1205857593
ack=0 off=7 res=0 win=8760 urp=0 chksum=1477
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 118) [2002-03-31 20:15:25] Potential CodeRed/Nimda probe
IPv4: 12.82.129.150 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=18439 flags=0 offset=0 TTL=126 chksum=39377
TCP: port=2762 -> dport: 80 flags=******S* seq=1205857593
ack=0 off=7 res=0 win=8760 urp=0 chksum=1477
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 119) [2002-03-31 20:24:42] Potential CodeRed/Nimda probe
IPv4: 12.238.245.200 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=573 flags=0 offset=0 TTL=115 chksum=30157
TCP: port=1979 -> dport: 80 flags=******S* seq=175595955
ack=0 off=7 res=0 win=16384 urp=0 chksum=16172
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 120) [2002-03-31 20:24:45] Potential CodeRed/Nimda probe
IPv4: 12.238.245.200 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=849 flags=0 offset=0 TTL=115 chksum=29881
TCP: port=1979 -> dport: 80 flags=******S* seq=175595955
ack=0 off=7 res=0 win=16384 urp=0 chksum=16172
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 121) [2002-03-31 20:32:59] Potential CodeRed/Nimda probe
IPv4: 12.82.65.95 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=50014 flags=0 offset=0 TTL=119 chksum=26033
TCP: port=3046 -> dport: 80 flags=******S* seq=3924638839
ack=0 off=7 res=0 win=8760 urp=847 chksum=20549
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 122) [2002-03-31 20:33:02] Potential CodeRed/Nimda probe
IPv4: 12.82.65.95 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=50245 flags=0 offset=0 TTL=119 chksum=25802
TCP: port=3046 -> dport: 80 flags=******S* seq=3924638839
ack=0 off=7 res=0 win=8760 urp=0 chksum=21396
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 123) [2002-03-31 20:54:35] TCP to 1080 socks
IPv4: 24.95.198.59 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=10449 flags=0 offset=0 TTL=102 chksum=32853
TCP: port=4017 -> dport: 1080 flags=******S* seq=3156507332
ack=0 off=7 res=0 win=16384 urp=0 chksum=36011
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 124) [2002-03-31 20:54:59] Potential CodeRed/Nimda probe
IPv4: 62.122.0.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=40 ID=61255 flags=0 offset=0 TTL=29 chksum=58094
TCP: port=60136 -> dport: 80 flags=***A**** seq=441982027
ack=1724502731 off=5 res=0 win=2048 urp=0 chksum=32969
Payload: none
------------------------------------------------------------------------------
#(13 - 125) [2002-03-31 20:55:00] Potential CodeRed/Nimda probe
IPv4: 62.122.0.25 -> 12.82.128.181
hlen=5 TOS=0 dlen=40 ID=64062 flags=0 offset=0 TTL=29 chksum=55287
TCP: port=60137 -> dport: 80 flags=***A**** seq=3830979667
ack=776750476 off=5 res=0 win=2048 urp=0 chksum=31868
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 126) [2002-03-31 21:03:06] Potential CodeRed/Nimda probe
IPv4: 12.253.212.251 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=6318 flags=0 offset=0 TTL=118 chksum=32026
TCP: port=3506 -> dport: 80 flags=******S* seq=186359048
ack=0 off=7 res=0 win=16384 urp=0 chksum=7674
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 127) [2002-03-31 21:03:10] Potential CodeRed/Nimda probe
IPv4: 12.253.212.251 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=6793 flags=0 offset=0 TTL=118 chksum=31551
TCP: port=3506 -> dport: 80 flags=******S* seq=186359048
ack=0 off=7 res=0 win=16384 urp=0 chksum=7674
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 128) [2002-03-31 21:13:58] Potential CodeRed/Nimda probe
IPv4: 12.82.65.178 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=35950 flags=0 offset=0 TTL=119 chksum=40014
TCP: port=1124 -> dport: 80 flags=******S* seq=1050051389
ack=0 off=7 res=0 win=8760 urp=0 chksum=48980
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 129) [2002-03-31 21:14:01] Potential CodeRed/Nimda probe
IPv4: 12.82.65.178 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=36311 flags=0 offset=0 TTL=119 chksum=39653
TCP: port=1124 -> dport: 80 flags=******S* seq=1050051389
ack=0 off=7 res=0 win=8760 urp=0 chksum=48980
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 130) [2002-03-31 21:36:10] Potential CodeRed/Nimda probe
IPv4: 12.82.239.227 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=2553 flags=0 offset=0 TTL=117 chksum=29330
TCP: port=4242 -> dport: 80 flags=******S* seq=808586118
ack=0 off=7 res=0 win=16384 urp=0 chksum=28076
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 131) [2002-03-31 21:40:14] Potential CodeRed/Nimda probe
IPv4: 12.82.65.178 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=1189 flags=0 offset=0 TTL=119 chksum=9240
TCP: port=4323 -> dport: 80 flags=******S* seq=426899772
ack=0 off=7 res=0 win=8760 urp=0 chksum=25083
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 132) [2002-03-31 21:40:18] Potential CodeRed/Nimda probe
IPv4: 12.82.65.178 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=1487 flags=0 offset=0 TTL=119 chksum=8942
TCP: port=4323 -> dport: 80 flags=******S* seq=426899772
ack=0 off=7 res=0 win=8760 urp=0 chksum=25083
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 145) [2002-03-31 21:40:48] Potential CodeRed/Nimda probe
IPv4: 12.253.189.252 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=27685 flags=0 offset=0 TTL=117 chksum=16802
TCP: port=1878 -> dport: 80 flags=******S* seq=166771085
ack=0 off=7 res=0 win=16384 urp=0 chksum=8187
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 146) [2002-03-31 21:40:54] UDP to 53 domain
IPv4: 65.214.50.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=72 ID=34081 flags=0 offset=0 TTL=48 chksum=1061
UDP: port=54627 -> dport: 53 len=52
Payload: length = 44
000 : 2C 41 01 00 00 01 00 00 00 00 00 00 03 31 38 31 ,A...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64 .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(13 - 147) [2002-03-31 21:40:55] UDP to 53 domain
IPv4: 208.254.18.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=72 ID=58909 flags=0 offset=0 TTL=49 chksum=13056
UDP: port=30150 -> dport: 53 len=52
Payload: length = 44
000 : 74 3F 01 00 00 01 00 00 00 00 00 00 03 31 38 31 t?...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64 .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(13 - 148) [2002-03-31 21:40:55] UDP to 53 domain
IPv4: 193.45.3.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=72 ID=43574 flags=0 offset=0 TTL=50 chksum=36024
UDP: port=62695 -> dport: 53 len=52
Payload: length = 44
000 : A9 39 01 00 00 01 00 00 00 00 00 00 03 31 38 31 .9...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64 .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(13 - 149) [2002-03-31 21:40:55] UDP to 53 domain
IPv4: 206.65.191.194 -> 12.82.128.181
hlen=5 TOS=0 dlen=72 ID=40053 flags=0 offset=0 TTL=49 chksum=53796
UDP: port=11318 -> dport: 53 len=52
Payload: length = 44
000 : A6 44 01 00 00 01 00 00 00 00 00 00 03 31 38 31 .D...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64 .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(13 - 150) [2002-03-31 21:41:04] UDP to 53 domain
IPv4: 65.214.50.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=72 ID=34297 flags=0 offset=0 TTL=48 chksum=845
UDP: port=54627 -> dport: 53 len=52
Payload: length = 44
000 : 41 41 01 00 00 01 00 00 00 00 00 00 03 31 38 31 AA...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64 .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(13 - 151) [2002-03-31 21:41:04] UDP to 53 domain
IPv4: 208.254.18.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=72 ID=59390 flags=0 offset=0 TTL=49 chksum=12575
UDP: port=30150 -> dport: 53 len=52
Payload: length = 44
000 : 82 3F 01 00 00 01 00 00 00 00 00 00 03 31 38 31 .?...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64 .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(13 - 152) [2002-03-31 21:41:04] UDP to 53 domain
IPv4: 193.45.3.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=72 ID=43776 flags=0 offset=0 TTL=50 chksum=35822
UDP: port=62695 -> dport: 53 len=52
Payload: length = 44
000 : B8 39 01 00 00 01 00 00 00 00 00 00 03 31 38 31 .9...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64 .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(13 - 153) [2002-03-31 21:41:04] UDP to 53 domain
IPv4: 206.65.191.194 -> 12.82.128.181
hlen=5 TOS=0 dlen=72 ID=40258 flags=0 offset=0 TTL=49 chksum=53591
UDP: port=11318 -> dport: 53 len=52
Payload: length = 44
000 : C3 44 01 00 00 01 00 00 00 00 00 00 03 31 38 31 .D...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64 .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(13 - 133) [2002-03-31 21:40:24] ICMP echo request
IPv4: 65.214.50.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=33362 flags=0 offset=0 TTL=48 chksum=1784
ICMP: type=Echo Request code=0
checksum=46350 id=22275 seq=5114
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 134) [2002-03-31 21:40:24] ICMP echo request
IPv4: 208.254.18.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=58032 flags=0 offset=0 TTL=49 chksum=13937
ICMP: type=Echo Request code=0
checksum=34066 id=37633 seq=2040
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
#(13 - 135) [2002-03-31 21:40:24] ICMP echo request
IPv4: 193.45.3.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=42918 flags=0 offset=0 TTL=50 chksum=36684
ICMP: type=Echo Request code=0
checksum=55335 id=39681 seq=44258
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
#(13 - 136) [2002-03-31 21:40:24] ICMP echo request
IPv4: 206.65.191.194 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=39293 flags=0 offset=0 TTL=49 chksum=54560
ICMP: type=Echo Request code=0
checksum=35323 id=37633 seq=783
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
#(13 - 137) [2002-03-31 21:40:34] ICMP echo request
IPv4: 65.214.50.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=33579 flags=0 offset=0 TTL=48 chksum=1567
ICMP: type=Echo Request code=0
checksum=24078 id=22275 seq=27386
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
#(13 - 138) [2002-03-31 21:40:34] ICMP echo request
IPv4: 208.254.18.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=58472 flags=0 offset=0 TTL=49 chksum=13497
ICMP: type=Echo Request code=0
checksum=16402 id=37633 seq=19704
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
#(13 - 139) [2002-03-31 21:40:34] ICMP echo request
IPv4: 193.45.3.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=43115 flags=0 offset=0 TTL=50 chksum=36487
ICMP: type=Echo Request code=0
checksum=35367 id=39681 seq=64226
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
#(13 - 140) [2002-03-31 21:40:34] ICMP echo request
IPv4: 206.65.191.194 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=39520 flags=0 offset=0 TTL=49 chksum=54333
ICMP: type=Echo Request code=0
checksum=10235 id=37633 seq=25871
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
#(13 - 141) [2002-03-31 21:40:45] ICMP echo request
IPv4: 65.214.50.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=33769 flags=0 offset=0 TTL=48 chksum=1377
ICMP: type=Echo Request code=0
checksum=4366 id=22275 seq=47098
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
#(13 - 142) [2002-03-31 21:40:45] ICMP echo request
IPv4: 208.254.18.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=58704 flags=0 offset=0 TTL=49 chksum=13265
ICMP: type=Echo Request code=0
checksum=61201 id=37633 seq=40440
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
#(13 - 143) [2002-03-31 21:40:46] ICMP echo request
IPv4: 193.45.3.130 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=43305 flags=0 offset=0 TTL=50 chksum=36297
ICMP: type=Echo Request code=0
checksum=17447 id=39681 seq=16611
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
#(13 - 144) [2002-03-31 21:40:46] ICMP echo request
IPv4: 206.65.191.194 -> 12.82.128.181
hlen=5 TOS=0 dlen=84 ID=39719 flags=0 offset=0 TTL=49 chksum=54134
ICMP: type=Echo Request code=0
checksum=53242 id=37633 seq=48399
Payload: length = 56
000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F 89:;<=>?
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 154) [2002-03-31 21:50:43] Potential CodeRed/Nimda probe
IPv4: 12.224.212.194 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=63566 flags=0 offset=0 TTL=121 chksum=39631
TCP: port=1272 -> dport: 80 flags=******S* seq=1613136110
ack=0 off=7 res=0 win=16384 urp=0 chksum=60952
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 155) [2002-03-31 22:21:18] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=38122 flags=0 offset=0 TTL=125 chksum=9345
TCP: port=3181 -> dport: 80 flags=******S* seq=3537384796
ack=0 off=7 res=0 win=8760 urp=0 chksum=1945
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 156) [2002-03-31 22:21:21] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=38402 flags=0 offset=0 TTL=125 chksum=9065
TCP: port=3181 -> dport: 80 flags=******S* seq=3537384796
ack=0 off=7 res=0 win=8760 urp=0 chksum=1945
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(13 - 160) [2002-03-31 22:40:24] Potential CodeRed/Nimda probe
IPv4: 12.237.181.33 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=14053 flags=0 offset=0 TTL=116 chksum=32973
TCP: port=1681 -> dport: 80 flags=******S* seq=3796612463
ack=0 off=7 res=0 win=16384 urp=0 chksum=21869
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 161) [2002-03-31 22:40:26] Potential CodeRed/Nimda probe
IPv4: 12.237.181.33 -> 12.82.128.181
hlen=5 TOS=0 dlen=48 ID=14531 flags=0 offset=0 TTL=116 chksum=32495
TCP: port=1681 -> dport: 80 flags=******S* seq=3796612463
ack=0 off=7 res=0 win=16384 urp=0 chksum=21869
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(14 - 1) [2002-03-31 22:52:43] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=29064 flags=0 offset=0 TTL=125 chksum=15452
TCP: port=1805 -> dport: 80 flags=******S* seq=3504155441
ack=0 off=7 res=0 win=8760 urp=0 chksum=3480
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 2) [2002-03-31 22:52:46] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=29335 flags=0 offset=0 TTL=125 chksum=15181
TCP: port=1805 -> dport: 80 flags=******S* seq=3504155441
ack=0 off=7 res=0 win=8760 urp=0 chksum=3480
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(14 - 5) [2002-03-31 23:55:06] TCP to 53 domain
IPv4: 68.2.165.52 -> 12.82.140.60
hlen=5 TOS=0 dlen=60 ID=2239 flags=0 offset=0 TTL=49 chksum=48952
TCP: port=1567 -> dport: 53 flags=******S* seq=1109312131
ack=0 off=10 res=0 win=32120 urp=0 chksum=54296
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=0030698B00000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
jsage@finchhaven.com
Last modified: Thu Apr 4 20:18:02 2002