03-31-02 ACID

Sorted by time


To: toot@sparky.finchhaven.net
Subject: ACID Incident Report
From: ACID Alert 

Generated by ACID v0.9.6b21 on Thu April 04, 2002 18:54:56

------------------------------------------------------------------------------
#(12 - 1) [2002-03-31 06:41:19]  TCP to 27374 SubSeven
IPv4: 172.184.70.38 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=30736 flags=0 offset=0 TTL=104 chksum=6740
TCP:  port=4610 -> dport: 27374  flags=******S* seq=571982
      ack=0 off=7 res=0 win=32767 urp=0 chksum=19363
      Options:
       #1 - MSS len=4 data=0586
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 2) [2002-03-31 06:41:31]  TCP to 27374 SubSeven
IPv4: 172.184.70.38 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=64528 flags=0 offset=0 TTL=104 chksum=38483
TCP:  port=4610 -> dport: 27374  flags=******S* seq=571982
      ack=0 off=7 res=0 win=32767 urp=0 chksum=19363
      Options:
       #1 - MSS len=4 data=0586
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 3) [2002-03-31 06:59:33]  Potential CodeRed/Nimda probe
IPv4: 12.82.66.117 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=23205 flags=0 offset=0 TTL=119 chksum=52438
TCP:  port=1741 -> dport: 80  flags=******S* seq=3199384173
      ack=0 off=7 res=0 win=8760 urp=0 chksum=1118
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 4) [2002-03-31 06:59:36]  Potential CodeRed/Nimda probe
IPv4: 12.82.66.117 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=23597 flags=0 offset=0 TTL=119 chksum=52046
TCP:  port=1741 -> dport: 80  flags=******S* seq=3199384173
      ack=0 off=7 res=0 win=8760 urp=0 chksum=1118
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 5) [2002-03-31 07:10:49]  Potential CodeRed/Nimda probe
IPv4: 12.82.66.117 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=25034 flags=0 offset=0 TTL=119 chksum=50609
TCP:  port=2570 -> dport: 80  flags=******S* seq=486145982
      ack=0 off=7 res=0 win=8760 urp=0 chksum=23945
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 6) [2002-03-31 07:10:52]  Potential CodeRed/Nimda probe
IPv4: 12.82.66.117 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=25277 flags=0 offset=0 TTL=119 chksum=50366
TCP:  port=2570 -> dport: 80  flags=******S* seq=486145982
      ack=0 off=7 res=0 win=8760 urp=0 chksum=23945
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 7) [2002-03-31 07:39:45]  UDP to 137 netBIOS ns
IPv4: 202.161.133.80 -> 12.82.129.51
      hlen=5 TOS=0 dlen=78 ID=58858 flags=0 offset=0 TTL=116 chksum=33597
UDP:  port=1046 -> dport: 137 len=58
Payload:  length = 50

000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41   .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------
#(12 - 8) [2002-03-31 07:42:39]  UDP to 137 netBIOS ns
IPv4: 67.8.46.176 -> 12.82.129.51
      hlen=5 TOS=0 dlen=78 ID=23003 flags=0 offset=0 TTL=107 chksum=63110
UDP:  port=1025 -> dport: 137 len=58
Payload:  length = 50

000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41   .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 9) [2002-03-31 09:18:07]  TCP to range 1025-60999
IPv4: 211.100.7.73 -> 12.82.129.51
      hlen=5 TOS=0 dlen=40 ID=5118 flags=0 offset=0 TTL=116 chksum=51871
TCP:  port=5454 -> dport: 5454  flags=******S* seq=2096827682
      ack=796183261 off=5 res=0 win=49945 urp=0 chksum=54666
Payload: none
------------------------------------------------------------------------------

<snip>
apc-tcp-udp-4   5454/tcp        #apc-tcp-udp-4
apc-tcp-udp-4   5454/udp        #apc-tcp-udp-4
<snip>



BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html
% (whois6.apnic.net) 

inetnum:     211.100.7.64 - 211.100.7.95
netname:     GUANGQIAO
descr:       co-location user
country:     CN
admin-c:     JY74-AP
tech-c:      JY74-AP
mnt-by:      MAINT-CN-263
changed:     zhx@263.net.cn 20000918
source:      APNIC 

person:      JIAN FENG YAN
address:     15th Building 1st District of Xiao Huang Zhuang,
address:     District Dong Cheng, CHINA
country:     CN
phone:       +86-010-84287565
fax-no:      +86-010-84286328
e-mail:      haixia.zhao@net263.com
nic-hdl:     JY74-AP
mnt-by:      MAINT-CNNIC-AP
changed:     ipas@cnnic.net.cn 20000927
changed:     apnic-dbm@apnic.net 20010514
source:      APNIC



------------------------------------------------------------------------------
#(12 - 10) [2002-03-31 09:53:08]  Potential CodeRed/Nimda probe
IPv4: 12.82.129.120 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=11980 flags=0 offset=0 TTL=127 chksum=45484
TCP:  port=2647 -> dport: 80  flags=******S* seq=3857032179
      ack=0 off=7 res=0 win=16384 urp=0 chksum=37711
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 11) [2002-03-31 09:53:10]  Potential CodeRed/Nimda probe
IPv4: 12.82.129.120 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=12239 flags=0 offset=0 TTL=127 chksum=45225
TCP:  port=2647 -> dport: 80  flags=******S* seq=3857032179
      ack=0 off=7 res=0 win=16384 urp=0 chksum=37711
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 12) [2002-03-31 10:13:56]  TCP to 27374 SubSeven
IPv4: 172.132.205.183 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=4149 flags=0 offset=0 TTL=107 chksum=63441
TCP:  port=4593 -> dport: 27374  flags=******S* seq=120532605
      ack=0 off=7 res=0 win=8760 urp=0 chksum=42678
      Options:
       #1 - MSS len=4 data=0598
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 13) [2002-03-31 10:13:59]  TCP to 27374 SubSeven
IPv4: 172.132.205.183 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=4293 flags=0 offset=0 TTL=107 chksum=63297
TCP:  port=4593 -> dport: 27374  flags=******S* seq=120532605
      ack=0 off=7 res=0 win=8760 urp=0 chksum=42678
      Options:
       #1 - MSS len=4 data=0598
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 14) [2002-03-31 10:14:05]  TCP to 27374 SubSeven
IPv4: 172.132.205.183 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=4556 flags=0 offset=0 TTL=107 chksum=63034
TCP:  port=4593 -> dport: 27374  flags=******S* seq=120532605
      ack=0 off=7 res=0 win=8760 urp=0 chksum=42678
      Options:
       #1 - MSS len=4 data=0598
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 15) [2002-03-31 10:26:47]  Potential CodeRed/Nimda probe
IPv4: 12.82.129.120 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=6225 flags=0 offset=0 TTL=127 chksum=51239
TCP:  port=2287 -> dport: 80  flags=******S* seq=4077446718
      ack=0 off=7 res=0 win=16384 urp=0 chksum=17737
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 16) [2002-03-31 10:26:50]  Potential CodeRed/Nimda probe
IPv4: 12.82.129.120 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=6810 flags=0 offset=0 TTL=127 chksum=50654
TCP:  port=2287 -> dport: 80  flags=******S* seq=4077446718
      ack=0 off=7 res=0 win=16384 urp=0 chksum=17737
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 19) [2002-03-31 11:34:10]  TCP to 27374 SubSeven
IPv4: 62.99.9.121 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=1037 flags=0 offset=0 TTL=108 chksum=13658
TCP:  port=2173 -> dport: 27374  flags=******S* seq=684759587
      ack=0 off=7 res=0 win=2144 urp=0 chksum=29339
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 20) [2002-03-31 11:34:13]  TCP to 27374 SubSeven
IPv4: 62.99.9.121 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=1074 flags=0 offset=0 TTL=108 chksum=13621
TCP:  port=2173 -> dport: 27374  flags=******S* seq=684759587
      ack=0 off=7 res=0 win=2144 urp=0 chksum=29339
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 21) [2002-03-31 11:34:19]  TCP to 27374 SubSeven
IPv4: 62.99.9.121 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=1152 flags=0 offset=0 TTL=108 chksum=13543
TCP:  port=2173 -> dport: 27374  flags=******S* seq=684759587
      ack=0 off=7 res=0 win=2144 urp=0 chksum=29339
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 22) [2002-03-31 12:01:11]  TCP to 27374 SubSeven
IPv4: 24.161.117.147 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=58740 flags=0 offset=0 TTL=105 chksum=4250
TCP:  port=2475 -> dport: 27374  flags=******S* seq=874403208
      ack=0 off=7 res=0 win=64240 urp=0 chksum=28213
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 23) [2002-03-31 12:01:14]  TCP to 27374 SubSeven
IPv4: 24.161.117.147 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=58806 flags=0 offset=0 TTL=105 chksum=4184
TCP:  port=2475 -> dport: 27374  flags=******S* seq=874403208
      ack=0 off=7 res=0 win=64240 urp=0 chksum=28213
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 24) [2002-03-31 12:01:20]  TCP to 27374 SubSeven
IPv4: 24.161.117.147 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=58935 flags=0 offset=0 TTL=105 chksum=4055
TCP:  port=2475 -> dport: 27374  flags=******S* seq=874403208
      ack=0 off=7 res=0 win=64240 urp=0 chksum=28213
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 25) [2002-03-31 12:26:57]  Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=7261 flags=0 offset=0 TTL=125 chksum=50509
TCP:  port=4056 -> dport: 80  flags=******S* seq=4095109078
      ack=0 off=7 res=0 win=16384 urp=0 chksum=47852
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 26) [2002-03-31 12:27:00]  Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=7530 flags=0 offset=0 TTL=125 chksum=50240
TCP:  port=4056 -> dport: 80  flags=******S* seq=4095109078
      ack=0 off=7 res=0 win=16384 urp=0 chksum=47852
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 27) [2002-03-31 12:28:59]  Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=18800 flags=0 offset=0 TTL=125 chksum=38970
TCP:  port=1205 -> dport: 80  flags=******S* seq=57506324
      ack=0 off=7 res=0 win=16384 urp=0 chksum=42107
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 28) [2002-03-31 12:29:00]  Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=19087 flags=0 offset=0 TTL=125 chksum=38683
TCP:  port=1205 -> dport: 80  flags=******S* seq=57506324
      ack=0 off=7 res=0 win=16384 urp=0 chksum=42107
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 29) [2002-03-31 13:08:49]  TCP to 21 ftp
IPv4: 144.132.9.185 -> 12.82.129.51
      hlen=5 TOS=0 dlen=60 ID=49581 flags=0 offset=0 TTL=43 chksum=26188
TCP:  port=4285 -> dport: 21  flags=******S* seq=311773264
      ack=0 off=10 res=0 win=16060 urp=0 chksum=60553
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=0F437A0400000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 30) [2002-03-31 13:36:06]  Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=3080 flags=0 offset=0 TTL=125 chksum=54690
TCP:  port=3243 -> dport: 80  flags=******S* seq=346939806
      ack=0 off=7 res=0 win=16384 urp=0 chksum=9147
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 31) [2002-03-31 13:36:10]  Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=3348 flags=0 offset=0 TTL=125 chksum=54422
TCP:  port=3243 -> dport: 80  flags=******S* seq=346939806
      ack=0 off=7 res=0 win=16384 urp=49409 chksum=25273
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 32) [2002-03-31 13:39:01]  Potential CodeRed/Nimda probe
IPv4: 12.236.100.241 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=55333 flags=0 offset=0 TTL=118 chksum=11584
TCP:  port=1943 -> dport: 80  flags=******S* seq=174509795
      ack=0 off=7 res=0 win=16384 urp=0 chksum=25228
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 33) [2002-03-31 13:39:04]  Potential CodeRed/Nimda probe
IPv4: 12.236.100.241 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=56689 flags=0 offset=0 TTL=118 chksum=10228
TCP:  port=1943 -> dport: 80  flags=******S* seq=174509795
      ack=0 off=7 res=0 win=16384 urp=0 chksum=25228
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 34) [2002-03-31 13:52:13]  UDP to 137 netBIOS ns
IPv4: 141.158.77.73 -> 12.82.129.51
      hlen=5 TOS=0 dlen=78 ID=4940 flags=0 offset=0 TTL=116 chksum=51942
UDP:  port=1042 -> dport: 137 len=58
Payload:  length = 50

000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41   .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 35) [2002-03-31 13:53:52]  Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=38356 flags=0 offset=0 TTL=125 chksum=19414
TCP:  port=2429 -> dport: 80  flags=******S* seq=2725424946
      ack=0 off=7 res=0 win=16384 urp=0 chksum=52111
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 36) [2002-03-31 13:53:55]  Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=38611 flags=0 offset=0 TTL=125 chksum=19159
TCP:  port=2429 -> dport: 80  flags=******S* seq=2725424946
      ack=0 off=7 res=0 win=16384 urp=0 chksum=52111
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 37) [2002-03-31 14:05:33]  TCP to 27374 SubSeven
IPv4: 66.24.109.6 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=57716 flags=0 offset=0 TTL=105 chksum=62383
TCP:  port=4392 -> dport: 27374  flags=******S* seq=403946547
      ack=0 off=7 res=0 win=5360 urp=0 chksum=57646
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 38) [2002-03-31 14:05:36]  TCP to 27374 SubSeven
IPv4: 66.24.109.6 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=57847 flags=0 offset=0 TTL=105 chksum=62252
TCP:  port=4392 -> dport: 27374  flags=******S* seq=403946547
      ack=0 off=7 res=0 win=5360 urp=0 chksum=57646
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 39) [2002-03-31 14:05:42]  TCP to 27374 SubSeven
IPv4: 66.24.109.6 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=58114 flags=0 offset=0 TTL=105 chksum=61985
TCP:  port=4392 -> dport: 27374  flags=******S* seq=403946547
      ack=0 off=7 res=0 win=5360 urp=0 chksum=57646
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 40) [2002-03-31 14:11:42]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.180 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=51204 flags=0 offset=0 TTL=125 chksum=3896
TCP:  port=4626 -> dport: 80  flags=******S* seq=2829423283
      ack=0 off=7 res=0 win=8760 urp=0 chksum=60576
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 41) [2002-03-31 14:11:45]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.180 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=51445 flags=0 offset=0 TTL=125 chksum=3655
TCP:  port=4626 -> dport: 80  flags=******S* seq=2829423283
      ack=0 off=7 res=0 win=8760 urp=0 chksum=60576
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(12 - 42) [2002-03-31 14:32:07]  Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=57909 flags=0 offset=0 TTL=125 chksum=65396
TCP:  port=3513 -> dport: 80  flags=******S* seq=3509524230
      ack=0 off=7 res=0 win=16384 urp=49409 chksum=28609
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(12 - 43) [2002-03-31 14:32:11]  Potential CodeRed/Nimda probe
IPv4: 12.82.130.70 -> 12.82.129.51
      hlen=5 TOS=0 dlen=48 ID=58167 flags=0 offset=0 TTL=125 chksum=65138
TCP:  port=3513 -> dport: 80  flags=******S* seq=3509524230
      ack=0 off=7 res=0 win=16384 urp=0 chksum=12483
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 1) [2002-03-31 15:03:20]  TCP to 6346 gnutella
IPv4: 198.92.157.109 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=25384 flags=0 offset=0 TTL=114 chksum=46286
TCP:  port=4097 -> dport: 6346  flags=******S* seq=280555476
      ack=0 off=7 res=0 win=8192 urp=0 chksum=19602
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 2) [2002-03-31 15:03:23]  TCP to 6346 gnutella
IPv4: 198.92.157.109 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=32296 flags=0 offset=0 TTL=114 chksum=39374
TCP:  port=4097 -> dport: 6346  flags=******S* seq=280555476
      ack=0 off=7 res=0 win=8192 urp=0 chksum=19602
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 3) [2002-03-31 15:03:41]  TCP to 6346 gnutella
IPv4: 198.92.157.109 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=15913 flags=0 offset=0 TTL=114 chksum=55757
TCP:  port=4097 -> dport: 6346  flags=******S* seq=280555476
      ack=0 off=7 res=0 win=8192 urp=0 chksum=19602
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 4) [2002-03-31 15:05:35]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.180 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=61008 flags=0 offset=0 TTL=125 chksum=59753
TCP:  port=3857 -> dport: 80  flags=******S* seq=1624679689
      ack=0 off=7 res=0 win=8760 urp=0 chksum=9625
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 9) [2002-03-31 15:18:42]  Potential CodeRed/Nimda probe
IPv4: 12.235.51.212 -> 12.82.128.181
      hlen=5 TOS=0 dlen=64 ID=53565 flags=0 offset=0 TTL=118 chksum=26036
TCP:  port=1721 -> dport: 80  flags=******S* seq=900380473
      ack=0 off=11 res=0 win=16384 urp=0 chksum=13390
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - WS len=3 data=00
       #4 - NOP len=0
       #5 - NOP len=0
       #6 - TS len=10 data=0000000000000000
       #7 - NOP len=0
       #8 - NOP len=0
       #9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 10) [2002-03-31 15:18:45]  Potential CodeRed/Nimda probe
IPv4: 12.235.51.212 -> 12.82.128.181
      hlen=5 TOS=0 dlen=64 ID=54091 flags=0 offset=0 TTL=118 chksum=25510
TCP:  port=1721 -> dport: 80  flags=******S* seq=900380473
      ack=0 off=11 res=0 win=16384 urp=0 chksum=13390
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - WS len=3 data=00
       #4 - NOP len=0
       #5 - NOP len=0
       #6 - TS len=10 data=0000000000000000
       #7 - NOP len=0
       #8 - NOP len=0
       #9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 11) [2002-03-31 15:20:28]  Potential CodeRed/Nimda probe
IPv4: 12.235.81.75 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=41443 flags=0 offset=0 TTL=117 chksum=30887
TCP:  port=4605 -> dport: 80  flags=******S* seq=692990197
      ack=0 off=7 res=0 win=16384 urp=0 chksum=60241
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 12) [2002-03-31 15:20:31]  Potential CodeRed/Nimda probe
IPv4: 12.235.81.75 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=41779 flags=0 offset=0 TTL=117 chksum=30551
TCP:  port=4605 -> dport: 80  flags=******S* seq=692990197
      ack=0 off=7 res=0 win=16384 urp=0 chksum=60241
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 29) [2002-03-31 15:55:26]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=57126 flags=0 offset=0 TTL=19 chksum=38521
TCP:  port=2468 -> dport: 1214  flags=******S* seq=8451581
      ack=0 off=6 res=0 win=8192 urp=0 chksum=33050
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 30) [2002-03-31 15:55:29]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=60198 flags=0 offset=0 TTL=19 chksum=35449
TCP:  port=2468 -> dport: 1214  flags=******S* seq=8451581
      ack=0 off=6 res=0 win=8192 urp=0 chksum=33050
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 31) [2002-03-31 15:55:35]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=551 flags=0 offset=0 TTL=19 chksum=29561
TCP:  port=2468 -> dport: 1214  flags=******S* seq=8451581
      ack=0 off=6 res=0 win=8192 urp=0 chksum=33050
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 32) [2002-03-31 15:55:47]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=11815 flags=0 offset=0 TTL=19 chksum=18297
TCP:  port=2468 -> dport: 1214  flags=******S* seq=8451581
      ack=0 off=6 res=0 win=8192 urp=0 chksum=33050
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 35) [2002-03-31 16:08:51]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.30 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=4147 flags=0 offset=0 TTL=126 chksum=50973
TCP:  port=1298 -> dport: 80  flags=******S* seq=491717288
      ack=0 off=7 res=0 win=8760 urp=0 chksum=5655
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 36) [2002-03-31 16:08:54]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.30 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=4515 flags=0 offset=0 TTL=126 chksum=50605
TCP:  port=1298 -> dport: 80  flags=******S* seq=491717288
      ack=0 off=7 res=0 win=8760 urp=0 chksum=5655
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 37) [2002-03-31 16:10:12]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=54594 flags=0 offset=0 TTL=19 chksum=41053
TCP:  port=3284 -> dport: 1214  flags=******S* seq=9337688
      ack=0 off=6 res=0 win=8192 urp=0 chksum=63617
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 38) [2002-03-31 16:10:15]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=62530 flags=0 offset=0 TTL=19 chksum=33117
TCP:  port=3284 -> dport: 1214  flags=******S* seq=9337688
      ack=0 off=6 res=0 win=8192 urp=0 chksum=63617
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 39) [2002-03-31 16:10:21]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=6723 flags=0 offset=0 TTL=19 chksum=23389
TCP:  port=3284 -> dport: 1214  flags=******S* seq=9337688
      ack=0 off=6 res=0 win=8192 urp=0 chksum=63617
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 40) [2002-03-31 16:10:34]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=30787 flags=0 offset=0 TTL=19 chksum=64860
TCP:  port=3284 -> dport: 1214  flags=******S* seq=9337688
      ack=0 off=6 res=0 win=8192 urp=0 chksum=63617
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 41) [2002-03-31 16:16:01]  TCP to 21 ftp
IPv4: 206.77.41.124 -> 12.82.128.181
      hlen=5 TOS=0 dlen=40 ID=43057 flags=0 offset=0 TTL=110 chksum=8142
TCP:  port=21 -> dport: 21  flags=******S* seq=105746183
      ack=1879457639 off=5 res=0 win=41286 urp=0 chksum=17631
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 42) [2002-03-31 16:18:43]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=27990 flags=0 offset=0 TTL=19 chksum=2122
TCP:  port=3910 -> dport: 1214  flags=******S* seq=9848835
      ack=0 off=6 res=0 win=8192 urp=0 chksum=10589
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 43) [2002-03-31 16:18:46]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=36438 flags=0 offset=0 TTL=19 chksum=59209
TCP:  port=3910 -> dport: 1214  flags=******S* seq=9848835
      ack=0 off=6 res=0 win=8192 urp=0 chksum=10589
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 44) [2002-03-31 16:18:52]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=56918 flags=0 offset=0 TTL=19 chksum=38729
TCP:  port=3910 -> dport: 1214  flags=******S* seq=9848835
      ack=0 off=6 res=0 win=8192 urp=0 chksum=10589
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 45) [2002-03-31 16:19:04]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=26199 flags=0 offset=0 TTL=19 chksum=3913
TCP:  port=3910 -> dport: 1214  flags=******S* seq=9848835
      ack=0 off=6 res=0 win=8192 urp=0 chksum=10589
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 46) [2002-03-31 16:31:15]  Potential CodeRed/Nimda probe
IPv4: 12.228.193.245 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=52897 flags=0 offset=0 TTL=121 chksum=55109
TCP:  port=4012 -> dport: 80  flags=******S* seq=78996203
      ack=0 off=7 res=0 win=16384 urp=0 chksum=28578
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 47) [2002-03-31 16:33:05]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=5742 flags=0 offset=0 TTL=19 chksum=24370
TCP:  port=4462 -> dport: 1214  flags=******S* seq=10711383
      ack=0 off=6 res=0 win=8192 urp=0 chksum=64979
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 48) [2002-03-31 16:33:08]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=11374 flags=0 offset=0 TTL=19 chksum=18738
TCP:  port=4462 -> dport: 1214  flags=******S* seq=10711383
      ack=0 off=6 res=0 win=8192 urp=0 chksum=64979
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 49) [2002-03-31 16:33:15]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=21870 flags=0 offset=0 TTL=19 chksum=8242
TCP:  port=4462 -> dport: 1214  flags=******S* seq=10711383
      ack=0 off=6 res=0 win=8192 urp=0 chksum=64979
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 50) [2002-03-31 16:33:27]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=44398 flags=0 offset=0 TTL=19 chksum=51249
TCP:  port=4462 -> dport: 1214  flags=******S* seq=10711383
      ack=0 off=6 res=0 win=8192 urp=0 chksum=64979
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 51) [2002-03-31 16:38:22]  TCP to 27374 SubSeven
IPv4: 24.241.0.203 -> 12.82.128.181
      hlen=5 TOS=0 dlen=64 ID=54211 flags=0 offset=0 TTL=109 chksum=54065
TCP:  port=3958 -> dport: 27374  flags=******S* seq=4096242915
      ack=0 off=11 res=0 win=44620 urp=0 chksum=48510
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - WS len=3 data=03
       #4 - NOP len=0
       #5 - NOP len=0
       #6 - TS len=10 data=0000000000000000
       #7 - NOP len=0
       #8 - NOP len=0
       #9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 52) [2002-03-31 16:38:25]  TCP to 27374 SubSeven
IPv4: 24.241.0.203 -> 12.82.128.181
      hlen=5 TOS=0 dlen=64 ID=54272 flags=0 offset=0 TTL=113 chksum=52980
TCP:  port=3958 -> dport: 27374  flags=******S* seq=4096242915
      ack=0 off=11 res=0 win=44620 urp=0 chksum=48510
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - WS len=3 data=03
       #4 - NOP len=0
       #5 - NOP len=0
       #6 - TS len=10 data=0000000000000000
       #7 - NOP len=0
       #8 - NOP len=0
       #9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 53) [2002-03-31 16:38:31]  TCP to 27374 SubSeven
IPv4: 24.241.0.203 -> 12.82.128.181
      hlen=5 TOS=0 dlen=64 ID=54404 flags=0 offset=0 TTL=109 chksum=53872
TCP:  port=3958 -> dport: 27374  flags=******S* seq=4096242915
      ack=0 off=11 res=0 win=44620 urp=0 chksum=48510
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - WS len=3 data=03
       #4 - NOP len=0
       #5 - NOP len=0
       #6 - TS len=10 data=0000000000000000
       #7 - NOP len=0
       #8 - NOP len=0
       #9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 54) [2002-03-31 16:47:27]  TCP to 6346 gnutella
IPv4: 172.169.141.5 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=62150 flags=0 offset=0 TTL=106 chksum=22347
TCP:  port=1132 -> dport: 6346  flags=******S* seq=715051676
      ack=0 off=7 res=0 win=16384 urp=0 chksum=25180
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 55) [2002-03-31 16:47:30]  TCP to 6346 gnutella
IPv4: 172.169.141.5 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=62189 flags=0 offset=0 TTL=106 chksum=22308
TCP:  port=1132 -> dport: 6346  flags=******S* seq=715051676
      ack=0 off=7 res=0 win=16384 urp=0 chksum=25180
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 56) [2002-03-31 16:51:11]  TCP to 6346 gnutella
IPv4: 216.78.102.106 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=35295 flags=0 offset=0 TTL=113 chksum=46120
TCP:  port=3485 -> dport: 6346  flags=******S* seq=3945468428
      ack=0 off=7 res=0 win=8160 urp=0 chksum=29764
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 57) [2002-03-31 16:51:13]  TCP to 6346 gnutella
IPv4: 216.78.102.106 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=35354 flags=0 offset=0 TTL=113 chksum=46061
TCP:  port=3485 -> dport: 6346  flags=******S* seq=3945468428
      ack=0 off=7 res=0 win=8160 urp=0 chksum=29764
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 58) [2002-03-31 16:52:21]  TCP to 1214 KaZaa
IPv4: 216.123.140.169 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=34703 flags=0 offset=0 TTL=19 chksum=60944
TCP:  port=1461 -> dport: 1214  flags=******S* seq=11827130
      ack=0 off=6 res=0 win=8192 urp=0 chksum=793
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 59) [2002-03-31 17:18:33]  TCP to 6346 gnutella
IPv4: 172.169.141.5 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=19261 flags=0 offset=0 TTL=106 chksum=65236
TCP:  port=2407 -> dport: 6346  flags=******S* seq=1215651677
      ack=0 off=7 res=0 win=16384 urp=0 chksum=45769
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 60) [2002-03-31 17:18:36]  TCP to 6346 gnutella
IPv4: 172.169.141.5 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=19291 flags=0 offset=0 TTL=106 chksum=65206
TCP:  port=2407 -> dport: 6346  flags=******S* seq=1215651677
      ack=0 off=7 res=0 win=16384 urp=0 chksum=45769
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 61) [2002-03-31 17:19:48]  Potential CodeRed/Nimda probe
IPv4: 12.228.110.226 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=18547 flags=0 offset=0 TTL=121 chksum=45191
TCP:  port=1999 -> dport: 80  flags=******S* seq=628626479
      ack=0 off=7 res=0 win=16384 urp=0 chksum=63627
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 62) [2002-03-31 17:19:50]  Potential CodeRed/Nimda probe
IPv4: 12.228.110.226 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=19180 flags=0 offset=0 TTL=121 chksum=44558
TCP:  port=1999 -> dport: 80  flags=******S* seq=628626479
      ack=0 off=7 res=0 win=16384 urp=0 chksum=63627
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 64) [2002-03-31 17:38:45]  UDP to 137 netBIOS ns
IPv4: 12.82.128.203 -> 12.82.128.181
      hlen=5 TOS=0 dlen=78 ID=37406 flags=0 offset=0 TTL=127 chksum=36700
UDP:  port=1110 -> dport: 137 len=58
Payload:  length = 50

000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41   .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 65) [2002-03-31 17:48:07]  Potential CodeRed/Nimda probe
IPv4: 12.238.89.135 -> 12.82.128.181
      hlen=5 TOS=0 dlen=64 ID=8997 flags=0 offset=0 TTL=116 chksum=61462
TCP:  port=1189 -> dport: 80  flags=******S* seq=1753785364
      ack=0 off=11 res=0 win=64240 urp=0 chksum=13826
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - WS len=3 data=00
       #4 - NOP len=0
       #5 - NOP len=0
       #6 - TS len=10 data=0000000000000000
       #7 - NOP len=0
       #8 - NOP len=0
       #9 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 66) [2002-03-31 17:48:10]  Potential CodeRed/Nimda probe
IPv4: 12.238.89.135 -> 12.82.128.181
      hlen=5 TOS=0 dlen=64 ID=9379 flags=0 offset=0 TTL=116 chksum=61080
TCP:  port=1189 -> dport: 80  flags=******S* seq=1753785364
      ack=0 off=11 res=0 win=64240 urp=0 chksum=13826
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - WS len=3 data=00
       #4 - NOP len=0
       #5 - NOP len=0
       #6 - TS len=10 data=0000000000000000
       #7 - NOP len=0
       #8 - NOP len=0
       #9 - SACKOK len=0
Payload: none



OS Guess: OpenBSD
 TTL = decrement from 64  --  nope: decrement from 128, above...
 Win Size = 0x4000 = 16384 dec  --  nope: 64240, above
*TCP options* = 9 = MSS, timestamp, SAckOK, WScale, 5 NOP's
 IP ID = random, need 2 packets
*SYN Packet (DgmLen) length* = 64  --  good
(TOS = 0x10?)


p0f:

Sun Mar 31 17:48:07 2002 12.238.89.135: UNKNOWN [64240:116:1460:1:0:1:1:64].
 + 12.238.89.135:1189 -> 12.82.128.181:80 (timestamp: 0 @1017625687)
Sun Mar 31 17:48:10 2002 12.238.89.135: UNKNOWN [64240:116:1460:1:0:1:1:64].
 + 12.238.89.135:1189 -> 12.82.128.181:80 (timestamp: 0 @1017625690)


------------------------------------------------------------------------------
#(13 - 78) [2002-03-31 18:05:58]  Potential CodeRed/Nimda probe
IPv4: 12.234.62.56 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=21890 flags=0 offset=0 TTL=118 chksum=55068
TCP:  port=4897 -> dport: 80  flags=******S* seq=3148137758
      ack=0 off=7 res=0 win=16384 urp=0 chksum=55077
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 79) [2002-03-31 18:06:01]  Potential CodeRed/Nimda probe
IPv4: 12.234.62.56 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=22353 flags=0 offset=0 TTL=118 chksum=54605
TCP:  port=4897 -> dport: 80  flags=******S* seq=3148137758
      ack=0 off=7 res=0 win=16384 urp=0 chksum=55077
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 80) [2002-03-31 18:26:02]  Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=63786 flags=0 offset=0 TTL=125 chksum=58875
TCP:  port=2641 -> dport: 80  flags=******S* seq=417015047
      ack=0 off=7 res=0 win=8760 urp=0 chksum=63938
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 81) [2002-03-31 18:26:05]  Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=64060 flags=0 offset=0 TTL=125 chksum=58601
TCP:  port=2641 -> dport: 80  flags=******S* seq=417015047
      ack=0 off=7 res=0 win=8760 urp=0 chksum=63938
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 83) [2002-03-31 18:42:46]  Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=38467 flags=0 offset=0 TTL=125 chksum=18659
TCP:  port=1759 -> dport: 80  flags=******S* seq=2772595514
      ack=0 off=7 res=0 win=8760 urp=0 chksum=8858
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 84) [2002-03-31 18:42:49]  Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=38767 flags=0 offset=0 TTL=125 chksum=18359
TCP:  port=1759 -> dport: 80  flags=******S* seq=2772595514
      ack=0 off=7 res=0 win=8760 urp=0 chksum=8858
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 85) [2002-03-31 18:44:44]  Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=49874 flags=0 offset=0 TTL=125 chksum=7252
TCP:  port=2678 -> dport: 80  flags=******S* seq=3040579247
      ack=0 off=7 res=0 win=8760 urp=0 chksum=62356
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 86) [2002-03-31 18:44:47]  Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=50125 flags=0 offset=0 TTL=125 chksum=7001
TCP:  port=2678 -> dport: 80  flags=******S* seq=3040579247
      ack=0 off=7 res=0 win=8760 urp=0 chksum=62356
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 87) [2002-03-31 18:58:11]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=33546 flags=0 offset=0 TTL=18 chksum=63781
TCP:  port=2142 -> dport: 1214  flags=******S* seq=5305380
      ack=0 off=6 res=0 win=8192 urp=0 chksum=35321
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 88) [2002-03-31 18:58:15]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=43018 flags=0 offset=0 TTL=18 chksum=54309
TCP:  port=2142 -> dport: 1214  flags=******S* seq=5305380
      ack=0 off=6 res=0 win=8192 urp=0 chksum=35321
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 89) [2002-03-31 18:58:21]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=779 flags=0 offset=0 TTL=18 chksum=31013
TCP:  port=2142 -> dport: 1214  flags=******S* seq=5305380
      ack=0 off=6 res=0 win=8192 urp=0 chksum=35321
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 90) [2002-03-31 18:58:33]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=46603 flags=0 offset=0 TTL=18 chksum=50724
TCP:  port=2142 -> dport: 1214  flags=******S* seq=5305380
      ack=0 off=6 res=0 win=8192 urp=0 chksum=35321
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 91) [2002-03-31 18:59:40]  TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=32689 flags=0 offset=0 TTL=111 chksum=40633
TCP:  port=2462 -> dport: 139  flags=******S* seq=3800115400
      ack=0 off=6 res=0 win=8192 urp=0 chksum=30034
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 92) [2002-03-31 18:59:43]  TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=38577 flags=0 offset=0 TTL=111 chksum=34745
TCP:  port=2462 -> dport: 139  flags=******S* seq=3800115400
      ack=0 off=6 res=0 win=8192 urp=0 chksum=30034
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 93) [2002-03-31 18:59:49]  TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=47537 flags=0 offset=0 TTL=111 chksum=25785
TCP:  port=2462 -> dport: 139  flags=******S* seq=3800115400
      ack=0 off=6 res=0 win=8192 urp=0 chksum=30034
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 94) [2002-03-31 19:00:02]  TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=11698 flags=0 offset=0 TTL=111 chksum=61624
TCP:  port=2462 -> dport: 139  flags=******S* seq=3800115400
      ack=0 off=6 res=0 win=8192 urp=0 chksum=30034
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 95) [2002-03-31 19:07:37]  Potential CodeRed/Nimda probe
IPv4: 12.239.80.104 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=4945 flags=0 offset=0 TTL=117 chksum=2073
TCP:  port=1288 -> dport: 80  flags=******S* seq=4062097792
      ack=0 off=7 res=0 win=16384 urp=0 chksum=45001
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 96) [2002-03-31 19:07:40]  Potential CodeRed/Nimda probe
IPv4: 12.239.80.104 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=5188 flags=0 offset=0 TTL=117 chksum=1830
TCP:  port=1288 -> dport: 80  flags=******S* seq=4062097792
      ack=0 off=7 res=0 win=16384 urp=0 chksum=45001
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 97) [2002-03-31 19:14:33]  Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=42244 flags=0 offset=0 TTL=125 chksum=14882
TCP:  port=2532 -> dport: 80  flags=******S* seq=2889329988
      ack=0 off=7 res=0 win=8760 urp=0 chksum=56981
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 98) [2002-03-31 19:14:36]  Potential CodeRed/Nimda probe
IPv4: 12.82.133.72 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=42595 flags=0 offset=0 TTL=125 chksum=14531
TCP:  port=2532 -> dport: 80  flags=******S* seq=2889329988
      ack=0 off=7 res=0 win=8760 urp=0 chksum=56981
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 99) [2002-03-31 19:14:43]  TCP to 6346 gnutella
IPv4: 209.94.201.241 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=35223 flags=0 offset=0 TTL=115 chksum=21977
TCP:  port=3704 -> dport: 6346  flags=******S* seq=48092800
      ack=0 off=7 res=0 win=8192 urp=0 chksum=15812
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 102) [2002-03-31 19:16:04]  TCP to 6346 gnutella
IPv4: 209.94.201.241 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=61337 flags=0 offset=0 TTL=115 chksum=61398
TCP:  port=3791 -> dport: 6346  flags=******S* seq=48187017
      ack=0 off=7 res=0 win=8192 urp=0 chksum=52578
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 103) [2002-03-31 19:16:07]  TCP to 6346 gnutella
IPv4: 209.94.201.241 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=1946 flags=0 offset=0 TTL=115 chksum=55254
TCP:  port=3791 -> dport: 6346  flags=******S* seq=48187017
      ack=0 off=7 res=0 win=8192 urp=0 chksum=52578
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 104) [2002-03-31 19:16:12]  TCP to 6346 gnutella
IPv4: 209.94.201.241 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=13978 flags=0 offset=0 TTL=115 chksum=43222
TCP:  port=3791 -> dport: 6346  flags=******S* seq=48187017
      ack=0 off=7 res=0 win=8192 urp=0 chksum=52578
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 105) [2002-03-31 19:16:24]  TCP to 6346 gnutella
IPv4: 209.94.201.241 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=39578 flags=0 offset=0 TTL=115 chksum=17622
TCP:  port=3791 -> dport: 6346  flags=******S* seq=48187017
      ack=0 off=7 res=0 win=8192 urp=0 chksum=52578
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 100) [2002-03-31 19:14:52]  ICMP echo request
IPv4: 196.3.132.1 -> 12.82.128.181
      hlen=5 TOS=0 dlen=1500 ID=30576 flags=0 offset=0 TTL=240 chksum=14500
ICMP: type=Echo Request code=0
      checksum=63487 id=0 seq=0
Payload:  length = 1472

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
200 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
210 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
220 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
230 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
240 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
250 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
290 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
300 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
310 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
320 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
330 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
340 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
350 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
360 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
370 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
380 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
590 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
5a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
5b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
------------------------------------------------------------------------------
#(13 - 101) [2002-03-31 19:15:17]  ICMP echo request
IPv4: 196.3.132.1 -> 12.82.128.181
      hlen=5 TOS=0 dlen=1500 ID=33949 flags=0 offset=0 TTL=240 chksum=11127
ICMP: type=Echo Request code=0
      checksum=63485 id=0 seq=2
Payload:  length = 1472

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
200 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
210 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
220 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
230 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
240 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
250 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
290 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
2f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
300 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
310 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
320 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
330 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
340 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
350 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
360 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
370 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
380 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
590 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
5a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
5b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 106) [2002-03-31 19:26:53]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=7985 flags=0 offset=0 TTL=18 chksum=23807
TCP:  port=3351 -> dport: 1214  flags=******S* seq=7027779
      ack=0 off=6 res=0 win=8192 urp=0 chksum=15623
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 107) [2002-03-31 19:26:57]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=13361 flags=0 offset=0 TTL=18 chksum=18431
TCP:  port=3351 -> dport: 1214  flags=******S* seq=7027779
      ack=0 off=6 res=0 win=8192 urp=0 chksum=15623
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 108) [2002-03-31 19:27:02]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=18481 flags=0 offset=0 TTL=18 chksum=13311
TCP:  port=3351 -> dport: 1214  flags=******S* seq=7027779
      ack=0 off=6 res=0 win=8192 urp=0 chksum=15623
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 109) [2002-03-31 19:27:16]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=36657 flags=0 offset=0 TTL=18 chksum=60670
TCP:  port=3351 -> dport: 1214  flags=******S* seq=7027779
      ack=0 off=6 res=0 win=8192 urp=0 chksum=15623
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 110) [2002-03-31 19:40:04]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=57158 flags=0 offset=0 TTL=18 chksum=40169
TCP:  port=3974 -> dport: 1214  flags=******S* seq=7818767
      ack=0 off=6 res=0 win=8192 urp=0 chksum=10432
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 111) [2002-03-31 19:40:07]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=2887 flags=0 offset=0 TTL=18 chksum=28905
TCP:  port=3974 -> dport: 1214  flags=******S* seq=7818767
      ack=0 off=6 res=0 win=8192 urp=0 chksum=10432
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 112) [2002-03-31 19:40:14]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=20551 flags=0 offset=0 TTL=18 chksum=11241
TCP:  port=3974 -> dport: 1214  flags=******S* seq=7818767
      ack=0 off=6 res=0 win=8192 urp=0 chksum=10432
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 113) [2002-03-31 19:40:25]  TCP to 1214 KaZaa
IPv4: 216.123.135.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=44 ID=62279 flags=0 offset=0 TTL=18 chksum=35048
TCP:  port=3974 -> dport: 1214  flags=******S* seq=7818767
      ack=0 off=6 res=0 win=8192 urp=0 chksum=10432
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 114) [2002-03-31 19:54:22]  UDP to 137 netBIOS ns
IPv4: 203.176.43.10 -> 12.82.128.181
      hlen=5 TOS=0 dlen=78 ID=8229 flags=0 offset=0 TTL=109 chksum=43448
UDP:  port=1026 -> dport: 137 len=58
Payload:  length = 50

000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41   .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 115) [2002-03-31 20:10:53]  Potential CodeRed/Nimda probe
IPv4: 12.232.135.66 -> 12.82.128.181
      hlen=5 TOS=16 dlen=44 ID=2126 flags=0 offset=0 TTL=117 chksum=56380
TCP:  port=2582 -> dport: 80  flags=******S* seq=45072868
      ack=0 off=6 res=0 win=8192 urp=0 chksum=34811
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(13 - 116) [2002-03-31 20:10:55]  Potential CodeRed/Nimda probe
IPv4: 12.232.135.66 -> 12.82.128.181
      hlen=5 TOS=16 dlen=44 ID=56655 flags=0 offset=0 TTL=117 chksum=1851
TCP:  port=2582 -> dport: 80  flags=******S* seq=45072868
      ack=0 off=6 res=0 win=8192 urp=0 chksum=34811
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 117) [2002-03-31 20:15:22]  Potential CodeRed/Nimda probe
IPv4: 12.82.129.150 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=18147 flags=0 offset=0 TTL=126 chksum=39669
TCP:  port=2762 -> dport: 80  flags=******S* seq=1205857593
      ack=0 off=7 res=0 win=8760 urp=0 chksum=1477
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 118) [2002-03-31 20:15:25]  Potential CodeRed/Nimda probe
IPv4: 12.82.129.150 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=18439 flags=0 offset=0 TTL=126 chksum=39377
TCP:  port=2762 -> dport: 80  flags=******S* seq=1205857593
      ack=0 off=7 res=0 win=8760 urp=0 chksum=1477
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 119) [2002-03-31 20:24:42]  Potential CodeRed/Nimda probe
IPv4: 12.238.245.200 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=573 flags=0 offset=0 TTL=115 chksum=30157
TCP:  port=1979 -> dport: 80  flags=******S* seq=175595955
      ack=0 off=7 res=0 win=16384 urp=0 chksum=16172
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 120) [2002-03-31 20:24:45]  Potential CodeRed/Nimda probe
IPv4: 12.238.245.200 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=849 flags=0 offset=0 TTL=115 chksum=29881
TCP:  port=1979 -> dport: 80  flags=******S* seq=175595955
      ack=0 off=7 res=0 win=16384 urp=0 chksum=16172
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 121) [2002-03-31 20:32:59]  Potential CodeRed/Nimda probe
IPv4: 12.82.65.95 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=50014 flags=0 offset=0 TTL=119 chksum=26033
TCP:  port=3046 -> dport: 80  flags=******S* seq=3924638839
      ack=0 off=7 res=0 win=8760 urp=847 chksum=20549
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 122) [2002-03-31 20:33:02]  Potential CodeRed/Nimda probe
IPv4: 12.82.65.95 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=50245 flags=0 offset=0 TTL=119 chksum=25802
TCP:  port=3046 -> dport: 80  flags=******S* seq=3924638839
      ack=0 off=7 res=0 win=8760 urp=0 chksum=21396
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 123) [2002-03-31 20:54:35]  TCP to 1080 socks
IPv4: 24.95.198.59 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=10449 flags=0 offset=0 TTL=102 chksum=32853
TCP:  port=4017 -> dport: 1080  flags=******S* seq=3156507332
      ack=0 off=7 res=0 win=16384 urp=0 chksum=36011
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 124) [2002-03-31 20:54:59]  Potential CodeRed/Nimda probe
IPv4: 62.122.0.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=40 ID=61255 flags=0 offset=0 TTL=29 chksum=58094
TCP:  port=60136 -> dport: 80  flags=***A**** seq=441982027
      ack=1724502731 off=5 res=0 win=2048 urp=0 chksum=32969
Payload: none
------------------------------------------------------------------------------
#(13 - 125) [2002-03-31 20:55:00]  Potential CodeRed/Nimda probe
IPv4: 62.122.0.25 -> 12.82.128.181
      hlen=5 TOS=0 dlen=40 ID=64062 flags=0 offset=0 TTL=29 chksum=55287
TCP:  port=60137 -> dport: 80  flags=***A**** seq=3830979667
      ack=776750476 off=5 res=0 win=2048 urp=0 chksum=31868
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 126) [2002-03-31 21:03:06]  Potential CodeRed/Nimda probe
IPv4: 12.253.212.251 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=6318 flags=0 offset=0 TTL=118 chksum=32026
TCP:  port=3506 -> dport: 80  flags=******S* seq=186359048
      ack=0 off=7 res=0 win=16384 urp=0 chksum=7674
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 127) [2002-03-31 21:03:10]  Potential CodeRed/Nimda probe
IPv4: 12.253.212.251 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=6793 flags=0 offset=0 TTL=118 chksum=31551
TCP:  port=3506 -> dport: 80  flags=******S* seq=186359048
      ack=0 off=7 res=0 win=16384 urp=0 chksum=7674
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 128) [2002-03-31 21:13:58]  Potential CodeRed/Nimda probe
IPv4: 12.82.65.178 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=35950 flags=0 offset=0 TTL=119 chksum=40014
TCP:  port=1124 -> dport: 80  flags=******S* seq=1050051389
      ack=0 off=7 res=0 win=8760 urp=0 chksum=48980
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 129) [2002-03-31 21:14:01]  Potential CodeRed/Nimda probe
IPv4: 12.82.65.178 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=36311 flags=0 offset=0 TTL=119 chksum=39653
TCP:  port=1124 -> dport: 80  flags=******S* seq=1050051389
      ack=0 off=7 res=0 win=8760 urp=0 chksum=48980
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 130) [2002-03-31 21:36:10]  Potential CodeRed/Nimda probe
IPv4: 12.82.239.227 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=2553 flags=0 offset=0 TTL=117 chksum=29330
TCP:  port=4242 -> dport: 80  flags=******S* seq=808586118
      ack=0 off=7 res=0 win=16384 urp=0 chksum=28076
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 131) [2002-03-31 21:40:14]  Potential CodeRed/Nimda probe
IPv4: 12.82.65.178 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=1189 flags=0 offset=0 TTL=119 chksum=9240
TCP:  port=4323 -> dport: 80  flags=******S* seq=426899772
      ack=0 off=7 res=0 win=8760 urp=0 chksum=25083
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 132) [2002-03-31 21:40:18]  Potential CodeRed/Nimda probe
IPv4: 12.82.65.178 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=1487 flags=0 offset=0 TTL=119 chksum=8942
TCP:  port=4323 -> dport: 80  flags=******S* seq=426899772
      ack=0 off=7 res=0 win=8760 urp=0 chksum=25083
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 145) [2002-03-31 21:40:48]  Potential CodeRed/Nimda probe
IPv4: 12.253.189.252 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=27685 flags=0 offset=0 TTL=117 chksum=16802
TCP:  port=1878 -> dport: 80  flags=******S* seq=166771085
      ack=0 off=7 res=0 win=16384 urp=0 chksum=8187
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 146) [2002-03-31 21:40:54]  UDP to 53 domain
IPv4: 65.214.50.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=72 ID=34081 flags=0 offset=0 TTL=48 chksum=1061
UDP:  port=54627 -> dport: 53 len=52
Payload:  length = 44

000 : 2C 41 01 00 00 01 00 00 00 00 00 00 03 31 38 31   ,A...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64   .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(13 - 147) [2002-03-31 21:40:55]  UDP to 53 domain
IPv4: 208.254.18.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=72 ID=58909 flags=0 offset=0 TTL=49 chksum=13056
UDP:  port=30150 -> dport: 53 len=52
Payload:  length = 44

000 : 74 3F 01 00 00 01 00 00 00 00 00 00 03 31 38 31   t?...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64   .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(13 - 148) [2002-03-31 21:40:55]  UDP to 53 domain
IPv4: 193.45.3.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=72 ID=43574 flags=0 offset=0 TTL=50 chksum=36024
UDP:  port=62695 -> dport: 53 len=52
Payload:  length = 44

000 : A9 39 01 00 00 01 00 00 00 00 00 00 03 31 38 31   .9...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64   .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(13 - 149) [2002-03-31 21:40:55]  UDP to 53 domain
IPv4: 206.65.191.194 -> 12.82.128.181
      hlen=5 TOS=0 dlen=72 ID=40053 flags=0 offset=0 TTL=49 chksum=53796
UDP:  port=11318 -> dport: 53 len=52
Payload:  length = 44

000 : A6 44 01 00 00 01 00 00 00 00 00 00 03 31 38 31   .D...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64   .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(13 - 150) [2002-03-31 21:41:04]  UDP to 53 domain
IPv4: 65.214.50.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=72 ID=34297 flags=0 offset=0 TTL=48 chksum=845
UDP:  port=54627 -> dport: 53 len=52
Payload:  length = 44

000 : 41 41 01 00 00 01 00 00 00 00 00 00 03 31 38 31   AA...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64   .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(13 - 151) [2002-03-31 21:41:04]  UDP to 53 domain
IPv4: 208.254.18.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=72 ID=59390 flags=0 offset=0 TTL=49 chksum=12575
UDP:  port=30150 -> dport: 53 len=52
Payload:  length = 44

000 : 82 3F 01 00 00 01 00 00 00 00 00 00 03 31 38 31   .?...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64   .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(13 - 152) [2002-03-31 21:41:04]  UDP to 53 domain
IPv4: 193.45.3.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=72 ID=43776 flags=0 offset=0 TTL=50 chksum=35822
UDP:  port=62695 -> dport: 53 len=52
Payload:  length = 44

000 : B8 39 01 00 00 01 00 00 00 00 00 00 03 31 38 31   .9...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64   .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(13 - 153) [2002-03-31 21:41:04]  UDP to 53 domain
IPv4: 206.65.191.194 -> 12.82.128.181
      hlen=5 TOS=0 dlen=72 ID=40258 flags=0 offset=0 TTL=49 chksum=53591
UDP:  port=11318 -> dport: 53 len=52
Payload:  length = 44

000 : C3 44 01 00 00 01 00 00 00 00 00 00 03 31 38 31   .D...........181
010 : 03 31 32 38 02 38 32 02 31 32 07 69 6E 2D 61 64   .128.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(13 - 133) [2002-03-31 21:40:24]  ICMP echo request
IPv4: 65.214.50.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=33362 flags=0 offset=0 TTL=48 chksum=1784
ICMP: type=Echo Request code=0
      checksum=46350 id=22275 seq=5114
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 134) [2002-03-31 21:40:24]  ICMP echo request
IPv4: 208.254.18.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=58032 flags=0 offset=0 TTL=49 chksum=13937
ICMP: type=Echo Request code=0
      checksum=34066 id=37633 seq=2040
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------
#(13 - 135) [2002-03-31 21:40:24]  ICMP echo request
IPv4: 193.45.3.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=42918 flags=0 offset=0 TTL=50 chksum=36684
ICMP: type=Echo Request code=0
      checksum=55335 id=39681 seq=44258
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------
#(13 - 136) [2002-03-31 21:40:24]  ICMP echo request
IPv4: 206.65.191.194 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=39293 flags=0 offset=0 TTL=49 chksum=54560
ICMP: type=Echo Request code=0
      checksum=35323 id=37633 seq=783
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------
#(13 - 137) [2002-03-31 21:40:34]  ICMP echo request
IPv4: 65.214.50.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=33579 flags=0 offset=0 TTL=48 chksum=1567
ICMP: type=Echo Request code=0
      checksum=24078 id=22275 seq=27386
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------
#(13 - 138) [2002-03-31 21:40:34]  ICMP echo request
IPv4: 208.254.18.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=58472 flags=0 offset=0 TTL=49 chksum=13497
ICMP: type=Echo Request code=0
      checksum=16402 id=37633 seq=19704
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------
#(13 - 139) [2002-03-31 21:40:34]  ICMP echo request
IPv4: 193.45.3.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=43115 flags=0 offset=0 TTL=50 chksum=36487
ICMP: type=Echo Request code=0
      checksum=35367 id=39681 seq=64226
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------
#(13 - 140) [2002-03-31 21:40:34]  ICMP echo request
IPv4: 206.65.191.194 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=39520 flags=0 offset=0 TTL=49 chksum=54333
ICMP: type=Echo Request code=0
      checksum=10235 id=37633 seq=25871
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------
#(13 - 141) [2002-03-31 21:40:45]  ICMP echo request
IPv4: 65.214.50.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=33769 flags=0 offset=0 TTL=48 chksum=1377
ICMP: type=Echo Request code=0
      checksum=4366 id=22275 seq=47098
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------
#(13 - 142) [2002-03-31 21:40:45]  ICMP echo request
IPv4: 208.254.18.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=58704 flags=0 offset=0 TTL=49 chksum=13265
ICMP: type=Echo Request code=0
      checksum=61201 id=37633 seq=40440
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------
#(13 - 143) [2002-03-31 21:40:46]  ICMP echo request
IPv4: 193.45.3.130 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=43305 flags=0 offset=0 TTL=50 chksum=36297
ICMP: type=Echo Request code=0
      checksum=17447 id=39681 seq=16611
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------
#(13 - 144) [2002-03-31 21:40:46]  ICMP echo request
IPv4: 206.65.191.194 -> 12.82.128.181
      hlen=5 TOS=0 dlen=84 ID=39719 flags=0 offset=0 TTL=49 chksum=54134
ICMP: type=Echo Request code=0
      checksum=53242 id=37633 seq=48399
Payload:  length = 56

000 : 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ................
010 : 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
020 : 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
030 : 38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(13 - 154) [2002-03-31 21:50:43]  Potential CodeRed/Nimda probe
IPv4: 12.224.212.194 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=63566 flags=0 offset=0 TTL=121 chksum=39631
TCP:  port=1272 -> dport: 80  flags=******S* seq=1613136110
      ack=0 off=7 res=0 win=16384 urp=0 chksum=60952
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 155) [2002-03-31 22:21:18]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=38122 flags=0 offset=0 TTL=125 chksum=9345
TCP:  port=3181 -> dport: 80  flags=******S* seq=3537384796
      ack=0 off=7 res=0 win=8760 urp=0 chksum=1945
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 156) [2002-03-31 22:21:21]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=38402 flags=0 offset=0 TTL=125 chksum=9065
TCP:  port=3181 -> dport: 80  flags=******S* seq=3537384796
      ack=0 off=7 res=0 win=8760 urp=0 chksum=1945
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(13 - 160) [2002-03-31 22:40:24]  Potential CodeRed/Nimda probe
IPv4: 12.237.181.33 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=14053 flags=0 offset=0 TTL=116 chksum=32973
TCP:  port=1681 -> dport: 80  flags=******S* seq=3796612463
      ack=0 off=7 res=0 win=16384 urp=0 chksum=21869
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(13 - 161) [2002-03-31 22:40:26]  Potential CodeRed/Nimda probe
IPv4: 12.237.181.33 -> 12.82.128.181
      hlen=5 TOS=0 dlen=48 ID=14531 flags=0 offset=0 TTL=116 chksum=32495
TCP:  port=1681 -> dport: 80  flags=******S* seq=3796612463
      ack=0 off=7 res=0 win=16384 urp=0 chksum=21869
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(14 - 1) [2002-03-31 22:52:43]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=29064 flags=0 offset=0 TTL=125 chksum=15452
TCP:  port=1805 -> dport: 80  flags=******S* seq=3504155441
      ack=0 off=7 res=0 win=8760 urp=0 chksum=3480
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 2) [2002-03-31 22:52:46]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=29335 flags=0 offset=0 TTL=125 chksum=15181
TCP:  port=1805 -> dport: 80  flags=******S* seq=3504155441
      ack=0 off=7 res=0 win=8760 urp=0 chksum=3480
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(14 - 5) [2002-03-31 23:55:06]  TCP to 53 domain
IPv4: 68.2.165.52 -> 12.82.140.60
      hlen=5 TOS=0 dlen=60 ID=2239 flags=0 offset=0 TTL=49 chksum=48952
TCP:  port=1567 -> dport: 53  flags=******S* seq=1109312131
      ack=0 off=10 res=0 win=32120 urp=0 chksum=54296
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=0030698B00000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------


jsage@finchhaven.com
Last modified: Thu Apr 4 20:18:02 2002