ACID Report: 04-01-02


Sorted by time

To: toot@sparky.finchhaven.net
Subject: ACID Incident Report
From: ACID Alert 

Generated by ACID v0.9.6b21 on Wed April 03, 2002 21:04:35

------------------------------------------------------------------------------
#(14 - 6) [2002-04-01 00:40:01]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=11594 flags=0 offset=0 TTL=125 chksum=32922
TCP:  port=2805 -> dport: 80  flags=******S* seq=926744117
      ack=0 off=7 res=0 win=8760 urp=0 chksum=53324
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 7) [2002-04-01 00:40:03]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=11828 flags=0 offset=0 TTL=125 chksum=32688
TCP:  port=2805 -> dport: 80  flags=******S* seq=926744117
      ack=0 off=7 res=0 win=8760 urp=0 chksum=53324
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(14 - 8) [2002-04-01 01:05:04]  Potential CodeRed/Nimda probe
IPv4: 12.222.192.110 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=17718 flags=0 offset=0 TTL=118 chksum=22967
TCP:  port=2475 -> dport: 80  flags=******S* seq=161958667
      ack=0 off=7 res=0 win=16384 urp=0 chksum=32407
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 9) [2002-04-01 01:05:07]  Potential CodeRed/Nimda probe
IPv4: 12.222.192.110 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=18099 flags=0 offset=0 TTL=118 chksum=22586
TCP:  port=2475 -> dport: 80  flags=******S* seq=161958667
      ack=0 off=7 res=0 win=16384 urp=0 chksum=32407
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(14 - 10) [2002-04-01 01:15:19]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=18624 flags=0 offset=0 TTL=125 chksum=25892
TCP:  port=2515 -> dport: 80  flags=******S* seq=1392016982
      ack=0 off=7 res=0 win=8760 urp=0 chksum=13714
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 11) [2002-04-01 01:15:21]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=18997 flags=0 offset=0 TTL=125 chksum=25519
TCP:  port=2515 -> dport: 80  flags=******S* seq=1392016982
      ack=0 off=7 res=0 win=8760 urp=0 chksum=13714
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(14 - 12) [2002-04-01 02:20:19]  TCP to 23 telnet
IPv4: 209.143.73.128 -> 12.82.140.60
      hlen=5 TOS=0 dlen=60 ID=42684 flags=0 offset=0 TTL=47 chksum=61793
TCP:  port=4706 -> dport: 23  flags=******S* seq=1904126153
      ack=0 off=10 res=0 win=32120 urp=0 chksum=31105
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=1059605500000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(14 - 13) [2002-04-01 02:20:22]  TCP to 23 telnet
IPv4: 209.143.73.128 -> 12.82.140.60
      hlen=5 TOS=0 dlen=60 ID=43190 flags=0 offset=0 TTL=47 chksum=61287
TCP:  port=4706 -> dport: 23  flags=******S* seq=1904126153
      ack=0 off=10 res=0 win=32120 urp=0 chksum=30805
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=1059618100000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(14 - 14) [2002-04-01 02:21:36]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=17809 flags=0 offset=0 TTL=125 chksum=26707
TCP:  port=1559 -> dport: 80  flags=******S* seq=1642835529
      ack=0 off=7 res=0 win=8760 urp=0 chksum=64103
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 15) [2002-04-01 02:21:39]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=18067 flags=0 offset=0 TTL=125 chksum=26449
TCP:  port=1559 -> dport: 80  flags=******S* seq=1642835529
      ack=0 off=7 res=0 win=8760 urp=0 chksum=64103
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 16) [2002-04-01 02:55:16]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=27851 flags=0 offset=0 TTL=125 chksum=16665
TCP:  port=2702 -> dport: 80  flags=******S* seq=1940204488
      ack=0 off=7 res=0 win=8760 urp=0 chksum=26296
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 17) [2002-04-01 02:55:19]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=28083 flags=0 offset=0 TTL=125 chksum=16433
TCP:  port=2702 -> dport: 80  flags=******S* seq=1940204488
      ack=0 off=7 res=0 win=8760 urp=0 chksum=26296
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 18) [2002-04-01 03:55:48]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=57158 flags=0 offset=0 TTL=125 chksum=52893
TCP:  port=3075 -> dport: 80  flags=******S* seq=1557933216
      ack=0 off=7 res=0 win=8760 urp=0 chksum=31540
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 19) [2002-04-01 03:55:51]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=57424 flags=0 offset=0 TTL=125 chksum=52627
TCP:  port=3075 -> dport: 80  flags=******S* seq=1557933216
      ack=0 off=7 res=0 win=8760 urp=0 chksum=31540
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 20) [2002-04-01 04:35:08]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=29648 flags=0 offset=0 TTL=125 chksum=14868
TCP:  port=1730 -> dport: 80  flags=******S* seq=2594089199
      ack=0 off=7 res=0 win=8760 urp=0 chksum=50787
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 21) [2002-04-01 04:35:11]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
      hlen=5 TOS=0 dlen=48 ID=29984 flags=0 offset=0 TTL=125 chksum=14532
TCP:  port=1730 -> dport: 80  flags=******S* seq=2594089199
      ack=0 off=7 res=0 win=8760 urp=0 chksum=50787
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(14 - 22) [2002-04-01 04:55:42]  TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.140.60
      hlen=5 TOS=0 dlen=60 ID=1062 flags=0 offset=0 TTL=50 chksum=19171
TCP:  port=4821 -> dport: 21  flags=******S* seq=908373943
      ack=0 off=10 res=0 win=32120 urp=0 chksum=43282
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=1A79148A00000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(14 - 23) [2002-04-01 04:55:45]  TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.140.60
      hlen=5 TOS=0 dlen=60 ID=1989 flags=0 offset=0 TTL=50 chksum=18244
TCP:  port=4821 -> dport: 21  flags=******S* seq=908373943
      ack=0 off=10 res=0 win=32120 urp=0 chksum=42982
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=1A7915B600000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(14 - 24) [2002-04-01 05:10:40]  TCP to 21 ftp
IPv4: 80.139.44.106 -> 12.82.140.60
      hlen=5 TOS=0 dlen=52 ID=24068 flags=0 offset=0 TTL=237 chksum=6716
TCP:  port=1192 -> dport: 21  flags=******S* seq=1120471204
      ack=0 off=8 res=0 win=32767 urp=0 chksum=35199
      Options:
       #1 - MSS len=4 data=05A0
       #2 - NOP len=0
       #3 - WS len=3 data=00
       #4 - NOP len=0
       #5 - NOP len=0
       #6 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(15 - 1) [2002-04-01 07:23:38]  UDP to 137 netBIOS ns
IPv4: 151.203.116.145 -> 12.82.128.230
      hlen=5 TOS=0 dlen=78 ID=15060 flags=0 offset=0 TTL=110 chksum=30774
UDP:  port=1048 -> dport: 137 len=58
Payload:  length = 50

000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41   .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------
#(15 - 2) [2002-04-01 08:01:27]  UDP to 137 netBIOS ns
IPv4: 67.40.51.133 -> 12.82.128.230
      hlen=5 TOS=0 dlen=78 ID=17033 flags=0 offset=0 TTL=114 chksum=561
UDP:  port=63040 -> dport: 137 len=58
Payload:  length = 50

000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41   .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(15 - 3) [2002-04-01 08:29:53]  TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.128.230
      hlen=5 TOS=0 dlen=60 ID=9176 flags=0 offset=0 TTL=50 chksum=13959
TCP:  port=2000 -> dport: 21  flags=******S* seq=1593516133
      ack=0 off=10 res=0 win=32120 urp=0 chksum=35254
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=1A8CB0A900000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(15 - 4) [2002-04-01 08:29:56]  TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.128.230
      hlen=5 TOS=0 dlen=60 ID=10068 flags=0 offset=0 TTL=50 chksum=13067
TCP:  port=2000 -> dport: 21  flags=******S* seq=1593516133
      ack=0 off=10 res=0 win=32120 urp=0 chksum=34954
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=1A8CB1D500000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(15 - 5) [2002-04-01 08:40:25]  TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.128.230
      hlen=5 TOS=0 dlen=60 ID=5548 flags=0 offset=0 TTL=50 chksum=17587
TCP:  port=4439 -> dport: 21  flags=******S* seq=2253515947
      ack=0 off=10 res=0 win=32120 urp=0 chksum=38392
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=1A8DA74200000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(15 - 6) [2002-04-01 08:40:28]  TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.128.230
      hlen=5 TOS=0 dlen=60 ID=6382 flags=0 offset=0 TTL=50 chksum=16753
TCP:  port=4439 -> dport: 21  flags=******S* seq=2253515947
      ack=0 off=10 res=0 win=32120 urp=0 chksum=38092
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=1A8DA86E00000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(15 - 7) [2002-04-01 10:01:53]  TCP to 27374 SubSeven
IPv4: 200.28.185.30 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=59898 flags=0 offset=0 TTL=111 chksum=4954
TCP:  port=3966 -> dport: 27374  flags=******S* seq=2522688469
      ack=0 off=7 res=0 win=2144 urp=0 chksum=13129
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 8) [2002-04-01 10:01:56]  TCP to 27374 SubSeven
IPv4: 200.28.185.30 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=60181 flags=0 offset=0 TTL=111 chksum=4671
TCP:  port=3966 -> dport: 27374  flags=******S* seq=2522688469
      ack=0 off=7 res=0 win=2144 urp=0 chksum=13129
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 9) [2002-04-01 10:02:03]  TCP to 27374 SubSeven
IPv4: 200.28.185.30 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=60682 flags=0 offset=0 TTL=111 chksum=4170
TCP:  port=3966 -> dport: 27374  flags=******S* seq=2522688469
      ack=0 off=7 res=0 win=2144 urp=0 chksum=13129
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(15 - 10) [2002-04-01 10:19:47]  TCP to 27374 SubSeven
IPv4: 67.80.114.112 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=40046 flags=0 offset=0 TTL=111 chksum=11361
TCP:  port=2055 -> dport: 27374  flags=******S* seq=68240366
      ack=0 off=7 res=0 win=8192 urp=0 chksum=25906
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 11) [2002-04-01 10:19:50]  TCP to 27374 SubSeven
IPv4: 67.80.114.112 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=47214 flags=0 offset=0 TTL=111 chksum=4193
TCP:  port=2055 -> dport: 27374  flags=******S* seq=68240366
      ack=0 off=7 res=0 win=8192 urp=0 chksum=25906
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 12) [2002-04-01 10:19:56]  TCP to 27374 SubSeven
IPv4: 67.80.114.112 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=1135 flags=0 offset=0 TTL=111 chksum=50272
TCP:  port=2055 -> dport: 27374  flags=******S* seq=68240366
      ack=0 off=7 res=0 win=8192 urp=0 chksum=25906
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 13) [2002-04-01 10:20:08]  TCP to 27374 SubSeven
IPv4: 67.80.114.112 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=29039 flags=0 offset=0 TTL=111 chksum=22368
TCP:  port=2055 -> dport: 27374  flags=******S* seq=68240366
      ack=0 off=7 res=0 win=8192 urp=0 chksum=25906
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(15 - 15) [2002-04-01 11:14:46]  TCP to 27374 SubSeven
IPv4: 172.161.58.93 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=44270 flags=0 offset=0 TTL=106 chksum=61346
TCP:  port=2524 -> dport: 27374  flags=******S* seq=2779501276
      ack=0 off=7 res=0 win=16384 urp=0 chksum=57849
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 16) [2002-04-01 11:14:49]  TCP to 27374 SubSeven
IPv4: 172.161.58.93 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=44339 flags=0 offset=0 TTL=106 chksum=61277
TCP:  port=2524 -> dport: 27374  flags=******S* seq=2779501276
      ack=0 off=7 res=0 win=16384 urp=0 chksum=57849
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(15 - 17) [2002-04-01 11:49:08]  TCP to 27374 SubSeven
IPv4: 12.35.123.106 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=7550 flags=0 offset=0 TTL=118 chksum=53892
TCP:  port=1296 -> dport: 27374  flags=******S* seq=2087323441
      ack=0 off=7 res=0 win=8760 urp=0 chksum=23588
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 18) [2002-04-01 11:49:11]  TCP to 27374 SubSeven
IPv4: 12.35.123.106 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=7619 flags=0 offset=0 TTL=118 chksum=53823
TCP:  port=1296 -> dport: 27374  flags=******S* seq=2087323441
      ack=0 off=7 res=0 win=8760 urp=0 chksum=23588
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 19) [2002-04-01 11:49:17]  TCP to 27374 SubSeven
IPv4: 12.35.123.106 -> 12.82.128.230
      hlen=5 TOS=0 dlen=48 ID=7736 flags=0 offset=0 TTL=118 chksum=53706
TCP:  port=1296 -> dport: 27374  flags=******S* seq=2087323441
      ack=0 off=7 res=0 win=8760 urp=0 chksum=23588
      Options:
       #1 - MSS len=4 data=0218
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(15 - 20) [2002-04-01 12:32:55]  Potential CodeRed/Nimda probe
IPv4: 12.82.142.100 -> 12.82.128.230
      hlen=5 TOS=0 dlen=44 ID=60481 flags=0 offset=0 TTL=125 chksum=59803
TCP:  port=1256 -> dport: 80  flags=******S* seq=15753909
      ack=0 off=6 res=0 win=8192 urp=0 chksum=59226
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(15 - 21) [2002-04-01 12:36:48]  Potential CodeRed/Nimda probe
IPv4: 12.82.142.100 -> 12.82.128.230
      hlen=5 TOS=0 dlen=44 ID=9694 flags=0 offset=0 TTL=125 chksum=45055
TCP:  port=4053 -> dport: 80  flags=******S* seq=15986255
      ack=0 off=6 res=0 win=8192 urp=0 chksum=20688
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(15 - 22) [2002-04-01 12:36:51]  Potential CodeRed/Nimda probe
IPv4: 12.82.142.100 -> 12.82.128.230
      hlen=5 TOS=0 dlen=44 ID=21472 flags=0 offset=0 TTL=125 chksum=33277
TCP:  port=4053 -> dport: 80  flags=******S* seq=15986255
      ack=0 off=6 res=0 win=8192 urp=0 chksum=20688
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(17 - 1) [2002-04-01 14:13:33]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.128.19
      hlen=5 TOS=0 dlen=48 ID=43479 flags=0 offset=0 TTL=125 chksum=11907
TCP:  port=3083 -> dport: 80  flags=******S* seq=1754742231
      ack=0 off=7 res=0 win=16384 urp=0 chksum=27368
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(17 - 2) [2002-04-01 14:13:36]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.128.19
      hlen=5 TOS=0 dlen=48 ID=43761 flags=0 offset=0 TTL=125 chksum=11625
TCP:  port=3083 -> dport: 80  flags=******S* seq=1754742231
      ack=0 off=7 res=0 win=16384 urp=0 chksum=27368
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(17 - 3) [2002-04-01 14:44:23]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.128.19
      hlen=5 TOS=0 dlen=48 ID=23186 flags=0 offset=0 TTL=125 chksum=32200
TCP:  port=4225 -> dport: 80  flags=******S* seq=1561358123
      ack=0 off=7 res=0 win=16384 urp=0 chksum=16549
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(17 - 4) [2002-04-01 14:44:26]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.128.19
      hlen=5 TOS=0 dlen=48 ID=23459 flags=0 offset=0 TTL=125 chksum=31927
TCP:  port=4225 -> dport: 80  flags=******S* seq=1561358123
      ack=0 off=7 res=0 win=16384 urp=0 chksum=16549
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 1) [2002-04-01 15:57:56]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=47831 flags=0 offset=0 TTL=125 chksum=4393
TCP:  port=3668 -> dport: 80  flags=******S* seq=2744008958
      ack=0 off=7 res=0 win=16384 urp=0 chksum=7719
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 2) [2002-04-01 15:57:59]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=48083 flags=0 offset=0 TTL=125 chksum=4141
TCP:  port=3668 -> dport: 80  flags=******S* seq=2744008958
      ack=0 off=7 res=0 win=16384 urp=0 chksum=7719
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 3) [2002-04-01 16:12:46]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=64590 flags=0 offset=0 TTL=125 chksum=53169
TCP:  port=2956 -> dport: 80  flags=******S* seq=392358357
      ack=0 off=7 res=0 win=16384 urp=0 chksum=1092
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 4) [2002-04-01 16:12:49]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=64840 flags=0 offset=0 TTL=125 chksum=52919
TCP:  port=2956 -> dport: 80  flags=******S* seq=392358357
      ack=0 off=7 res=0 win=16384 urp=0 chksum=1092
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 5) [2002-04-01 16:50:09]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=17805 flags=0 offset=0 TTL=125 chksum=34419
TCP:  port=3978 -> dport: 80  flags=******S* seq=1063789026
      ack=0 off=7 res=0 win=16384 urp=0 chksum=41011
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 6) [2002-04-01 16:50:12]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=18104 flags=0 offset=0 TTL=125 chksum=34120
TCP:  port=3978 -> dport: 80  flags=******S* seq=1063789026
      ack=0 off=7 res=0 win=16384 urp=0 chksum=41011
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 7) [2002-04-01 17:14:55]  Potential CodeRed/Nimda probe
IPv4: 12.82.173.179 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=45152 flags=0 offset=0 TTL=125 chksum=64162
TCP:  port=2539 -> dport: 80  flags=******S* seq=3521745067
      ack=0 off=7 res=0 win=16384 urp=0 chksum=33674
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 8) [2002-04-01 17:14:58]  Potential CodeRed/Nimda probe
IPv4: 12.82.173.179 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=45355 flags=0 offset=0 TTL=125 chksum=63959
TCP:  port=2539 -> dport: 80  flags=******S* seq=3521745067
      ack=0 off=7 res=0 win=16384 urp=0 chksum=33674
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(18 - 9) [2002-04-01 17:34:23]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=38517 flags=0 offset=0 TTL=126 chksum=16535
TCP:  port=1979 -> dport: 80  flags=******S* seq=33844554
      ack=0 off=6 res=0 win=8192 urp=0 chksum=56077
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 10) [2002-04-01 17:34:25]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=21111 flags=0 offset=0 TTL=126 chksum=33941
TCP:  port=1979 -> dport: 80  flags=******S* seq=33844554
      ack=0 off=6 res=0 win=8192 urp=0 chksum=56077
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 11) [2002-04-01 17:37:10]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=16868 flags=0 offset=0 TTL=126 chksum=38184
TCP:  port=3453 -> dport: 80  flags=******S* seq=34011991
      ack=0 off=6 res=0 win=8192 urp=0 chksum=18236
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 12) [2002-04-01 17:37:12]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=25574 flags=0 offset=0 TTL=126 chksum=29478
TCP:  port=3453 -> dport: 80  flags=******S* seq=34011991
      ack=0 off=6 res=0 win=8192 urp=0 chksum=18236
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 13) [2002-04-01 17:42:49]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=22213 flags=0 offset=0 TTL=126 chksum=32839
TCP:  port=2466 -> dport: 80  flags=******S* seq=34350361
      ack=0 off=6 res=0 win=8192 urp=0 chksum=8528
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 14) [2002-04-01 17:42:53]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=65478 flags=0 offset=0 TTL=126 chksum=55109
TCP:  port=2466 -> dport: 80  flags=******S* seq=34350361
      ack=0 off=6 res=0 win=8192 urp=0 chksum=8528
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 15) [2002-04-01 18:02:05]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=38353 flags=0 offset=0 TTL=125 chksum=13871
TCP:  port=1620 -> dport: 80  flags=******S* seq=2034585572
      ack=0 off=7 res=0 win=16384 urp=0 chksum=16778
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 16) [2002-04-01 18:02:08]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=38608 flags=0 offset=0 TTL=125 chksum=13616
TCP:  port=1620 -> dport: 80  flags=******S* seq=2034585572
      ack=0 off=7 res=0 win=16384 urp=0 chksum=16778
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 17) [2002-04-01 18:18:13]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=49734 flags=0 offset=0 TTL=126 chksum=5318
TCP:  port=1729 -> dport: 80  flags=******S* seq=36475497
      ack=0 off=6 res=0 win=8192 urp=0 chksum=46784
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 18) [2002-04-01 18:18:16]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=33352 flags=0 offset=0 TTL=126 chksum=21700
TCP:  port=1729 -> dport: 80  flags=******S* seq=36475497
      ack=0 off=6 res=0 win=8192 urp=0 chksum=46784
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 19) [2002-04-01 18:27:31]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=25274 flags=0 offset=0 TTL=126 chksum=29778
TCP:  port=2917 -> dport: 80  flags=******S* seq=37034283
      ack=0 off=6 res=0 win=8192 urp=0 chksum=11090
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 20) [2002-04-01 18:27:35]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=38332 flags=0 offset=0 TTL=126 chksum=16720
TCP:  port=2917 -> dport: 80  flags=******S* seq=37034283
      ack=0 off=6 res=0 win=8192 urp=0 chksum=11090
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 21) [2002-04-01 18:31:07]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.5 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=64209 flags=0 offset=0 TTL=127 chksum=53215
TCP:  port=4472 -> dport: 80  flags=******S* seq=3761356797
      ack=0 off=7 res=0 win=8760 urp=0 chksum=32217
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 22) [2002-04-01 18:31:09]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.5 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=64462 flags=0 offset=0 TTL=127 chksum=52962
TCP:  port=4472 -> dport: 80  flags=******S* seq=3761356797
      ack=0 off=7 res=0 win=8760 urp=0 chksum=32217
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 23) [2002-04-01 18:42:29]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=51473 flags=0 offset=0 TTL=126 chksum=3579
TCP:  port=3776 -> dport: 80  flags=******S* seq=37931701
      ack=0 off=6 res=0 win=8192 urp=0 chksum=30303
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 24) [2002-04-01 18:42:32]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
      hlen=5 TOS=0 dlen=44 ID=38931 flags=0 offset=0 TTL=126 chksum=16121
TCP:  port=3776 -> dport: 80  flags=******S* seq=37931701
      ack=0 off=6 res=0 win=8192 urp=0 chksum=30303
      Options:
       #1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 25) [2002-04-01 18:52:33]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=1592 flags=0 offset=0 TTL=125 chksum=50632
TCP:  port=3732 -> dport: 80  flags=******S* seq=25323279
      ack=0 off=7 res=0 win=16384 urp=0 chksum=39394
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 26) [2002-04-01 18:52:37]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=1895 flags=0 offset=0 TTL=125 chksum=50329
TCP:  port=3732 -> dport: 80  flags=******S* seq=25323279
      ack=0 off=7 res=0 win=16384 urp=0 chksum=39394
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 28) [2002-04-01 19:51:54]  UDP to 137 netBIOS ns
IPv4: 12.82.140.66 -> 12.82.140.109
      hlen=5 TOS=0 dlen=78 ID=33031 flags=0 offset=0 TTL=127 chksum=35140
UDP:  port=1086 -> dport: 137 len=58
Payload:  length = 50

000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41   .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 29) [2002-04-01 20:14:55]  ICMP echo request
IPv4: 210.24.202.27 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=43800 flags=0 offset=0 TTL=111 chksum=27569
ICMP: type=Echo Request code=0
      checksum=31779 id=52226 seq=0
Payload:  length = 36

000 : 61 00 FA 84 45 45 45 45 45 45 45 45 45 45 45 45   a...EEEEEEEEEEEE
010 : 45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 45   EEEEEEEEEEEEEEEE
020 : 45 45 45 45                                       EEEE
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 30) [2002-04-01 20:25:59]  Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=12966 flags=0 offset=0 TTL=125 chksum=36486
TCP:  port=3534 -> dport: 80  flags=******S* seq=728218850
      ack=0 off=7 res=0 win=16384 urp=0 chksum=4124
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 31) [2002-04-01 20:26:02]  Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=13258 flags=0 offset=0 TTL=125 chksum=36194
TCP:  port=3534 -> dport: 80  flags=******S* seq=728218850
      ack=0 off=7 res=0 win=16384 urp=0 chksum=4124
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 32) [2002-04-01 20:29:44]  Potential CodeRed/Nimda probe
IPv4: 12.248.197.76 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=21585 flags=0 offset=0 TTL=119 chksum=17523
TCP:  port=2413 -> dport: 80  flags=******S* seq=320626901
      ack=0 off=7 res=0 win=16384 urp=0 chksum=23149
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 33) [2002-04-01 20:35:22]  Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=4156 flags=0 offset=0 TTL=125 chksum=45296
TCP:  port=4478 -> dport: 80  flags=******S* seq=2027395286
      ack=0 off=7 res=0 win=16384 urp=0 chksum=58119
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 34) [2002-04-01 20:35:25]  Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=4449 flags=0 offset=0 TTL=125 chksum=45003
TCP:  port=4478 -> dport: 80  flags=******S* seq=2027395286
      ack=0 off=7 res=0 win=16384 urp=0 chksum=58119
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 50) [2002-04-01 20:41:32]  TCP to 21 ftp
IPv4: 80.56.144.47 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=36804 flags=0 offset=0 TTL=109 chksum=1245
TCP:  port=3922 -> dport: 21  flags=******S* seq=2075173552
      ack=0 off=7 res=0 win=16384 urp=0 chksum=39984
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 51) [2002-04-01 20:41:35]  TCP to 21 ftp
IPv4: 80.56.144.47 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=37197 flags=0 offset=0 TTL=109 chksum=852
TCP:  port=3922 -> dport: 21  flags=******S* seq=2075173552
      ack=0 off=7 res=0 win=16384 urp=0 chksum=39984
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 84) [2002-04-01 20:45:31]  ICMP echo request
IPv4: 209.225.26.98 -> 12.82.140.109
      hlen=5 TOS=0 dlen=84 ID=17003 flags=0 offset=0 TTL=240 chksum=827
ICMP: type=Echo Request code=0
      checksum=62628 id=50944 seq=64903
Payload:  length = 56

000 : 00 00 00 00 0C 52 8C 6D 00 00 EE 68 00 00 00 00   .....R.m...h....
010 : BD CA BB 0C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00   ....,;...R.m....
020 : BD CA BB 0C 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------------

BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

Request: 209.225.26.98
connecting to whois.arin.net [63.146.182.182:43] ...
connecting to rwhois.exodus.net [64.41.251.179:4321] ...

%rwhois V-1.5:001ab7:00 rwhois.exodus.net (Exodus Communications)
network:Class-Name:network
network:Auth-Area:0.0.0.0/0
network:Network-Name:209.225.26.64
network:IP-Network:209.225.26.64/26

network:Organization;I:Be Free, Inc.

network:Name;I:Brian Chopp
network:Email;I:bchopp@befree.com
network:Street;I:154 Crane Meadow Rd Suite 100
network:City;I:Marlborough
network:State;I:MA
network:Postal-Code;I:01752
network:Country-Code;I:USA


Registrant:
Be Free, Inc. (BEFREE8-DOM)
   154 Crane Meadow Rd.
   Marlborough, MA 01752
   US    

Domain Name: BEFREE.COM    

Administrative Contact:
      Gerace, Samuel P  (SPG5)  sgerace@BEFREE.COM
      Be Free, Inc.
      154 Crane Meadow Road, Suite 200
      Marlborough, MA 01752
      508-480-4400
Technical Contact:
      Chopp, Brian  (BC693)  bchopp@BEFREE.COM
      Be Free, Inc.
      Suite 2000
      Pittsburgh, PA 15219
      412-471-7500



------------------------------------------------------------------------------
#(18 - 85) [2002-04-01 20:45:31]  ICMP echo request
IPv4: 66.207.130.72 -> 12.82.140.109
      hlen=5 TOS=0 dlen=84 ID=46959 flags=0 offset=0 TTL=240 chksum=46434
ICMP: type=Echo Request code=0
      checksum=52855 id=50944 seq=57432
Payload:  length = 56

000 : 00 00 00 00 0C 52 8C 6D 00 00 AB 0C 00 00 00 00   .....R.m........
010 : DF 06 DD 2C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00   ...,,;...R.m....
020 : DF 06 DD 2C 00 00 00 00 00 00 00 00 00 00 00 00   ...,............
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------------

BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

aspStation, Inc. (NETBLK-ASPSTATION-1)
   4736 Penn Ave.
   Pittsburgh, PA 15224
   US    

Netname: ASPSTATION-1
   Netblock: 66.207.128.0 - 66.207.143.255
   Maintainer: ASPS    

Coordinator:
      DeHart, Ed  (ED200-ARIN)  dehart@aspstation.net
      412-661-6001 (FAX) 412-519-3323    

Domain System inverse mapping provided by: 
   NS1.ASPSTATION.NET66.207.128.2
   NS2.ASPSTATION.NET66.207.128.3


------------------------------------------------------------------------------
#(18 - 98) [2002-04-01 20:45:33]  ICMP echo request
IPv4: 209.225.26.98 -> 12.82.140.109
      hlen=5 TOS=0 dlen=84 ID=17252 flags=0 offset=0 TTL=240 chksum=578
ICMP: type=Echo Request code=0
      checksum=40868 id=50944 seq=21128
Payload:  length = 56

000 : 00 00 00 00 0C 52 8C 6D 00 00 D5 66 00 00 00 00   .....R.m...f....
010 : D6 CC BB 0C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00   ....,;...R.m....
020 : BD CA BB 0C 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------------
#(18 - 99) [2002-04-01 20:45:33]  ICMP echo request
IPv4: 66.207.130.72 -> 12.82.140.109
      hlen=5 TOS=0 dlen=84 ID=47215 flags=0 offset=0 TTL=240 chksum=46178
ICMP: type=Echo Request code=0
      checksum=32119 id=50944 seq=12633
Payload:  length = 56

000 : 00 00 00 00 0C 52 8C 6D 00 00 A9 0A 00 00 00 00   .....R.m........
010 : E1 08 DD 2C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00   ...,,;...R.m....
020 : DF 06 DD 2C 00 00 00 00 00 00 00 00 00 00 00 00   ...,............
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------------
#(18 - 103) [2002-04-01 20:45:33]  ICMP echo request
IPv4: 209.225.26.98 -> 12.82.140.109
      hlen=5 TOS=0 dlen=84 ID=17413 flags=0 offset=0 TTL=240 chksum=417
ICMP: type=Echo Request code=0
      checksum=26788 id=50944 seq=35208
Payload:  length = 56

000 : 00 00 00 00 0C 52 8C 6D 00 00 71 65 00 00 00 00   .....R.m..qe....
010 : 3A CE BB 0C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00   :...,;...R.m....
020 : BD CA BB 0C 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------------
#(18 - 104) [2002-04-01 20:45:33]  ICMP echo request
IPv4: 66.207.130.72 -> 12.82.140.109
      hlen=5 TOS=0 dlen=84 ID=47350 flags=0 offset=0 TTL=240 chksum=46043
ICMP: type=Echo Request code=0
      checksum=17271 id=50944 seq=27481
Payload:  length = 56

000 : 00 00 00 00 0C 52 8C 6D 00 00 2F 09 00 00 00 00   .....R.m../.....
010 : 5B 0A DD 2C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00   [..,,;...R.m....
020 : DF 06 DD 2C 00 00 00 00 00 00 00 00 00 00 00 00   ...,............
030 : 00 00 00 00 00 00 00 00                           ........
------------------------------------------------------------------------------
#(18 - 126) [2002-04-01 20:46:45]  ICMP echo request
IPv4: 63.241.68.71 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=20263 flags=0 offset=0 TTL=54 chksum=6303
ICMP: type=Echo Request code=0
      checksum=20791 id=42696 seq=0
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 127) [2002-04-01 20:46:46]  ICMP echo request
IPv4: 63.241.68.71 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=20978 flags=0 offset=0 TTL=54 chksum=5588
ICMP: type=Echo Request code=0
      checksum=20279 id=42696 seq=256
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 128) [2002-04-01 20:46:47]  ICMP echo request
IPv4: 63.241.68.71 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=21690 flags=0 offset=0 TTL=54 chksum=4876
ICMP: type=Echo Request code=0
      checksum=19767 id=42696 seq=512
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 129) [2002-04-01 20:47:42]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=61102 flags=0 offset=0 TTL=50 chksum=41697
ICMP: type=Echo Request code=0
      checksum=1083 id=62404 seq=0
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 130) [2002-04-01 20:47:43]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=61108 flags=0 offset=0 TTL=50 chksum=41691
ICMP: type=Echo Request code=0
      checksum=571 id=62404 seq=256
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 131) [2002-04-01 20:47:44]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=61115 flags=0 offset=0 TTL=50 chksum=41684
ICMP: type=Echo Request code=0
      checksum=59 id=62404 seq=512
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 132) [2002-04-01 20:47:46]  ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=39170 flags=0 offset=0 TTL=54 chksum=63724
ICMP: type=Echo Request code=0
      checksum=52639 id=10848 seq=0
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 133) [2002-04-01 20:47:47]  ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=39772 flags=0 offset=0 TTL=54 chksum=63122
ICMP: type=Echo Request code=0
      checksum=52127 id=10848 seq=256
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 134) [2002-04-01 20:47:48]  ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=34297 flags=0 offset=0 TTL=56 chksum=57332
ICMP: type=Echo Request code=0
      checksum=27569 id=35918 seq=0
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 135) [2002-04-01 20:47:48]  ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=40712 flags=0 offset=0 TTL=54 chksum=62182
ICMP: type=Echo Request code=0
      checksum=51615 id=10848 seq=512
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 136) [2002-04-01 20:47:49]  ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=35828 flags=0 offset=0 TTL=56 chksum=55801
ICMP: type=Echo Request code=0
      checksum=27057 id=35918 seq=256
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 137) [2002-04-01 20:47:50]  ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=36139 flags=0 offset=0 TTL=56 chksum=55490
ICMP: type=Echo Request code=0
      checksum=26545 id=35918 seq=512
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 138) [2002-04-01 20:48:07]  ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=53966 flags=0 offset=0 TTL=54 chksum=48928
ICMP: type=Echo Request code=0
      checksum=44447 id=19040 seq=0
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 139) [2002-04-01 20:48:07]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=61767 flags=0 offset=0 TTL=50 chksum=41032
ICMP: type=Echo Request code=0
      checksum=63034 id=453 seq=0
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 140) [2002-04-01 20:48:08]  ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=54580 flags=0 offset=0 TTL=54 chksum=48314
ICMP: type=Echo Request code=0
      checksum=43935 id=19040 seq=256
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 141) [2002-04-01 20:48:08]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=61770 flags=0 offset=0 TTL=50 chksum=41029
ICMP: type=Echo Request code=0
      checksum=62522 id=453 seq=256
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 142) [2002-04-01 20:48:09]  ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=55416 flags=0 offset=0 TTL=54 chksum=47478
ICMP: type=Echo Request code=0
      checksum=43423 id=19040 seq=512
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 143) [2002-04-01 20:48:09]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=61777 flags=0 offset=0 TTL=50 chksum=41022
ICMP: type=Echo Request code=0
      checksum=62010 id=453 seq=512
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 144) [2002-04-01 20:48:15]  ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=56669 flags=0 offset=0 TTL=56 chksum=34960
ICMP: type=Echo Request code=0
      checksum=24497 id=38990 seq=0
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 145) [2002-04-01 20:48:16]  ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=58157 flags=0 offset=0 TTL=56 chksum=33472
ICMP: type=Echo Request code=0
      checksum=23985 id=38990 seq=256
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 146) [2002-04-01 20:48:17]  ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=58457 flags=0 offset=0 TTL=56 chksum=33172
ICMP: type=Echo Request code=0
      checksum=23473 id=38990 seq=512
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 147) [2002-04-01 20:48:27]  ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=2393 flags=0 offset=0 TTL=54 chksum=34966
ICMP: type=Echo Request code=0
      checksum=41631 id=21856 seq=0
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 148) [2002-04-01 20:48:27]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=62351 flags=0 offset=0 TTL=50 chksum=40448
ICMP: type=Echo Request code=0
      checksum=54586 id=8901 seq=0
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 149) [2002-04-01 20:48:28]  ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=3334 flags=0 offset=0 TTL=54 chksum=34025
ICMP: type=Echo Request code=0
      checksum=41119 id=21856 seq=256
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 150) [2002-04-01 20:48:28]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=62352 flags=0 offset=0 TTL=50 chksum=40447
ICMP: type=Echo Request code=0
      checksum=54074 id=8901 seq=256
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 151) [2002-04-01 20:48:29]  ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=4012 flags=0 offset=0 TTL=54 chksum=33347
ICMP: type=Echo Request code=0
      checksum=40607 id=21856 seq=512
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 152) [2002-04-01 20:48:29]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=62356 flags=0 offset=0 TTL=50 chksum=40443
ICMP: type=Echo Request code=0
      checksum=53562 id=8901 seq=512
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 153) [2002-04-01 20:48:47]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=62878 flags=0 offset=0 TTL=50 chksum=39921
ICMP: type=Echo Request code=0
      checksum=51258 id=12229 seq=0
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------
#(18 - 154) [2002-04-01 20:48:48]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=62886 flags=0 offset=0 TTL=50 chksum=39913
ICMP: type=Echo Request code=0
      checksum=50746 id=12229 seq=256
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 156) [2002-04-01 20:50:58]  UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=38788 flags=0 offset=0 TTL=50 chksum=20612
UDP:  port=22305 -> dport: 53 len=52
Payload:  length = 44

000 : 97 83 00 00 00 01 00 00 00 00 00 00 03 31 30 39   .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------

[toot@sparky /]# host 209.225.53.252

252.53.225.209.in-addr.arpa. is an alias for 252.128-25.53.225.209.in-addr.arpa.

252.128-25.53.225.209.in-addr.arpa. domain name pointer bigip2.east.realmedia.com.



------------------------------------------------------------------------------
#(18 - 157) [2002-04-01 20:50:59]  UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=38789 flags=0 offset=0 TTL=50 chksum=20611
UDP:  port=22305 -> dport: 53 len=52
Payload:  length = 44

000 : 97 84 00 00 00 01 00 00 00 00 00 00 03 31 30 39   .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 158) [2002-04-01 20:51:00]  UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=38790 flags=0 offset=0 TTL=50 chksum=20610
UDP:  port=22305 -> dport: 53 len=52
Payload:  length = 44

000 : 97 85 00 00 00 01 00 00 00 00 00 00 03 31 30 39   .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 159) [2002-04-01 20:51:31]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=23625 flags=0 offset=0 TTL=49 chksum=32829
UDP:  port=58217 -> dport: 53 len=52
Payload:  length = 44

000 : 5C 48 00 00 00 01 00 00 00 00 00 00 03 31 30 39   \H...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 160) [2002-04-01 20:51:32]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=23626 flags=0 offset=0 TTL=49 chksum=32828
UDP:  port=58217 -> dport: 53 len=52
Payload:  length = 44

000 : 5C 49 00 00 00 01 00 00 00 00 00 00 03 31 30 39   \I...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 161) [2002-04-01 20:51:33]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=23627 flags=0 offset=0 TTL=49 chksum=32827
UDP:  port=58217 -> dport: 53 len=52
Payload:  length = 44

000 : 5C 4A 00 00 00 01 00 00 00 00 00 00 03 31 30 39   \J...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------

[toot@sparky /]# host 66.35.210.60

60.210.35.66.in-addr.arpa. is an alias for 60.0-26.210.35.66.in-addr.arpa.

60.0-26.210.35.66.in-addr.arpa. domain name pointer bigip2.west.realmedia.com.


------------------------------------------------------------------------------
#(18 - 155) [2002-04-01 20:48:49]  ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
      hlen=5 TOS=0 dlen=64 ID=62890 flags=0 offset=0 TTL=50 chksum=39909
ICMP: type=Echo Request code=0
      checksum=50234 id=12229 seq=512
Payload:  length = 36

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00                                       ....
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 162) [2002-04-01 20:55:47]  Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=65339 flags=0 offset=0 TTL=125 chksum=49648
TCP:  port=3839 -> dport: 80  flags=******S* seq=609726252
      ack=0 off=7 res=0 win=16384 urp=0 chksum=9137
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 163) [2002-04-01 20:55:50]  Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
      hlen=5 TOS=0 dlen=48 ID=77 flags=0 offset=0 TTL=125 chksum=49375
TCP:  port=3839 -> dport: 80  flags=******S* seq=609726252
      ack=0 off=7 res=0 win=16384 urp=0 chksum=9137
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(18 - 164) [2002-04-01 20:55:52]  UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=30734 flags=0 offset=0 TTL=49 chksum=25719
UDP:  port=24524 -> dport: 53 len=52
Payload:  length = 44

000 : 78 0D 00 00 00 01 00 00 00 00 00 00 03 31 30 39   x............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------

[root@sparky /]# host 66.35.210.61

61.210.35.66.in-addr.arpa. is an alias for 61.0-26.210.35.66.in-addr.arpa.

61.0-26.210.35.66.in-addr.arpa. domain name pointer bigip1.west.realmedia.com.


------------------------------------------------------------------------------
#(18 - 165) [2002-04-01 20:55:53]  UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=30735 flags=0 offset=0 TTL=49 chksum=25718
UDP:  port=24524 -> dport: 53 len=52
Payload:  length = 44

000 : 78 0E 00 00 00 01 00 00 00 00 00 00 03 31 30 39   x............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 166) [2002-04-01 20:55:54]  UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=30736 flags=0 offset=0 TTL=49 chksum=25717
UDP:  port=24524 -> dport: 53 len=52
Payload:  length = 44

000 : 78 0F 00 00 00 01 00 00 00 00 00 00 03 31 30 39   x............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 167) [2002-04-01 20:59:51]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=29520 flags=0 offset=0 TTL=49 chksum=26961
UDP:  port=60093 -> dport: 53 len=25
Payload:  length = 17

000 : 73 4F 00 00 00 01 00 00 00 00 00 00 00 00 01 00   sO..............
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 168) [2002-04-01 20:59:52]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=29521 flags=0 offset=0 TTL=49 chksum=26960
UDP:  port=60093 -> dport: 53 len=25
Payload:  length = 17

000 : 73 50 00 00 00 01 00 00 00 00 00 00 00 00 01 00   sP..............
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 169) [2002-04-01 20:59:53]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=29522 flags=0 offset=0 TTL=49 chksum=26959
UDP:  port=60093 -> dport: 53 len=25
Payload:  length = 17

000 : 73 51 00 00 00 01 00 00 00 00 00 00 00 00 01 00   sQ..............
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 170) [2002-04-01 21:00:18]  UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=44942 flags=0 offset=0 TTL=50 chksum=14485
UDP:  port=24273 -> dport: 53 len=25
Payload:  length = 17

000 : AF 8D 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 171) [2002-04-01 21:00:19]  UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=44943 flags=0 offset=0 TTL=50 chksum=14484
UDP:  port=24273 -> dport: 53 len=25
Payload:  length = 17

000 : AF 8E 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 172) [2002-04-01 21:00:20]  UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=44944 flags=0 offset=0 TTL=50 chksum=14483
UDP:  port=24273 -> dport: 53 len=25
Payload:  length = 17

000 : AF 8F 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 173) [2002-04-01 21:05:57]  UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=36577 flags=0 offset=0 TTL=49 chksum=19903
UDP:  port=26411 -> dport: 53 len=25
Payload:  length = 17

000 : 8E E0 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 174) [2002-04-01 21:05:58]  UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=36578 flags=0 offset=0 TTL=49 chksum=19902
UDP:  port=26411 -> dport: 53 len=25
Payload:  length = 17

000 : 8E E1 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 175) [2002-04-01 21:05:59]  UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=36579 flags=0 offset=0 TTL=49 chksum=19901
UDP:  port=26411 -> dport: 53 len=25
Payload:  length = 17

000 : 8E E2 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 176) [2002-04-01 21:12:47]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=38854 flags=0 offset=0 TTL=49 chksum=17600
UDP:  port=63081 -> dport: 53 len=52
Payload:  length = 44

000 : 97 C5 00 00 00 01 00 00 00 00 00 00 03 31 30 39   .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 177) [2002-04-01 21:12:48]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=38855 flags=0 offset=0 TTL=49 chksum=17599
UDP:  port=63081 -> dport: 53 len=52
Payload:  length = 44

000 : 97 C6 00 00 00 01 00 00 00 00 00 00 03 31 30 39   .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 178) [2002-04-01 21:12:49]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=38856 flags=0 offset=0 TTL=49 chksum=17598
UDP:  port=63081 -> dport: 53 len=52
Payload:  length = 44

000 : 97 C7 00 00 00 01 00 00 00 00 00 00 03 31 30 39   .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 179) [2002-04-01 21:15:28]  UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=43338 flags=0 offset=0 TTL=51 chksum=15804
UDP:  port=36131 -> dport: 53 len=52
Payload:  length = 44

000 : A9 49 00 00 00 01 00 00 00 00 00 00 03 31 30 39   .I...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 180) [2002-04-01 21:15:29]  UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=43339 flags=0 offset=0 TTL=51 chksum=15803
UDP:  port=36131 -> dport: 53 len=52
Payload:  length = 44

000 : A9 4A 00 00 00 01 00 00 00 00 00 00 03 31 30 39   .J...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 181) [2002-04-01 21:15:30]  UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
      hlen=5 TOS=0 dlen=72 ID=43340 flags=0 offset=0 TTL=51 chksum=15802
UDP:  port=36131 -> dport: 53 len=52
Payload:  length = 44

000 : A9 4B 00 00 00 01 00 00 00 00 00 00 03 31 30 39   .K...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64   .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01               dr.arpa.....
------------------------------------------------------------------------------
#(18 - 182) [2002-04-01 21:23:27]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=45853 flags=0 offset=0 TTL=49 chksum=10628
UDP:  port=2346 -> dport: 53 len=25
Payload:  length = 17

000 : B3 1C 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 183) [2002-04-01 21:23:28]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=45854 flags=0 offset=0 TTL=49 chksum=10627
UDP:  port=2346 -> dport: 53 len=25
Payload:  length = 17

000 : B3 1D 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 184) [2002-04-01 21:23:29]  UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=45855 flags=0 offset=0 TTL=49 chksum=10626
UDP:  port=2346 -> dport: 53 len=25
Payload:  length = 17

000 : B3 1E 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 185) [2002-04-01 21:33:23]  UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=50934 flags=0 offset=0 TTL=51 chksum=8235
UDP:  port=38640 -> dport: 53 len=25
Payload:  length = 17

000 : C6 F5 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 186) [2002-04-01 21:33:24]  UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=50935 flags=0 offset=0 TTL=51 chksum=8234
UDP:  port=38640 -> dport: 53 len=25
Payload:  length = 17

000 : C6 F6 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------
#(18 - 187) [2002-04-01 21:33:25]  UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
      hlen=5 TOS=0 dlen=45 ID=50936 flags=0 offset=0 TTL=51 chksum=8233
UDP:  port=38640 -> dport: 53 len=25
Payload:  length = 17

000 : C6 F7 00 00 00 01 00 00 00 00 00 00 00 00 01 00   ................
010 : 01                                                .
------------------------------------------------------------------------------


jsage@finchhaven.com
Last modified: Thu Apr 4 18:49:05 2002