04-02-02 ACID Summary

To: toot@sparky.finchhaven.net
Subject: ACID Incident Report
From: ACID Alert 

Generated by ACID v0.9.6b21 on Thu April 04, 2002 19:10:05

 #19-1| [2002-04-02 06:57:20] 12.82.142.54:1059 -> 12.82.142.90:137  UDP to 137 netBIOS ns

 #19-2| [2002-04-02 07:51:18] 200.28.185.115:3365 -> 12.82.142.90:27374  TCP to 27374 SubSeven
 #19-3| [2002-04-02 07:51:21] 200.28.185.115:3365 -> 12.82.142.90:27374  TCP to 27374 SubSeven
 #19-4| [2002-04-02 07:51:27] 200.28.185.115:3365 -> 12.82.142.90:27374  TCP to 27374 SubSeven

 #19-5| [2002-04-02 08:28:08] 12.82.251.185:3182 -> 12.82.142.90:80  Potential CodeRed/Nimda probe 
 #19-6| [2002-04-02 08:28:11] 12.82.251.185:3182 -> 12.82.142.90:80  Potential CodeRed/Nimda probe

 #19-7| [2002-04-02 09:02:51] 203.204.23.75:4771 -> 12.82.142.90:21  TCP to 21 ftp
 #19-8| [2002-04-02 09:02:54] 203.204.23.75:4771 -> 12.82.142.90:21  TCP to 21 ftp

 #19-9| [2002-04-02 09:11:51] 62.11.12.160:4196 -> 12.82.142.90:27374  TCP to 27374 SubSeven
#19-10| [2002-04-02 09:11:54] 62.11.12.160:4196 -> 12.82.142.90:27374  TCP to 27374 SubSeven
#19-11| [2002-04-02 09:12:02] 62.11.12.160:4196 -> 12.82.142.90:27374  TCP to 27374 SubSeven

#19-12| [2002-04-02 09:48:36] 12.82.130.54:2006 -> 12.82.142.90:80  Potential CodeRed/Nimda probe
#19-13| [2002-04-02 09:48:39] 12.82.130.54:2006 -> 12.82.142.90:80  Potential CodeRed/Nimda probe

#19-14| [2002-04-02 10:03:31] 216.122.111.229:137 -> 12.82.142.90:137  UDP to 137 netBIOS ns
#19-15| [2002-04-02 10:03:32] 216.122.111.229:137 -> 12.82.142.90:137  UDP to 137 netBIOS ns
#19-16| [2002-04-02 10:03:34] 216.122.111.229:137 -> 12.82.142.90:137  UDP to 137 netBIOS ns

#19-17| [2002-04-02 10:34:24] 12.82.130.54:2280 -> 12.82.142.90:80  Potential CodeRed/Nimda probe
#19-18| [2002-04-02 10:34:27] 12.82.130.54:2280 -> 12.82.142.90:80  Potential CodeRed/Nimda probe

#19-19| [2002-04-02 12:02:46] 204.146.163.205:137 -> 12.82.142.90:137  UDP to 137 netBIOS ns
#19-20| [2002-04-02 12:02:47] 204.146.163.205:137 -> 12.82.142.90:137  UDP to 137 netBIOS ns
#19-21| [2002-04-02 12:02:49] 204.146.163.205:137 -> 12.82.142.90:137  UDP to 137 netBIOS ns

#19-22| [2002-04-02 12:17:44] 208.176.24.225:31718 -> 12.82.142.90:80  Potential CodeRed/Nimda probe
#19-23| [2002-04-02 12:17:47] 208.176.24.225:31718 -> 12.82.142.90:80  Potential CodeRed/Nimda probe

#19-24| [2002-04-02 12:47:53] 12.82.130.54:3949 -> 12.82.142.90:80  Potential CodeRed/Nimda probe
#19-25| [2002-04-02 12:47:56] 12.82.130.54:3949 -> 12.82.142.90:80  Potential CodeRed/Nimda probe

 #20-1| [2002-04-02 14:15:30] 12.82.130.54:2419 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
 #20-2| [2002-04-02 14:15:33] 12.82.130.54:2419 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

 #20-3| [2002-04-02 14:42:23] 12.75.134.213:3948 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
 #20-4| [2002-04-02 14:42:26] 12.75.134.213:3948 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

 #20-5| [2002-04-02 14:47:05] 140.212.201.25 -> 12.82.128.118  ICMP echo request
 #20-6| [2002-04-02 14:47:48] 140.212.201.25 -> 12.82.128.118  ICMP echo request
 #20-7| [2002-04-02 15:00:29] 140.212.204.25 -> 12.82.128.118  ICMP echo request
 #20-8| [2002-04-02 15:01:06] 140.212.204.25 -> 12.82.128.118  ICMP echo request

 #20-9| [2002-04-02 15:18:04] 12.82.130.54:1251 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-10| [2002-04-02 15:18:07] 12.82.130.54:1251 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-11| [2002-04-02 15:29:22] 12.82.130.54:3090 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-12| [2002-04-02 15:29:25] 12.82.130.54:3090 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-13| [2002-04-02 16:13:00] 12.82.136.91:2657 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-14| [2002-04-02 16:13:03] 12.82.136.91:2657 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-15| [2002-04-02 16:15:57] 12.82.158.69:3480 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-16| [2002-04-02 16:16:00] 12.82.158.69:3480 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-17| [2002-04-02 17:03:52] 12.82.137.138:2216 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-18| [2002-04-02 17:03:55] 12.82.137.138:2216 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-19| [2002-04-02 17:42:59] 12.82.137.138:3647 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-20| [2002-04-02 17:43:01] 12.82.137.138:3647 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-21| [2002-04-02 17:48:13] 194.93.167.1:21 -> 12.82.128.118:21  TCP to 21 ftp

#20-22| [2002-04-02 17:48:23] 12.82.245.107:1720 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-23| [2002-04-02 17:48:26] 12.82.245.107:1720 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-24| [2002-04-02 18:04:16] 12.82.245.107:3720 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-25| [2002-04-02 18:04:19] 12.82.245.107:3720 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-26| [2002-04-02 18:08:38] 12.82.128.11:1032 -> 12.82.128.118:137  UDP to 137 netBIOS ns

#20-27| [2002-04-02 18:09:54] 12.82.245.107:2043 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-28| [2002-04-02 18:09:56] 12.82.245.107:2043 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-33| [2002-04-02 18:15:57] 203.91.74.31:1449 -> 12.82.128.118:137  UDP to 137 netBIOS ns

#20-34| [2002-04-02 18:37:03] 203.221.55.25:1204 -> 12.82.128.118:137  UDP to 137 netBIOS ns

#20-35| [2002-04-02 18:43:22] 12.82.140.193:2003 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-36| [2002-04-02 18:43:25] 12.82.140.193:2003 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-44| [2002-04-02 18:58:13] 149.99.116.134:1044 -> 12.82.128.118:137  UDP to 137 netBIOS ns

#20-45| [2002-04-02 18:59:51] 194.65.158.24:2049 -> 12.82.128.118:139  TCP to 139 netBIOS ss
#20-46| [2002-04-02 18:59:55] 194.65.158.24:2049 -> 12.82.128.118:139  TCP to 139 netBIOS ss
#20-47| [2002-04-02 19:00:01] 194.65.158.24:2049 -> 12.82.128.118:139  TCP to 139 netBIOS ss
#20-48| [2002-04-02 19:00:14] 194.65.158.24:2049 -> 12.82.128.118:139  TCP to 139 netBIOS ss

#20-49| [2002-04-02 19:11:00] 80.192.221.79:1026 -> 12.82.128.118:137  UDP to 137 netBIOS ns

#20-50| [2002-04-02 19:28:15] 172.136.246.92:1469 -> 12.82.128.118:27374  TCP to 27374 SubSeven
#20-51| [2002-04-02 19:28:18] 172.136.246.92:1469 -> 12.82.128.118:27374  TCP to 27374 SubSeven
#20-52| [2002-04-02 19:28:24] 172.136.246.92:1469 -> 12.82.128.118:27374  TCP to 27374 SubSeven

#20-55| [2002-04-02 19:43:07] 12.82.151.64:4731 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-56| [2002-04-02 19:43:10] 12.82.151.64:4731 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-57| [2002-04-02 19:44:10] 200.52.6.241:1029 -> 12.82.128.118:137  UDP to 137 netBIOS ns

#20-58| [2002-04-02 19:57:56] 12.82.151.64:4730 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-59| [2002-04-02 19:57:59] 12.82.151.64:4730 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-60| [2002-04-02 20:14:13] 12.82.67.49:1825 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-61| [2002-04-02 20:14:16] 12.82.67.49:1825 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-62| [2002-04-02 20:19:44] 12.82.77.30:1191 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-63| [2002-04-02 20:19:47] 12.82.77.30:1191 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-64| [2002-04-02 20:21:41] 12.82.77.30:1811 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-65| [2002-04-02 20:21:43] 12.82.77.30:1811 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-66| [2002-04-02 20:26:57] 172.172.193.165:4119 -> 12.82.128.118:27374  TCP to 27374 SubSeven
#20-67| [2002-04-02 20:27:00] 172.172.193.165:4119 -> 12.82.128.118:27374  TCP to 27374 SubSeven
#20-68| [2002-04-02 20:27:06] 172.172.193.165:4119 -> 12.82.128.118:27374  TCP to 27374 SubSeven

#20-69| [2002-04-02 20:53:27] 12.82.77.30:2230 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-70| [2002-04-02 20:53:30] 12.82.77.30:2230 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-71| [2002-04-02 21:00:46] 12.82.140.193:4575 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-72| [2002-04-02 21:00:49] 12.82.140.193:4575 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-73| [2002-04-02 21:02:44] 12.82.77.30:1703 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-74| [2002-04-02 21:02:47] 12.82.77.30:1703 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-75| [2002-04-02 21:18:25] 12.82.140.193:2777 -> 12.82.128.118:80  Potential CodeRed/Nimda probe
#20-76| [2002-04-02 21:18:28] 12.82.140.193:2777 -> 12.82.128.118:80  Potential CodeRed/Nimda probe

#20-77| [2002-04-02 21:23:39] 172.169.74.119:1124 -> 12.82.128.118:27374  TCP to 27374 SubSeven
#20-78| [2002-04-02 21:23:42] 172.169.74.119:1124 -> 12.82.128.118:27374  TCP to 27374 SubSeven
#20-79| [2002-04-02 21:23:48] 172.169.74.119:1124 -> 12.82.128.118:27374  TCP to 27374 SubSeven
#20-80| [2002-04-02 21:24:01] 172.169.74.119:1124 -> 12.82.128.118:27374  TCP to 27374 SubSeven
jsage@finchhaven.com
Last modified: Thu Apr 4 19:14:52 2002