04-03-02 ACID full logs
Sorted by time
To: toot@sparky.finchhaven.net
Subject: ACID Incident Report
From: ACID Alert
Generated by ACID v0.9.6b21 on Fri April 05, 2002 01:52:25
------------------------------------------------------------------------------
#(24 - 4) [2002-04-03 23:54:31] TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
hlen=5 TOS=0 dlen=40 ID=57654 flags=0 offset=0 TTL=54 chksum=42593
TCP: port=80 -> dport: 1439 flags=***A***F seq=2079258298
ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------
#(24 - 5) [2002-04-03 23:56:31] TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
hlen=5 TOS=0 dlen=40 ID=12961 flags=0 offset=0 TTL=54 chksum=21751
TCP: port=80 -> dport: 1439 flags=***A***F seq=2079258298
ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------
#(24 - 6) [2002-04-03 23:58:31] TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
hlen=5 TOS=0 dlen=40 ID=52386 flags=0 offset=0 TTL=54 chksum=47861
TCP: port=80 -> dport: 1439 flags=***A***F seq=2079258298
ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
SAVVIS Communications Corporation (NETBLK-SAVVIS8) SAVVIS8
64.240.0.0 - 64.243.255.255
Akamai Technologies (NETBLK-SAVV-SV3527) SAVV-SV3527
64.241.238.128 - 64.241.238.191
Dialup cruft...
------------------------------------------------------------------------------
#(22 - 5) [2002-04-03 15:17:31] Potential CodeRed/Nimda probe
IPv4: 12.82.154.227 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=60912 flags=0 offset=0 TTL=125 chksum=53278
TCP: port=2421 -> dport: 80 flags=******S* seq=3839887371
ack=0 off=7 res=0 win=8760 urp=0 chksum=10978
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 35) [2002-04-03 20:13:45] UDP to 137 netBIOS ns
IPv4: 12.82.136.235 -> 12.82.136.9
hlen=5 TOS=0 dlen=78 ID=7174 flags=0 offset=0 TTL=126 chksum=63232
UDP: port=1025 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 33) [2002-04-03 19:01:04] UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
hlen=5 TOS=0 dlen=78 ID=14765 flags=0 offset=0 TTL=116 chksum=65324
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : 9A 06 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(23 - 32) [2002-04-03 19:01:01] UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
hlen=5 TOS=0 dlen=78 ID=14409 flags=0 offset=0 TTL=116 chksum=145
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : 9A 02 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(23 - 31) [2002-04-03 19:00:58] UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
hlen=5 TOS=0 dlen=78 ID=13937 flags=0 offset=0 TTL=116 chksum=617
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : 99 FE 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 4) [2002-04-03 15:17:29] Potential CodeRed/Nimda probe
IPv4: 12.82.154.227 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=60619 flags=0 offset=0 TTL=125 chksum=53571
TCP: port=2421 -> dport: 80 flags=******S* seq=3839887371
ack=0 off=7 res=0 win=8760 urp=0 chksum=10978
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 30) [2002-04-03 18:57:43] Potential CodeRed/Nimda probe
IPv4: 12.82.238.30 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=28128 flags=0 offset=0 TTL=117 chksum=2332
TCP: port=4527 -> dport: 80 flags=******S* seq=1139977747
ack=0 off=7 res=0 win=8760 urp=65522 chksum=52771
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 3) [2002-04-03 15:14:54] TCP to 22 ssh
IPv4: 217.18.32.99 -> 12.82.140.49
hlen=5 TOS=0 dlen=40 ID=11873 flags=0 offset=0 TTL=119 chksum=33654
TCP: port=22 -> dport: 22 flags=******S* seq=1404691935
ack=1058809344 off=5 res=0 win=30745 urp=0 chksum=1775
Payload: none
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 217.18.32.0 - 217.18.32.127
netname: CAPCOMNET
descr: Capcom is a spanish based telco
descr: offering global IP services.
country: ES
admin-c: GJ1541-RIPE
tech-c: JLE6-RIPE
source: RIPE
route: 217.18.32.0/20
descr: Route of Capcom - 1
origin: AS15954
holes:
inject:
components:
remarks:
mnt-by: CAPCOM-MNT
changed: jlesteban@capcom.net 20010622
source: RIPE
person: Gonzalo Jofre
address: Pza Manuel Gomez Moreno, s/n
address: Edificio Bronce 3ª Planta
phone: +34 91 217 0000
fax-no: +34 91 217 0019
e-mail: gjofre@capcom.net
nic-hdl: GJ1541-RIPE
notify: gjofre@capcom.net
changed: gjofre@capcom.net 20000717
source: RIPE
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 29) [2002-04-03 18:57:41] Potential CodeRed/Nimda probe
IPv4: 12.82.238.30 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=27935 flags=0 offset=0 TTL=117 chksum=2525
TCP: port=4527 -> dport: 80 flags=******S* seq=1139977747
ack=0 off=7 res=0 win=8760 urp=28160 chksum=24598
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 55) [2002-04-03 23:35:44] UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
hlen=5 TOS=0 dlen=78 ID=23551 flags=0 offset=0 TTL=116 chksum=56538
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : E0 F1 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(23 - 56) [2002-04-03 23:35:45] UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
hlen=5 TOS=0 dlen=78 ID=23859 flags=0 offset=0 TTL=116 chksum=56230
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : E0 F5 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(23 - 57) [2002-04-03 23:35:45] UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
hlen=5 TOS=0 dlen=78 ID=24111 flags=0 offset=0 TTL=116 chksum=55978
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : E0 F7 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(24 - 1) [2002-04-03 23:48:31] TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
hlen=5 TOS=0 dlen=40 ID=58838 flags=0 offset=0 TTL=54 chksum=41409
TCP: port=80 -> dport: 1439 flags=***A***F seq=2079258298
ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------
#(24 - 2) [2002-04-03 23:50:31] TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
hlen=5 TOS=0 dlen=40 ID=14665 flags=0 offset=0 TTL=54 chksum=20047
TCP: port=80 -> dport: 1439 flags=***A***F seq=2079258298
ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------
#(24 - 3) [2002-04-03 23:52:31] TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
hlen=5 TOS=0 dlen=40 ID=35866 flags=0 offset=0 TTL=54 chksum=64381
TCP: port=80 -> dport: 1439 flags=***A***F seq=2079258298
ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 23) [2002-04-03 18:41:09] Potential CodeRed/Nimda probe
IPv4: 12.82.135.131 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=3401 flags=0 offset=0 TTL=125 chksum=51278
TCP: port=4408 -> dport: 80 flags=******S* seq=1847884808
ack=0 off=7 res=0 win=8760 urp=0 chksum=15618
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 22) [2002-04-03 18:41:06] Potential CodeRed/Nimda probe
IPv4: 12.82.135.131 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=3103 flags=0 offset=0 TTL=125 chksum=51576
TCP: port=4408 -> dport: 80 flags=******S* seq=1847884808
ack=0 off=7 res=0 win=8760 urp=0 chksum=15618
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 21) [2002-04-03 18:30:30] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=12268 flags=0 offset=0 TTL=125 chksum=42781
TCP: port=2572 -> dport: 80 flags=******S* seq=207174343
ack=0 off=7 res=0 win=16384 urp=0 chksum=51940
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 20) [2002-04-03 18:30:27] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=11992 flags=0 offset=0 TTL=125 chksum=43057
TCP: port=2572 -> dport: 80 flags=******S* seq=207174343
ack=0 off=7 res=0 win=16384 urp=0 chksum=51940
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 2) [2002-04-03 13:32:46] Potential CodeRed/Nimda probe
IPv4: 12.82.128.67 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=40710 flags=0 offset=0 TTL=126 chksum=14505
TCP: port=1470 -> dport: 80 flags=******S* seq=4118556670
ack=0 off=7 res=0 win=16384 urp=0 chksum=62077
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 19) [2002-04-03 18:03:12] Potential CodeRed/Nimda probe
IPv4: 12.82.230.113 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=6107 flags=0 offset=0 TTL=118 chksum=26062
TCP: port=2076 -> dport: 80 flags=******S* seq=1652835862
ack=0 off=7 res=0 win=8760 urp=0 chksum=10434
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 18) [2002-04-03 18:03:10] Potential CodeRed/Nimda probe
IPv4: 12.82.230.113 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=5850 flags=0 offset=0 TTL=118 chksum=26319
TCP: port=2076 -> dport: 80 flags=******S* seq=1652835862
ack=0 off=7 res=0 win=8760 urp=0 chksum=10434
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 17) [2002-04-03 17:55:47] Potential CodeRed/Nimda probe
IPv4: 12.82.230.113 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=10755 flags=0 offset=0 TTL=118 chksum=21414
TCP: port=2767 -> dport: 80 flags=******S* seq=648388569
ack=0 off=7 res=0 win=8760 urp=0 chksum=2091
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 16) [2002-04-03 17:55:44] Potential CodeRed/Nimda probe
IPv4: 12.82.230.113 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=10459 flags=0 offset=0 TTL=118 chksum=21710
TCP: port=2767 -> dport: 80 flags=******S* seq=648388569
ack=0 off=7 res=0 win=8760 urp=0 chksum=2091
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 1) [2002-04-03 13:32:44] Potential CodeRed/Nimda probe
IPv4: 12.82.128.67 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=40481 flags=0 offset=0 TTL=126 chksum=14734
TCP: port=1470 -> dport: 80 flags=******S* seq=4118556670
ack=0 off=7 res=0 win=16384 urp=0 chksum=62077
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 5) [2002-04-03 17:48:38] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=35822 flags=0 offset=0 TTL=125 chksum=19227
TCP: port=4143 -> dport: 80 flags=******S* seq=3271989154
ack=0 off=7 res=0 win=16384 urp=0 chksum=45368
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 4) [2002-04-03 17:48:34] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=35533 flags=0 offset=0 TTL=125 chksum=19516
TCP: port=4143 -> dport: 80 flags=******S* seq=3271989154
ack=0 off=7 res=0 win=16384 urp=0 chksum=45368
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 21) [2002-04-03 17:14:18] Potential CodeRed/Nimda probe
IPv4: 12.82.136.170 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=44275 flags=0 offset=0 TTL=125 chksum=9045
TCP: port=2051 -> dport: 80 flags=******S* seq=664986036
ack=0 off=7 res=0 win=8760 urp=0 chksum=8638
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(22 - 20) [2002-04-03 17:14:15] Potential CodeRed/Nimda probe
IPv4: 12.82.136.170 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=44009 flags=0 offset=0 TTL=125 chksum=9311
TCP: port=2051 -> dport: 80 flags=******S* seq=664986036
ack=0 off=7 res=0 win=8760 urp=0 chksum=8638
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 19) [2002-04-03 17:13:09] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=33903 flags=0 offset=0 TTL=125 chksum=20082
TCP: port=3903 -> dport: 80 flags=******S* seq=2914456126
ack=0 off=7 res=0 win=16384 urp=0 chksum=18612
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(22 - 18) [2002-04-03 17:13:06] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=33623 flags=0 offset=0 TTL=125 chksum=20362
TCP: port=3903 -> dport: 80 flags=******S* seq=2914456126
ack=0 off=7 res=0 win=16384 urp=0 chksum=18612
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 17) [2002-04-03 17:05:57] TCP to 21 ftp
IPv4: 212.133.50.146 -> 12.82.140.49
hlen=5 TOS=0 dlen=60 ID=44299 flags=0 offset=0 TTL=46 chksum=22
TCP: port=1705 -> dport: 21 flags=******S* seq=11735421
ack=0 off=10 res=0 win=32120 urp=0 chksum=34278
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=035A88C500000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(22 - 16) [2002-04-03 17:05:51] TCP to 21 ftp
IPv4: 212.133.50.146 -> 12.82.140.49
hlen=5 TOS=0 dlen=60 ID=43498 flags=0 offset=0 TTL=46 chksum=823
TCP: port=1705 -> dport: 21 flags=******S* seq=11735421
ack=0 off=10 res=0 win=32120 urp=0 chksum=34878
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=035A866D00000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(22 - 15) [2002-04-03 17:05:48] TCP to 21 ftp
IPv4: 212.133.50.146 -> 12.82.140.49
hlen=5 TOS=0 dlen=60 ID=42523 flags=0 offset=0 TTL=46 chksum=1798
TCP: port=1705 -> dport: 21 flags=******S* seq=11735421
ack=0 off=10 res=0 win=32120 urp=0 chksum=35178
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=035A854100000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 212.133.50.128 - 212.133.50.255
netname: MWB18-24-071201
descr: MWB Business Exchange, 26/28 Hammersmith Grove, London, UK, W6 7EN
country: GB
admin-c: NP136-RIPE
tech-c: NP136-RIPE
mnt-by: GENUITY-CUST-MNT
status: ASSIGNED PA
changed: lharriso@genuity.com 20010816
source: RIPE
route: 212.133.0.0/17
descr: Genuity Europe Aggregate
origin: AS7176
notify: corp-neteng@genuity.net
mnt-by: BBN-SCI
remarks: ---------------------------------------------------------
remarks:
remarks: Interconnection Inquiries 'peering@genuity.net'
remarks: Operational Issues 'ops@genuity.net'
remarks: Spam and Abuse issues 'abuse@genuity.net'
remarks:
remarks: 24x7 Operations Hotline +1 781 262 6186
remarks:
remarks: ---------------------------------------------------------
changed: smeuse@genuity.net 20010112
changed: mjrobinson@genuity.net 20011030
source: RIPE
person: Nilesh Patel
address: MWB Business Exchange
address: 5 Kew Road
address: Richmond, UK, TW9 2PR
e-mail: npatel@mwbex.com
phone: +44 208 334 8321
nic-hdl: NP136-RIPE
changed: lharriso@genuity.com 20010712
source: RIPE
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 14) [2002-04-03 16:55:22] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=3140 flags=0 offset=0 TTL=125 chksum=50845
TCP: port=2447 -> dport: 80 flags=******S* seq=597172066
ack=0 off=7 res=0 win=16384 urp=0 chksum=52063
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(22 - 13) [2002-04-03 16:55:19] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=2875 flags=0 offset=0 TTL=125 chksum=51110
TCP: port=2447 -> dport: 80 flags=******S* seq=597172066
ack=0 off=7 res=0 win=16384 urp=0 chksum=52063
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 12) [2002-04-03 16:50:57] TCP to 139 netBIOS ss
IPv4: 67.243.25.149 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=23369 flags=0 offset=0 TTL=114 chksum=46963
TCP: port=3224 -> dport: 139 flags=******S* seq=892794561
ack=0 off=7 res=0 win=5840 urp=29765 chksum=51427
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(22 - 11) [2002-04-03 16:38:42] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=39879 flags=0 offset=0 TTL=125 chksum=14106
TCP: port=3213 -> dport: 80 flags=******S* seq=2682680085
ack=0 off=7 res=0 win=16384 urp=0 chksum=63583
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(22 - 10) [2002-04-03 16:38:39] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
hlen=5 TOS=0 dlen=48 ID=39641 flags=0 offset=0 TTL=125 chksum=14344
TCP: port=3213 -> dport: 80 flags=******S* seq=2682680085
ack=0 off=7 res=0 win=16384 urp=0 chksum=63583
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(21 - 1) [2002-04-03 00:03:42] Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.129.95
hlen=5 TOS=0 dlen=48 ID=28072 flags=0 offset=0 TTL=125 chksum=26971
TCP: port=3773 -> dport: 80 flags=******S* seq=1964050004
ack=0 off=7 res=0 win=16384 urp=0 chksum=37352
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(21 - 2) [2002-04-03 00:03:45] Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.129.95
hlen=5 TOS=0 dlen=48 ID=28354 flags=0 offset=0 TTL=125 chksum=26689
TCP: port=3773 -> dport: 80 flags=******S* seq=1964050004
ack=0 off=7 res=0 win=16384 urp=0 chksum=37352
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(21 - 3) [2002-04-03 01:47:30] Potential CodeRed/Nimda probe
IPv4: 12.82.171.164 -> 12.82.129.95
hlen=5 TOS=0 dlen=48 ID=47086 flags=0 offset=0 TTL=125 chksum=50
TCP: port=3620 -> dport: 80 flags=******S* seq=1447357562
ack=0 off=7 res=0 win=8760 urp=0 chksum=51724
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(21 - 4) [2002-04-03 01:47:33] Potential CodeRed/Nimda probe
IPv4: 12.82.171.164 -> 12.82.129.95
hlen=5 TOS=0 dlen=48 ID=47461 flags=0 offset=0 TTL=125 chksum=65210
TCP: port=3620 -> dport: 80 flags=******S* seq=1447357562
ack=0 off=7 res=0 win=8760 urp=0 chksum=51724
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(21 - 5) [2002-04-03 02:28:24] Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.129.95
hlen=5 TOS=0 dlen=48 ID=16509 flags=0 offset=0 TTL=125 chksum=38534
TCP: port=2032 -> dport: 80 flags=******S* seq=4286045093
ack=0 off=7 res=0 win=16384 urp=0 chksum=14589
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(21 - 6) [2002-04-03 02:28:27] Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.129.95
hlen=5 TOS=0 dlen=48 ID=16819 flags=0 offset=0 TTL=125 chksum=38224
TCP: port=2032 -> dport: 80 flags=******S* seq=4286045093
ack=0 off=7 res=0 win=16384 urp=0 chksum=14589
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 36) [2002-04-03 20:20:18] TCP to 21 ftp
IPv4: 12.44.119.25 -> 12.82.136.9
hlen=5 TOS=0 dlen=60 ID=64196 flags=0 offset=0 TTL=55 chksum=12631
TCP: port=57204 -> dport: 21 flags=******S* seq=639390242
ack=0 off=10 res=0 win=5840 urp=0 chksum=5557
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=020CAA0D00000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
[toot@sparky /]# host 12.44.119.25
25.119.44.12.in-addr.arpa. domain name pointer dsl-att1-119-25.sb.101freeway.net.
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
Registrant:
Voyager.Net
4660 S Hagadorn Rd Ste 320
East Lansing, MI 48823-5353
US
Domain Name: FREEWAY.NET Administrative Contact:
Master, Host hostmaster@voyager.net
4660 S Hagadorn Rd Ste 320
East Lansing, MI 48823-5353
US
517.324.8940
Technical Contact:
Master, Host hostmaster@voyager.net
4660 S Hagadorn Rd Ste 320
East Lansing, MI 48823-5353
US
517.324.8940
------------------------------------------------------------------------------
#(23 - 37) [2002-04-03 20:34:56] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=58009 flags=0 offset=0 TTL=125 chksum=62575
TCP: port=1939 -> dport: 80 flags=******S* seq=3478232833
ack=0 off=7 res=0 win=16384 urp=0 chksum=42538
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 38) [2002-04-03 20:34:59] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=58256 flags=0 offset=0 TTL=125 chksum=62328
TCP: port=1939 -> dport: 80 flags=******S* seq=3478232833
ack=0 off=7 res=0 win=16384 urp=0 chksum=42538
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 39) [2002-04-03 20:43:13] Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=19581 flags=0 offset=0 TTL=118 chksum=7701
TCP: port=3727 -> dport: 80 flags=******S* seq=3876182688
ack=0 off=7 res=0 win=8760 urp=0 chksum=63015
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 40) [2002-04-03 20:43:16] Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=19844 flags=0 offset=0 TTL=118 chksum=7438
TCP: port=3727 -> dport: 80 flags=******S* seq=3876182688
ack=0 off=7 res=0 win=8760 urp=0 chksum=63015
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 41) [2002-04-03 21:02:43] Potential CodeRed/Nimda probe
IPv4: 12.82.225.162 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=11494 flags=0 offset=0 TTL=117 chksum=22162
TCP: port=1143 -> dport: 80 flags=******S* seq=1970418119
ack=0 off=7 res=0 win=8760 urp=0 chksum=12951
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 42) [2002-04-03 21:02:46] Potential CodeRed/Nimda probe
IPv4: 12.82.225.162 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=11843 flags=0 offset=0 TTL=117 chksum=21813
TCP: port=1143 -> dport: 80 flags=******S* seq=1970418119
ack=0 off=7 res=0 win=8760 urp=0 chksum=12951
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 43) [2002-04-03 21:21:28] Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=50877 flags=0 offset=0 TTL=118 chksum=41940
TCP: port=3804 -> dport: 80 flags=******S* seq=461946455
ack=0 off=7 res=0 win=8760 urp=0 chksum=56741
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 44) [2002-04-03 21:21:31] Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=51304 flags=0 offset=0 TTL=118 chksum=41513
TCP: port=3804 -> dport: 80 flags=******S* seq=461946455
ack=0 off=7 res=0 win=8760 urp=0 chksum=56741
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 45) [2002-04-03 21:24:40] TCP to 27374 SubSeven
IPv4: 65.65.98.135 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=49970 flags=0 offset=0 TTL=113 chksum=3698
TCP: port=2033 -> dport: 27374 flags=******S* seq=14816968
ack=0 off=7 res=0 win=8192 urp=0 chksum=41120
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 46) [2002-04-03 21:24:43] TCP to 27374 SubSeven
IPv4: 65.65.98.135 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=64306 flags=0 offset=0 TTL=113 chksum=54897
TCP: port=2033 -> dport: 27374 flags=******S* seq=14816968
ack=0 off=7 res=0 win=8192 urp=0 chksum=41120
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 47) [2002-04-03 21:24:49] TCP to 27374 SubSeven
IPv4: 65.65.98.135 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=33075 flags=0 offset=0 TTL=113 chksum=20593
TCP: port=2033 -> dport: 27374 flags=******S* seq=14816968
ack=0 off=7 res=0 win=8192 urp=0 chksum=41120
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 48) [2002-04-03 21:25:01] TCP to 27374 SubSeven
IPv4: 65.65.98.135 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=31028 flags=0 offset=0 TTL=113 chksum=22640
TCP: port=2033 -> dport: 27374 flags=******S* seq=14816968
ack=0 off=7 res=0 win=8192 urp=0 chksum=41120
Options:
#1 - MSS len=4 data=0586
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 49) [2002-04-03 21:27:07] Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=18455 flags=0 offset=0 TTL=118 chksum=8827
TCP: port=2147 -> dport: 80 flags=******S* seq=1227858852
ack=0 off=7 res=0 win=8760 urp=0 chksum=53546
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 50) [2002-04-03 21:27:10] Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=18706 flags=0 offset=0 TTL=118 chksum=8576
TCP: port=2147 -> dport: 80 flags=******S* seq=1227858852
ack=0 off=7 res=0 win=8760 urp=0 chksum=53546
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(23 - 51) [2002-04-03 21:57:05] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=58071 flags=0 offset=0 TTL=125 chksum=62513
TCP: port=3907 -> dport: 80 flags=******S* seq=1174191853
ack=0 off=7 res=0 win=16384 urp=0 chksum=2020
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 52) [2002-04-03 21:57:08] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=58346 flags=0 offset=0 TTL=125 chksum=62238
TCP: port=3907 -> dport: 80 flags=******S* seq=1174191853
ack=0 off=7 res=0 win=16384 urp=0 chksum=2020
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 53) [2002-04-03 21:59:55] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=8621 flags=0 offset=0 TTL=125 chksum=46428
TCP: port=3062 -> dport: 80 flags=******S* seq=1527341863
ack=0 off=7 res=0 win=16384 urp=0 chksum=20970
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 54) [2002-04-03 21:59:58] Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
hlen=5 TOS=0 dlen=48 ID=8889 flags=0 offset=0 TTL=125 chksum=46160
TCP: port=3062 -> dport: 80 flags=******S* seq=1527341863
ack=0 off=7 res=0 win=16384 urp=0 chksum=20970
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
jsage@finchhaven.com
Last modified: Fri Apr 5 02:03:02 2002