04-03-02 ACID full logs

Sorted by time


To: toot@sparky.finchhaven.net
Subject: ACID Incident Report
From: ACID Alert 

Generated by ACID v0.9.6b21 on Fri April 05, 2002 01:52:25

------------------------------------------------------------------------------
#(24 - 4) [2002-04-03 23:54:31]  TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
      hlen=5 TOS=0 dlen=40 ID=57654 flags=0 offset=0 TTL=54 chksum=42593
TCP:  port=80 -> dport: 1439  flags=***A***F seq=2079258298
      ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------
#(24 - 5) [2002-04-03 23:56:31]  TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
      hlen=5 TOS=0 dlen=40 ID=12961 flags=0 offset=0 TTL=54 chksum=21751
TCP:  port=80 -> dport: 1439  flags=***A***F seq=2079258298
      ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------
#(24 - 6) [2002-04-03 23:58:31]  TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
      hlen=5 TOS=0 dlen=40 ID=52386 flags=0 offset=0 TTL=54 chksum=47861
TCP:  port=80 -> dport: 1439  flags=***A***F seq=2079258298
      ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------

BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

SAVVIS Communications Corporation (NETBLK-SAVVIS8) SAVVIS8
   64.240.0.0 - 64.243.255.255

Akamai Technologies (NETBLK-SAVV-SV3527) SAVV-SV3527
       64.241.238.128 - 64.241.238.191

Dialup cruft...

------------------------------------------------------------------------------
#(22 - 5) [2002-04-03 15:17:31]  Potential CodeRed/Nimda probe
IPv4: 12.82.154.227 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=60912 flags=0 offset=0 TTL=125 chksum=53278
TCP:  port=2421 -> dport: 80  flags=******S* seq=3839887371
      ack=0 off=7 res=0 win=8760 urp=0 chksum=10978
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(23 - 35) [2002-04-03 20:13:45]  UDP to 137 netBIOS ns
IPv4: 12.82.136.235 -> 12.82.136.9
      hlen=5 TOS=0 dlen=78 ID=7174 flags=0 offset=0 TTL=126 chksum=63232
UDP:  port=1025 -> dport: 137 len=58
Payload:  length = 50

000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41   .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(23 - 33) [2002-04-03 19:01:04]  UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
      hlen=5 TOS=0 dlen=78 ID=14765 flags=0 offset=0 TTL=116 chksum=65324
UDP:  port=137 -> dport: 137 len=58
Payload:  length = 50

000 : 9A 06 00 00 00 01 00 00 00 00 00 00 20 43 4B 41   ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------
#(23 - 32) [2002-04-03 19:01:01]  UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
      hlen=5 TOS=0 dlen=78 ID=14409 flags=0 offset=0 TTL=116 chksum=145
UDP:  port=137 -> dport: 137 len=58
Payload:  length = 50

000 : 9A 02 00 00 00 01 00 00 00 00 00 00 20 43 4B 41   ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------
#(23 - 31) [2002-04-03 19:00:58]  UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
      hlen=5 TOS=0 dlen=78 ID=13937 flags=0 offset=0 TTL=116 chksum=617
UDP:  port=137 -> dport: 137 len=58
Payload:  length = 50

000 : 99 FE 00 00 00 01 00 00 00 00 00 00 20 43 4B 41   ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(22 - 4) [2002-04-03 15:17:29]  Potential CodeRed/Nimda probe
IPv4: 12.82.154.227 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=60619 flags=0 offset=0 TTL=125 chksum=53571
TCP:  port=2421 -> dport: 80  flags=******S* seq=3839887371
      ack=0 off=7 res=0 win=8760 urp=0 chksum=10978
      Options:
       #1 - MSS len=4 data=0550
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(23 - 30) [2002-04-03 18:57:43]  Potential CodeRed/Nimda probe
IPv4: 12.82.238.30 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=28128 flags=0 offset=0 TTL=117 chksum=2332
TCP:  port=4527 -> dport: 80  flags=******S* seq=1139977747
      ack=0 off=7 res=0 win=8760 urp=65522 chksum=52771
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(22 - 3) [2002-04-03 15:14:54]  TCP to 22 ssh
IPv4: 217.18.32.99 -> 12.82.140.49
      hlen=5 TOS=0 dlen=40 ID=11873 flags=0 offset=0 TTL=119 chksum=33654
TCP:  port=22 -> dport: 22  flags=******S* seq=1404691935
      ack=1058809344 off=5 res=0 win=30745 urp=0 chksum=1775
Payload: none


BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html 

inetnum:      217.18.32.0 - 217.18.32.127
netname:      CAPCOMNET
descr:        Capcom is a spanish based telco
descr:        offering global IP services.
country:      ES
admin-c:      GJ1541-RIPE
tech-c:       JLE6-RIPE
source:       RIPE 

route:        217.18.32.0/20
descr:        Route of Capcom - 1
origin:       AS15954
holes:       
inject:      
components:  
remarks:     
mnt-by:       CAPCOM-MNT
changed:      jlesteban@capcom.net 20010622
source:       RIPE 

person:       Gonzalo Jofre
address:      Pza Manuel Gomez Moreno, s/n
address:      Edificio Bronce 3 Planta
phone:        +34 91 217 0000
fax-no:       +34 91 217 0019
e-mail:       gjofre@capcom.net
nic-hdl:      GJ1541-RIPE
notify:       gjofre@capcom.net
changed:      gjofre@capcom.net 20000717
source:       RIPE
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(23 - 29) [2002-04-03 18:57:41]  Potential CodeRed/Nimda probe
IPv4: 12.82.238.30 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=27935 flags=0 offset=0 TTL=117 chksum=2525
TCP:  port=4527 -> dport: 80  flags=******S* seq=1139977747
      ack=0 off=7 res=0 win=8760 urp=28160 chksum=24598
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(23 - 55) [2002-04-03 23:35:44]  UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
      hlen=5 TOS=0 dlen=78 ID=23551 flags=0 offset=0 TTL=116 chksum=56538
UDP:  port=137 -> dport: 137 len=58
Payload:  length = 50

000 : E0 F1 00 00 00 01 00 00 00 00 00 00 20 43 4B 41   ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------
#(23 - 56) [2002-04-03 23:35:45]  UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
      hlen=5 TOS=0 dlen=78 ID=23859 flags=0 offset=0 TTL=116 chksum=56230
UDP:  port=137 -> dport: 137 len=58
Payload:  length = 50

000 : E0 F5 00 00 00 01 00 00 00 00 00 00 20 43 4B 41   ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------
#(23 - 57) [2002-04-03 23:35:45]  UDP to 137 netBIOS ns
IPv4: 61.200.59.162 -> 12.82.136.9
      hlen=5 TOS=0 dlen=78 ID=24111 flags=0 offset=0 TTL=116 chksum=55978
UDP:  port=137 -> dport: 137 len=58
Payload:  length = 50

000 : E0 F7 00 00 00 01 00 00 00 00 00 00 20 43 4B 41   ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41   AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21   AAAAAAAAAAAAA..!
030 : 00 01                                             ..
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(24 - 1) [2002-04-03 23:48:31]  TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
      hlen=5 TOS=0 dlen=40 ID=58838 flags=0 offset=0 TTL=54 chksum=41409
TCP:  port=80 -> dport: 1439  flags=***A***F seq=2079258298
      ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------
#(24 - 2) [2002-04-03 23:50:31]  TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
      hlen=5 TOS=0 dlen=40 ID=14665 flags=0 offset=0 TTL=54 chksum=20047
TCP:  port=80 -> dport: 1439  flags=***A***F seq=2079258298
      ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------
#(24 - 3) [2002-04-03 23:52:31]  TCP to range 1025-60999
IPv4: 64.241.238.137 -> 12.82.129.107
      hlen=5 TOS=0 dlen=40 ID=35866 flags=0 offset=0 TTL=54 chksum=64381
TCP:  port=80 -> dport: 1439  flags=***A***F seq=2079258298
      ack=2560701 off=5 res=0 win=32696 urp=0 chksum=59238
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(23 - 23) [2002-04-03 18:41:09]  Potential CodeRed/Nimda probe
IPv4: 12.82.135.131 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=3401 flags=0 offset=0 TTL=125 chksum=51278
TCP:  port=4408 -> dport: 80  flags=******S* seq=1847884808
      ack=0 off=7 res=0 win=8760 urp=0 chksum=15618
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 22) [2002-04-03 18:41:06]  Potential CodeRed/Nimda probe
IPv4: 12.82.135.131 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=3103 flags=0 offset=0 TTL=125 chksum=51576
TCP:  port=4408 -> dport: 80  flags=******S* seq=1847884808
      ack=0 off=7 res=0 win=8760 urp=0 chksum=15618
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(23 - 21) [2002-04-03 18:30:30]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=12268 flags=0 offset=0 TTL=125 chksum=42781
TCP:  port=2572 -> dport: 80  flags=******S* seq=207174343
      ack=0 off=7 res=0 win=16384 urp=0 chksum=51940
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 20) [2002-04-03 18:30:27]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=11992 flags=0 offset=0 TTL=125 chksum=43057
TCP:  port=2572 -> dport: 80  flags=******S* seq=207174343
      ack=0 off=7 res=0 win=16384 urp=0 chksum=51940
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(22 - 2) [2002-04-03 13:32:46]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.67 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=40710 flags=0 offset=0 TTL=126 chksum=14505
TCP:  port=1470 -> dport: 80  flags=******S* seq=4118556670
      ack=0 off=7 res=0 win=16384 urp=0 chksum=62077
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(23 - 19) [2002-04-03 18:03:12]  Potential CodeRed/Nimda probe
IPv4: 12.82.230.113 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=6107 flags=0 offset=0 TTL=118 chksum=26062
TCP:  port=2076 -> dport: 80  flags=******S* seq=1652835862
      ack=0 off=7 res=0 win=8760 urp=0 chksum=10434
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 18) [2002-04-03 18:03:10]  Potential CodeRed/Nimda probe
IPv4: 12.82.230.113 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=5850 flags=0 offset=0 TTL=118 chksum=26319
TCP:  port=2076 -> dport: 80  flags=******S* seq=1652835862
      ack=0 off=7 res=0 win=8760 urp=0 chksum=10434
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 17) [2002-04-03 17:55:47]  Potential CodeRed/Nimda probe
IPv4: 12.82.230.113 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=10755 flags=0 offset=0 TTL=118 chksum=21414
TCP:  port=2767 -> dport: 80  flags=******S* seq=648388569
      ack=0 off=7 res=0 win=8760 urp=0 chksum=2091
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 16) [2002-04-03 17:55:44]  Potential CodeRed/Nimda probe
IPv4: 12.82.230.113 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=10459 flags=0 offset=0 TTL=118 chksum=21710
TCP:  port=2767 -> dport: 80  flags=******S* seq=648388569
      ack=0 off=7 res=0 win=8760 urp=0 chksum=2091
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(22 - 1) [2002-04-03 13:32:44]  Potential CodeRed/Nimda probe
IPv4: 12.82.128.67 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=40481 flags=0 offset=0 TTL=126 chksum=14734
TCP:  port=1470 -> dport: 80  flags=******S* seq=4118556670
      ack=0 off=7 res=0 win=16384 urp=0 chksum=62077
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(23 - 5) [2002-04-03 17:48:38]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=35822 flags=0 offset=0 TTL=125 chksum=19227
TCP:  port=4143 -> dport: 80  flags=******S* seq=3271989154
      ack=0 off=7 res=0 win=16384 urp=0 chksum=45368
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 4) [2002-04-03 17:48:34]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=35533 flags=0 offset=0 TTL=125 chksum=19516
TCP:  port=4143 -> dport: 80  flags=******S* seq=3271989154
      ack=0 off=7 res=0 win=16384 urp=0 chksum=45368
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(22 - 21) [2002-04-03 17:14:18]  Potential CodeRed/Nimda probe
IPv4: 12.82.136.170 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=44275 flags=0 offset=0 TTL=125 chksum=9045
TCP:  port=2051 -> dport: 80  flags=******S* seq=664986036
      ack=0 off=7 res=0 win=8760 urp=0 chksum=8638
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(22 - 20) [2002-04-03 17:14:15]  Potential CodeRed/Nimda probe
IPv4: 12.82.136.170 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=44009 flags=0 offset=0 TTL=125 chksum=9311
TCP:  port=2051 -> dport: 80  flags=******S* seq=664986036
      ack=0 off=7 res=0 win=8760 urp=0 chksum=8638
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(22 - 19) [2002-04-03 17:13:09]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=33903 flags=0 offset=0 TTL=125 chksum=20082
TCP:  port=3903 -> dport: 80  flags=******S* seq=2914456126
      ack=0 off=7 res=0 win=16384 urp=0 chksum=18612
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(22 - 18) [2002-04-03 17:13:06]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=33623 flags=0 offset=0 TTL=125 chksum=20362
TCP:  port=3903 -> dport: 80  flags=******S* seq=2914456126
      ack=0 off=7 res=0 win=16384 urp=0 chksum=18612
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(22 - 17) [2002-04-03 17:05:57]  TCP to 21 ftp
IPv4: 212.133.50.146 -> 12.82.140.49
      hlen=5 TOS=0 dlen=60 ID=44299 flags=0 offset=0 TTL=46 chksum=22
TCP:  port=1705 -> dport: 21  flags=******S* seq=11735421
      ack=0 off=10 res=0 win=32120 urp=0 chksum=34278
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=035A88C500000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(22 - 16) [2002-04-03 17:05:51]  TCP to 21 ftp
IPv4: 212.133.50.146 -> 12.82.140.49
      hlen=5 TOS=0 dlen=60 ID=43498 flags=0 offset=0 TTL=46 chksum=823
TCP:  port=1705 -> dport: 21  flags=******S* seq=11735421
      ack=0 off=10 res=0 win=32120 urp=0 chksum=34878
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=035A866D00000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(22 - 15) [2002-04-03 17:05:48]  TCP to 21 ftp
IPv4: 212.133.50.146 -> 12.82.140.49
      hlen=5 TOS=0 dlen=60 ID=42523 flags=0 offset=0 TTL=46 chksum=1798
TCP:  port=1705 -> dport: 21  flags=******S* seq=11735421
      ack=0 off=10 res=0 win=32120 urp=0 chksum=35178
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=035A854100000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none


BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html 

inetnum:      212.133.50.128 - 212.133.50.255
netname:      MWB18-24-071201
descr:        MWB Business Exchange, 26/28 Hammersmith Grove, London, UK, W6 7EN
country:      GB
admin-c:      NP136-RIPE
tech-c:       NP136-RIPE
mnt-by:       GENUITY-CUST-MNT
status:       ASSIGNED PA
changed:      lharriso@genuity.com 20010816
source:       RIPE 

route:        212.133.0.0/17
descr:        Genuity Europe Aggregate
origin:       AS7176
notify:       corp-neteng@genuity.net
mnt-by:       BBN-SCI
remarks:      ---------------------------------------------------------
remarks:     
remarks:      Interconnection Inquiries 'peering@genuity.net'
remarks:      Operational Issues        'ops@genuity.net'
remarks:      Spam and Abuse issues     'abuse@genuity.net'
remarks:     
remarks:      24x7 Operations Hotline   +1 781 262 6186
remarks:     
remarks:      ---------------------------------------------------------
changed:      smeuse@genuity.net 20010112
changed:      mjrobinson@genuity.net 20011030
source:       RIPE 

person:       Nilesh Patel
address:      MWB Business Exchange
address:      5 Kew Road
address:      Richmond, UK, TW9 2PR
e-mail:       npatel@mwbex.com
phone:        +44 208 334 8321
nic-hdl:      NP136-RIPE
changed:      lharriso@genuity.com 20010712
source:       RIPE

------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(22 - 14) [2002-04-03 16:55:22]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=3140 flags=0 offset=0 TTL=125 chksum=50845
TCP:  port=2447 -> dport: 80  flags=******S* seq=597172066
      ack=0 off=7 res=0 win=16384 urp=0 chksum=52063
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(22 - 13) [2002-04-03 16:55:19]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=2875 flags=0 offset=0 TTL=125 chksum=51110
TCP:  port=2447 -> dport: 80  flags=******S* seq=597172066
      ack=0 off=7 res=0 win=16384 urp=0 chksum=52063
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(22 - 12) [2002-04-03 16:50:57]  TCP to 139 netBIOS ss
IPv4: 67.243.25.149 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=23369 flags=0 offset=0 TTL=114 chksum=46963
TCP:  port=3224 -> dport: 139  flags=******S* seq=892794561
      ack=0 off=7 res=0 win=5840 urp=29765 chksum=51427
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(22 - 11) [2002-04-03 16:38:42]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=39879 flags=0 offset=0 TTL=125 chksum=14106
TCP:  port=3213 -> dport: 80  flags=******S* seq=2682680085
      ack=0 off=7 res=0 win=16384 urp=0 chksum=63583
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(22 - 10) [2002-04-03 16:38:39]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.140.49
      hlen=5 TOS=0 dlen=48 ID=39641 flags=0 offset=0 TTL=125 chksum=14344
TCP:  port=3213 -> dport: 80  flags=******S* seq=2682680085
      ack=0 off=7 res=0 win=16384 urp=0 chksum=63583
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(21 - 1) [2002-04-03 00:03:42]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.129.95
      hlen=5 TOS=0 dlen=48 ID=28072 flags=0 offset=0 TTL=125 chksum=26971
TCP:  port=3773 -> dport: 80  flags=******S* seq=1964050004
      ack=0 off=7 res=0 win=16384 urp=0 chksum=37352
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(21 - 2) [2002-04-03 00:03:45]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.129.95
      hlen=5 TOS=0 dlen=48 ID=28354 flags=0 offset=0 TTL=125 chksum=26689
TCP:  port=3773 -> dport: 80  flags=******S* seq=1964050004
      ack=0 off=7 res=0 win=16384 urp=0 chksum=37352
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(21 - 3) [2002-04-03 01:47:30]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.164 -> 12.82.129.95
      hlen=5 TOS=0 dlen=48 ID=47086 flags=0 offset=0 TTL=125 chksum=50
TCP:  port=3620 -> dport: 80  flags=******S* seq=1447357562
      ack=0 off=7 res=0 win=8760 urp=0 chksum=51724
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(21 - 4) [2002-04-03 01:47:33]  Potential CodeRed/Nimda probe
IPv4: 12.82.171.164 -> 12.82.129.95
      hlen=5 TOS=0 dlen=48 ID=47461 flags=0 offset=0 TTL=125 chksum=65210
TCP:  port=3620 -> dport: 80  flags=******S* seq=1447357562
      ack=0 off=7 res=0 win=8760 urp=0 chksum=51724
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(21 - 5) [2002-04-03 02:28:24]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.129.95
      hlen=5 TOS=0 dlen=48 ID=16509 flags=0 offset=0 TTL=125 chksum=38534
TCP:  port=2032 -> dport: 80  flags=******S* seq=4286045093
      ack=0 off=7 res=0 win=16384 urp=0 chksum=14589
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(21 - 6) [2002-04-03 02:28:27]  Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.129.95
      hlen=5 TOS=0 dlen=48 ID=16819 flags=0 offset=0 TTL=125 chksum=38224
TCP:  port=2032 -> dport: 80  flags=******S* seq=4286045093
      ack=0 off=7 res=0 win=16384 urp=0 chksum=14589
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(23 - 36) [2002-04-03 20:20:18]  TCP to 21 ftp
IPv4: 12.44.119.25 -> 12.82.136.9
      hlen=5 TOS=0 dlen=60 ID=64196 flags=0 offset=0 TTL=55 chksum=12631
TCP:  port=57204 -> dport: 21  flags=******S* seq=639390242
      ack=0 off=10 res=0 win=5840 urp=0 chksum=5557
      Options:
       #1 - MSS len=4 data=05B4
       #2 - SACKOK len=0
       #3 - TS len=10 data=020CAA0D00000000
       #4 - NOP len=0
       #5 - WS len=3 data=00
Payload: none



[toot@sparky /]# host 12.44.119.25

25.119.44.12.in-addr.arpa. domain name pointer dsl-att1-119-25.sb.101freeway.net.



BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

Registrant:
 Voyager.Net
 4660 S Hagadorn Rd Ste 320
 East Lansing, MI 48823-5353
 US  

Domain Name: FREEWAY.NET  Administrative Contact:
    Master, Host  hostmaster@voyager.net
    4660 S Hagadorn Rd Ste 320
    East Lansing, MI 48823-5353
    US
    517.324.8940  

Technical Contact:
    Master, Host  hostmaster@voyager.net
    4660 S Hagadorn Rd Ste 320
    East Lansing, MI 48823-5353
    US
    517.324.8940



------------------------------------------------------------------------------
#(23 - 37) [2002-04-03 20:34:56]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=58009 flags=0 offset=0 TTL=125 chksum=62575
TCP:  port=1939 -> dport: 80  flags=******S* seq=3478232833
      ack=0 off=7 res=0 win=16384 urp=0 chksum=42538
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 38) [2002-04-03 20:34:59]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=58256 flags=0 offset=0 TTL=125 chksum=62328
TCP:  port=1939 -> dport: 80  flags=******S* seq=3478232833
      ack=0 off=7 res=0 win=16384 urp=0 chksum=42538
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(23 - 39) [2002-04-03 20:43:13]  Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=19581 flags=0 offset=0 TTL=118 chksum=7701
TCP:  port=3727 -> dport: 80  flags=******S* seq=3876182688
      ack=0 off=7 res=0 win=8760 urp=0 chksum=63015
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 40) [2002-04-03 20:43:16]  Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=19844 flags=0 offset=0 TTL=118 chksum=7438
TCP:  port=3727 -> dport: 80  flags=******S* seq=3876182688
      ack=0 off=7 res=0 win=8760 urp=0 chksum=63015
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(23 - 41) [2002-04-03 21:02:43]  Potential CodeRed/Nimda probe
IPv4: 12.82.225.162 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=11494 flags=0 offset=0 TTL=117 chksum=22162
TCP:  port=1143 -> dport: 80  flags=******S* seq=1970418119
      ack=0 off=7 res=0 win=8760 urp=0 chksum=12951
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 42) [2002-04-03 21:02:46]  Potential CodeRed/Nimda probe
IPv4: 12.82.225.162 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=11843 flags=0 offset=0 TTL=117 chksum=21813
TCP:  port=1143 -> dport: 80  flags=******S* seq=1970418119
      ack=0 off=7 res=0 win=8760 urp=0 chksum=12951
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


------------------------------------------------------------------------------
#(23 - 43) [2002-04-03 21:21:28]  Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=50877 flags=0 offset=0 TTL=118 chksum=41940
TCP:  port=3804 -> dport: 80  flags=******S* seq=461946455
      ack=0 off=7 res=0 win=8760 urp=0 chksum=56741
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 44) [2002-04-03 21:21:31]  Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=51304 flags=0 offset=0 TTL=118 chksum=41513
TCP:  port=3804 -> dport: 80  flags=******S* seq=461946455
      ack=0 off=7 res=0 win=8760 urp=0 chksum=56741
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(23 - 45) [2002-04-03 21:24:40]  TCP to 27374 SubSeven
IPv4: 65.65.98.135 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=49970 flags=0 offset=0 TTL=113 chksum=3698
TCP:  port=2033 -> dport: 27374  flags=******S* seq=14816968
      ack=0 off=7 res=0 win=8192 urp=0 chksum=41120
      Options:
       #1 - MSS len=4 data=0586
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 46) [2002-04-03 21:24:43]  TCP to 27374 SubSeven
IPv4: 65.65.98.135 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=64306 flags=0 offset=0 TTL=113 chksum=54897
TCP:  port=2033 -> dport: 27374  flags=******S* seq=14816968
      ack=0 off=7 res=0 win=8192 urp=0 chksum=41120
      Options:
       #1 - MSS len=4 data=0586
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 47) [2002-04-03 21:24:49]  TCP to 27374 SubSeven
IPv4: 65.65.98.135 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=33075 flags=0 offset=0 TTL=113 chksum=20593
TCP:  port=2033 -> dport: 27374  flags=******S* seq=14816968
      ack=0 off=7 res=0 win=8192 urp=0 chksum=41120
      Options:
       #1 - MSS len=4 data=0586
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 48) [2002-04-03 21:25:01]  TCP to 27374 SubSeven
IPv4: 65.65.98.135 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=31028 flags=0 offset=0 TTL=113 chksum=22640
TCP:  port=2033 -> dport: 27374  flags=******S* seq=14816968
      ack=0 off=7 res=0 win=8192 urp=0 chksum=41120
      Options:
       #1 - MSS len=4 data=0586
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(23 - 49) [2002-04-03 21:27:07]  Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=18455 flags=0 offset=0 TTL=118 chksum=8827
TCP:  port=2147 -> dport: 80  flags=******S* seq=1227858852
      ack=0 off=7 res=0 win=8760 urp=0 chksum=53546
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 50) [2002-04-03 21:27:10]  Potential CodeRed/Nimda probe
IPv4: 12.82.249.136 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=18706 flags=0 offset=0 TTL=118 chksum=8576
TCP:  port=2147 -> dport: 80  flags=******S* seq=1227858852
      ack=0 off=7 res=0 win=8760 urp=0 chksum=53546
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------



------------------------------------------------------------------------------
#(23 - 51) [2002-04-03 21:57:05]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=58071 flags=0 offset=0 TTL=125 chksum=62513
TCP:  port=3907 -> dport: 80  flags=******S* seq=1174191853
      ack=0 off=7 res=0 win=16384 urp=0 chksum=2020
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 52) [2002-04-03 21:57:08]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=58346 flags=0 offset=0 TTL=125 chksum=62238
TCP:  port=3907 -> dport: 80  flags=******S* seq=1174191853
      ack=0 off=7 res=0 win=16384 urp=0 chksum=2020
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 53) [2002-04-03 21:59:55]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=8621 flags=0 offset=0 TTL=125 chksum=46428
TCP:  port=3062 -> dport: 80  flags=******S* seq=1527341863
      ack=0 off=7 res=0 win=16384 urp=0 chksum=20970
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(23 - 54) [2002-04-03 21:59:58]  Potential CodeRed/Nimda probe
IPv4: 12.82.134.17 -> 12.82.136.9
      hlen=5 TOS=0 dlen=48 ID=8889 flags=0 offset=0 TTL=125 chksum=46160
TCP:  port=3062 -> dport: 80  flags=******S* seq=1527341863
      ack=0 off=7 res=0 win=16384 urp=0 chksum=20970
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------


jsage@finchhaven.com
Last modified: Fri Apr 5 02:03:02 2002