Logs: 02-16-02
Date: Sun, 17 Feb 2002 04:01:01 -0800
To: jsage@finchhaven.com
Subject: [Logs] at FinchHaven for 02/16/2002
Logs at FinchHaven for 02/16/2002 extracted from /var/log/messages
Report generated 04:01:00 (TZ -08:00) 02/17/2002
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
Feb 16 08:19:22 - snort [1:0:0] TCP to 21 ftp
Source IP: 66.33.60.229 Source port: 21
Source host: ns.terrabytes.nl
Target IP: 12.82.142.68 Target port: 21 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 09:10:56 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.127.39 Source port: 1518
Source host: 12-234-127-39.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 09:10:59 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.127.39 Source port: 1518
Source host: 12-234-127-39.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 09:27:19 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.19.28.163 Source port: 3975
Source host: 194.19.28.163
Target IP: 12.82.142.68 Target port: 139 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 09:27:22 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.19.28.163 Source port: 3975
Source host: 194.19.28.163
Target IP: 12.82.142.68 Target port: 139 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 09:27:28 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.19.28.163 Source port: 3975
Source host: 194.19.28.163
Target IP: 12.82.142.68 Target port: 139 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 09:34:51 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.238.63.198 Source port: 4541
Source host: 12-238-63-198.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 09:34:54 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.238.63.198 Source port: 4541
Source host: 12-238-63-198.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 09:36:32 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 204.118.20.101 Source port: 137
Source host: 204.118.20.101
Target IP: 12.82.142.68 Target port: 137 Proto: UDP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 09:36:34 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 204.118.20.101 Source port: 137
Source host: 204.118.20.101
Target IP: 12.82.142.68 Target port: 137 Proto: UDP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 09:36:35 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 204.118.20.101 Source port: 137
Source host: 204.118.20.101
Target IP: 12.82.142.68 Target port: 137 Proto: UDP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:04:10 - snort [1:0:0] TCP to 21 ftp
Source IP: 62.30.44.105 Source port: 1557
Source host: pc-62-30-44-105-bl.blueyonder.co.uk
Target IP: 12.82.142.68 Target port: 21 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:04:13 - snort [1:0:0] TCP to 21 ftp
Source IP: 62.30.44.105 Source port: 1557
Source host: pc-62-30-44-105-bl.blueyonder.co.uk
Target IP: 12.82.142.68 Target port: 21 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:10:40 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 64.65.254.63 Source port: 4336
Source host: host-64-65-254-63.choiceone.net
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:10:43 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 64.65.254.63 Source port: 4336
Source host: host-64-65-254-63.choiceone.net
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:10:49 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 64.65.254.63 Source port: 4336
Source host: host-64-65-254-63.choiceone.net
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:39:04 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 200.171.69.118 Source port: 65079
Source host: 200-171-69-118.dsl.telesp.net.br
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:39:07 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 200.171.69.118 Source port: 65079
Source host: 200-171-69-118.dsl.telesp.net.br
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:39:14 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 200.171.69.118 Source port: 65079
Source host: 200-171-69-118.dsl.telesp.net.br
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:46:13 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.235.47.93 Source port: 2369
Source host: 12-235-47-93.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:46:16 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.235.47.93 Source port: 2369
Source host: 12-235-47-93.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 10:57:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.235.84.229 Source port: 3321
Source host: 12-235-84-229.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 12:17:48 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.157.6 Source port: 4047
Source host: 12-224-157-6.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 12:17:49 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.157.6 Source port: 4047
Source host: 12-224-157-6.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 12:32:38 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.191.29 Source port: 4710
Source host: 12-224-191-29.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 12:32:41 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.191.29 Source port: 4710
Source host: 12-224-191-29.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 12:49:33 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.157.6 Source port: 2578
Source host: 12-224-157-6.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 12:49:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.157.6 Source port: 2578
Source host: 12-224-157-6.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 13:02:24 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.235.42.53 Source port: 3701
Source host: 12-235-42-53.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 14:05:23 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.254.213.31 Source port: 1420
Source host: 12-254-213-31.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 14:05:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.254.213.31 Source port: 1420
Source host: 12-254-213-31.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 14:17:53 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.129.169 Source port: 1859
Source host: 12-234-129-169.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 14:17:55 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.129.169 Source port: 1859
Source host: 12-234-129-169.client.attbi.com
Target IP: 12.82.142.68 Target port: 80 Proto: TCP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 14:34:26 - snort [1:0:0] ICMP echo request
Source IP: 80.11.200.184 Source port: -N/A-
Source host: ABoulogne-103-1-6-184.abo.wanadoo.fr
Target IP: 12.82.142.68 Target port: -N/A- Proto: ICMP
Target host: 68.seattle-25-30rs.wa.dial-access.att.net
Feb 16 15:31:42 - snort [1:0:0] TCP to 22 ssh
Source IP: 133.1.194.73 Source port: 2520
Source host: air.nano.ee.es.osaka-u.ac.jp
Target IP: 12.82.131.93 Target port: 22 Proto: TCP
Target host: 93.seattle-08-09rs.wa.dial-access.att.net
Feb 16 15:31:45 - snort [1:0:0] TCP to 22 ssh
Source IP: 133.1.194.73 Source port: 2520
Source host: air.nano.ee.es.osaka-u.ac.jp
Target IP: 12.82.131.93 Target port: 22 Proto: TCP
Target host: 93.seattle-08-09rs.wa.dial-access.att.net
Feb 16 16:39:25 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.238.218.208 Source port: 4956
Source host: 12-238-218-208.client.attbi.com
Target IP: 12.82.131.93 Target port: 80 Proto: TCP
Target host: 93.seattle-08-09rs.wa.dial-access.att.net
Feb 16 16:39:28 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.238.218.208 Source port: 4956
Source host: 12-238-218-208.client.attbi.com
Target IP: 12.82.131.93 Target port: 80 Proto: TCP
Target host: 93.seattle-08-09rs.wa.dial-access.att.net
Feb 16 17:34:28 - snort [1:0:0] TCP to 22 ssh
Source IP: 210.100.154.11 Source port: 22
Source host: 210.100.154.11
Target IP: 12.82.131.93 Target port: 22 Proto: TCP
Target host: 93.seattle-08-09rs.wa.dial-access.att.net
Feb 16 18:16:06 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.160.59.15 Source port: 2436
Source host: 12.160.59.15
Target IP: 12.82.131.93 Target port: 80 Proto: TCP
Target host: 93.seattle-08-09rs.wa.dial-access.att.net
Feb 16 18:16:10 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.160.59.15 Source port: 2436
Source host: 12.160.59.15
Target IP: 12.82.131.93 Target port: 80 Proto: TCP
Target host: 93.seattle-08-09rs.wa.dial-access.att.net
Feb 16 22:25:14 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.165 Source port: 2516
Source host: 165.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.131.93 Target port: 80 Proto: TCP
Target host: 93.seattle-08-09rs.wa.dial-access.att.net
Feb 16 22:25:17 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.165 Source port: 2516
Source host: 165.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.131.93 Target port: 80 Proto: TCP
Target host: 93.seattle-08-09rs.wa.dial-access.att.net
Feb 16 23:03:53 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.166 Source port: 4308
Source host: 166.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.131.93 Target port: 80 Proto: TCP
Target host: 93.seattle-08-09rs.wa.dial-access.att.net
Feb 17 01:31:10 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 12.29.49.209 Source port: 137
Source host: 12.29.49.209
Target IP: 12.82.128.132 Target port: 137 Proto: UDP
Target host: 132.seattle-01-02rs.wa.dial-access.att.net
Feb 17 01:31:11 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 12.29.49.209 Source port: 137
Source host: 12.29.49.209
Target IP: 12.82.128.132 Target port: 137 Proto: UDP
Target host: 132.seattle-01-02rs.wa.dial-access.att.net
Feb 17 01:31:13 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 12.29.49.209 Source port: 137
Source host: 12.29.49.209
Target IP: 12.82.128.132 Target port: 137 Proto: UDP
Target host: 132.seattle-01-02rs.wa.dial-access.att.net
Feb 17 03:24:47 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.228.187.179 Source port: 4525
Source host: 12-228-187-179.client.attbi.com
Target IP: 12.82.128.132 Target port: 80 Proto: TCP
Target host: 132.seattle-01-02rs.wa.dial-access.att.net
Feb 17 03:24:50 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.228.187.179 Source port: 4525
Source host: 12-228-187-179.client.attbi.com
Target IP: 12.82.128.132 Target port: 80 Proto: TCP
Target host: 132.seattle-01-02rs.wa.dial-access.att.net
This report generated 02/17/2002 at 04:01:00 by a perl script
written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl
This page last preened by Webmaster jsage@finchhaven.com on:
Last modified: Mon Feb 18 18:22:57 2002