Incident 02-19-02 19:41pm

html2snort.plx:

Feb 21 19:41:24 - snort [1:0:0] TCP to 27374 SubSeven 
  Source IP: 66.76.139.72   Source port: 1109 
Source host: 66.76.139.72
  Target IP: 12.82.140.70   Target port: 27374   Proto: TCP 
Target host: 70.seattle-05-10rs.wa.dial-access.att.net

Feb 21 19:41:27 - snort [1:0:0] TCP to 27374 SubSeven 
  Source IP: 66.76.139.72   Source port: 1109 
Source host: 66.76.139.72
  Target IP: 12.82.140.70   Target port: 27374   Proto: TCP 
Target host: 70.seattle-05-10rs.wa.dial-access.att.net

Feb 21 19:41:33 - snort [1:0:0] TCP to 27374 SubSeven 
  Source IP: 66.76.139.72   Source port: 1109 
Source host: 66.76.139.72
  Target IP: 12.82.140.70   Target port: 27374   Proto: TCP 
Target host: 70.seattle-05-10rs.wa.dial-access.att.net

Feb 21 19:41:45 - snort [1:0:0] TCP to 27374 SubSeven 
  Source IP: 66.76.139.72   Source port: 1109 
Source host: 66.76.139.72
  Target IP: 12.82.140.70   Target port: 27374   Proto: TCP 
Target host: 70.seattle-05-10rs.wa.dial-access.att.net


snort:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/21-19:41:24.808355 66.76.139.72:1109 -> 12.82.140.70:27374
TCP TTL:112 TOS:0x0 ID:15926 IpLen:20 DgmLen:48 DF
******S* Seq: 0x13E169  Ack: 0x0  Win: 0x2000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/21-19:41:27.788665 66.76.139.72:1109 -> 12.82.140.70:27374
TCP TTL:112 TOS:0x0 ID:30006 IpLen:20 DgmLen:48 DF
******S* Seq: 0x13E169  Ack: 0x0  Win: 0x2000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/21-19:41:33.809287 66.76.139.72:1109 -> 12.82.140.70:27374
TCP TTL:112 TOS:0x0 ID:53046 IpLen:20 DgmLen:48 DF
******S* Seq: 0x13E169  Ack: 0x0  Win: 0x2000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
02/21-19:41:45.800522 66.76.139.72:1109 -> 12.82.140.70:27374
TCP TTL:112 TOS:0x0 ID:17975 IpLen:20 DgmLen:48 DF
******S* Seq: 0x13E169  Ack: 0x0  Win: 0x2000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman 

Request: 66.76.139.72
connecting to whois.arin.net [63.146.182.182:43] ...
TCA Internet (NETBLK-TCAC-2)
   3314 SSW Loop 323
   Tyler, TX 75701
   US    

Netname: TCAC-2
   Netblock: 66.76.0.0 - 66.76.255.255
   Maintainer: TCAC    

Coordinator:
      Strout, Jeff  (JS2407-ARIN)  jeff.strout@cox.com
      903-939-7200    

Domain System inverse mapping provided by: 
   ROSE.TYLER.NET205.218.118.1
   NS.TCA.NET208.180.0.2


host:

[toot@sparky /storage/snort/old_snorts/022102]# host 66.76.139.72

72.139.76.66.in-addr.arpa. domain name pointer cdm-66-139-72-newp.cox-internet.com.
jsage@finchhaven.com
Last modified: Fri Feb 22 10:56:55 2002