Logs: 02-20-02
To: jsage@finchhaven.com
Cc: root@sparky.finchhaven.net
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 02/20/2002
Logs at FinchHaven for 02/20/2002 extracted from /var/log/messages
Report generated 04:01:01 (TZ -08:00) 02/21/2002
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
Feb 20 05:45:44 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:44 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:45 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:45 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:47 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:47 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:48 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:48 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:50 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:50 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:51 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:45:51 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:19 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:19 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:21 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:21 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:22 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:22 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:24 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:24 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:25 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:25 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:27 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 169.254.121.26 Source port: 137
Source host: 169.254.121.26
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 05:50:27 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 211.228.134.118 Source port: 137
Source host: 211.228.134.118
Target IP: 12.82.128.114 Target port: 137 Proto: UDP
Target host: 114.seattle-01-02rs.wa.dial-access.att.net
Feb 20 08:15:18 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.243.108.143 Source port: 2455
Source host: 12-243-108-143.client.attbi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 08:15:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.243.108.143 Source port: 2455
Source host: 12-243-108-143.client.attbi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 08:55:38 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.91.23 Source port: 2456
Source host: 12-234-91-23.client.attbi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 08:55:41 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.91.23 Source port: 2456
Source host: 12-234-91-23.client.attbi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 09:40:25 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.139.116 Source port: 3845
Source host: 116.seattle-28-29rs.wa.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 09:40:28 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.139.116 Source port: 3845
Source host: 116.seattle-28-29rs.wa.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 09:46:57 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.186 Source port: 3454
Source host: 186.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 09:46:59 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.186 Source port: 3454
Source host: 186.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 10:48:23 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.135.193 Source port: 3915
Source host: 193.seattle-18-19rs.wa.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 10:48:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.135.193 Source port: 3915
Source host: 193.seattle-18-19rs.wa.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 11:05:23 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.253.22.153 Source port: 2316
Source host: 12-253-22-153.client.attbi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 11:05:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.253.22.153 Source port: 2316
Source host: 12-253-22-153.client.attbi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 11:05:43 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.236.60.2 Source port: 3529
Source host: 12-236-60-2.client.attbi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 11:05:46 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.236.60.2 Source port: 3529
Source host: 12-236-60-2.client.attbi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 11:46:54 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.235.71.175 Source port: 2878
Source host: 12-235-71-175.client.attbi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 12:04:49 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.163.7 Source port: 3314
Source host: 7.seattle10rh16rt.wa.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 12:04:51 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.163.7 Source port: 3314
Source host: 7.seattle10rh16rt.wa.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 12:08:14 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.136 Source port: 4393
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 12:08:16 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.136 Source port: 4393
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 12:53:55 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.136 Source port: 1679
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 12:53:58 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.136 Source port: 1679
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 12:58:34 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.136 Source port: 1033
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 13:27:30 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.136 Source port: 4643
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 13:27:33 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.136 Source port: 4643
Source host: 136.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 15:26:29 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.217.143.225 Source port: 3983
Source host: 12-217-143-225.client.mchsi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 15:26:32 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.217.143.225 Source port: 3983
Source host: 12-217-143-225.client.mchsi.com
Target IP: 12.82.128.178 Target port: 80 Proto: TCP
Target host: 178.seattle-01-02rs.wa.dial-access.att.net
Feb 20 21:10:17 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.224.158 Source port: 3733
Source host: 158.houston-01rh15rt.tx.dial-access.att.net
Target IP: 12.82.131.101 Target port: 80 Proto: TCP
Target host: 101.seattle-08-09rs.wa.dial-access.att.net
Feb 20 21:10:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.224.158 Source port: 3733
Source host: 158.houston-01rh15rt.tx.dial-access.att.net
Target IP: 12.82.131.101 Target port: 80 Proto: TCP
Target host: 101.seattle-08-09rs.wa.dial-access.att.net
Feb 20 22:29:41 - snort [1:0:0] TCP to 21 ftp
Source IP: 212.179.251.105 Source port: 3517
Source host: bzq-251-105.red.bezeqint.net
Target IP: 12.82.131.101 Target port: 21 Proto: TCP
Target host: 101.seattle-08-09rs.wa.dial-access.att.net
Feb 20 22:29:43 - snort [1:0:0] TCP to 21 ftp
Source IP: 212.179.251.105 Source port: 3517
Source host: bzq-251-105.red.bezeqint.net
Target IP: 12.82.131.101 Target port: 21 Proto: TCP
Target host: 101.seattle-08-09rs.wa.dial-access.att.net
Feb 20 22:29:49 - snort [1:0:0] TCP to 21 ftp
Source IP: 212.179.251.105 Source port: 3517
Source host: bzq-251-105.red.bezeqint.net
Target IP: 12.82.131.101 Target port: 21 Proto: TCP
Target host: 101.seattle-08-09rs.wa.dial-access.att.net
This report generated 02/21/2002 at 04:01:01
by a perl script written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl
jsage@finchhaven.com
Last modified: Thu Feb 21 22:54:01 2002