Logs: 02-24-02
To: jsage@finchhaven.com
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 02/24/2002
Logs at FinchHaven for 02/24/2002 extracted from /var/log/messages
Report generated 04:01:01 (TZ -08:00) 02/25/2002
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
In /var/log/messages: Probes to port 21 ftp: 0
Probes to port 22 ssh: 5
Probes to port 23 telnet: 0
Probes to port 53 dns: 0
Probes to port 80 http: 18
Probes to port 111 sunrpc: 0
Probes to port 137 netbios-ns: 0
Probes to port 139 netbios-ssn: 0
Probes to port 445 ms-ds: 0
Probes to port 515 lpr: 0
Total, probes to all ports: 65
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Feb 24 07:26:55 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.227.48.30 Source port: 4630
Source host: 12-227-48-30.client.attbi.com
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 07:26:58 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.227.48.30 Source port: 4630
Source host: 12-227-48-30.client.attbi.com
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 10:20:04 - snort [1:0:0] TCP to 1214 KaZaa
Source IP: 68.40.44.154 Source port: 65199
Source host: bgp995133bgs.nanarb01.mi.comcast.net
Target IP: 12.82.137.151 Target port: 1214 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
<snip>
Feb 24 11:00:05 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.238.183.133 Source port: 2193
Source host: 12-238-183-133.client.attbi.com
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 11:00:07 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.238.183.133 Source port: 2193
Source host: 12-238-183-133.client.attbi.com
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 11:10:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.101 Source port: 4372
Source host: 101.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 11:10:29 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.101 Source port: 4372
Source host: 101.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 11:46:54 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.48 Source port: 2170
Source host: 48.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 11:51:04 - snort [1:0:0] UDP to 5632 PCAnywherestat
Source IP: 12.82.137.244 Source port: 3243
Source host: 244.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 5632 Proto: UDP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 11:51:04 - snort [1:0:0] UDP to 22 ssh
Source IP: 12.82.137.244 Source port: 3243
Source host: 244.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 22 Proto: UDP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 12:15:41 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.225 Source port: 3742
Source host: 225.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 12:59:01 - snort [1:0:0] TCP to 1214 KaZaa
Source IP: 193.252.222.169 Source port: 1622
Source host: ANantes-104-1-2-169.abo.wanadoo.fr
Target IP: 12.82.137.151 Target port: 1214 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
<snip>
Feb 24 13:19:07 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.225 Source port: 3453
Source host: 225.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 13:19:44 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.139.18 Source port: 2408
Source host: 18.seattle-28-29rs.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 13:19:47 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.139.18 Source port: 2408
Source host: 18.seattle-28-29rs.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 13:33:38 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.163.214 Source port: 1864
Source host: 214.seattle10rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 13:40:22 - snort [1:0:0] TCP to 22 ssh
Source IP: 203.75.48.129 Source port: 1285
Source host: 203.75.48.129
Target IP: 12.82.137.151 Target port: 22 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 13:40:25 - snort [1:0:0] TCP to 22 ssh
Source IP: 203.75.48.129 Source port: 1285
Source host: 203.75.48.129
Target IP: 12.82.137.151 Target port: 22 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 13:52:18 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.163.214 Source port: 3488
Source host: 214.seattle10rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.151 Target port: 80 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
Feb 24 14:08:25 - snort [1:0:0] TCP to 1214 KaZaa
Source IP: 12.243.82.57 Source port: 64639
Source host: 12-243-82-57.client.attbi.com
Target IP: 12.82.137.151 Target port: 1214 Proto: TCP
Target host: 151.seattle-23-24rs.wa.dial-access.att.net
<snip>
Feb 24 15:45:06 - snort [1:0:0] TCP to 22 ssh
Source IP: 216.43.203.230 Source port: 22
Source host: zzz-216043203230.splitrock.net
Target IP: 12.82.131.67 Target port: 22 Proto: TCP
Target host: 67.seattle-08-09rs.wa.dial-access.att.net
Feb 24 19:53:59 - snort [1:0:0] TCP to 22 ssh
Source IP: 63.236.0.180 Source port: 22
Source host: 63.236.0.180
Target IP: 12.82.131.67 Target port: 22 Proto: TCP
Target host: 67.seattle-08-09rs.wa.dial-access.att.net
Feb 24 20:22:02 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.228.95.50 Source port: 2619
Source host: 12-228-95-50.client.attbi.com
Target IP: 12.82.131.67 Target port: 80 Proto: TCP
Target host: 67.seattle-08-09rs.wa.dial-access.att.net
Feb 24 20:22:05 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.228.95.50 Source port: 2619
Source host: 12-228-95-50.client.attbi.com
Target IP: 12.82.131.67 Target port: 80 Proto: TCP
Target host: 67.seattle-08-09rs.wa.dial-access.att.net
Feb 24 22:12:31 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.171 Source port: 2764
Source host: 171.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.131.67 Target port: 80 Proto: TCP
Target host: 67.seattle-08-09rs.wa.dial-access.att.net
Feb 24 22:12:33 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.171 Source port: 2764
Source host: 171.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.131.67 Target port: 80 Proto: TCP
Target host: 67.seattle-08-09rs.wa.dial-access.att.net
Feb 25 03:38:50 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.81.13.82 Source port: 3240
Source host: 12.81.13.82
Target IP: 12.82.128.251 Target port: 80 Proto: TCP
Target host: 251.seattle-01-02rs.wa.dial-access.att.net
This report generated 02/25/2002 at 04:01:01
by a perl script written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl
jsage@finchhaven.com
Last modified: Wed Feb 27 19:40:54 2002