Logs: 03-04-02
To: jsage@finchhaven.com
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 03/4/2002
Logs at FinchHaven for 03/4/2002 extracted from /var/log/messages
Report generated 04:01:00 (TZ -08:00) 03/ 5/2002
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
Mar 4 07:44:02 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.62.19 Source port: 2702
Source host: 12-234-62-19.client.attbi.com
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 07:44:05 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.62.19 Source port: 2702
Source host: 12-234-62-19.client.attbi.com
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 09:22:21 - snort [1:0:0] TCP to 21 ftp
Source IP: 205.136.19.108 Source port: 21
Source host: lumbergh.biznet.net
Target IP: 12.82.129.125 Target port: 21 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 09:33:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.120 Source port: 2517
Source host: 120.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 09:38:14 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.120 Source port: 4868
Source host: 120.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 09:41:51 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.120 Source port: 2744
Source host: 120.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 09:41:54 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.120 Source port: 2744
Source host: 120.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 09:47:31 - snort [1:0:0] TCP to 111 sunrpc
Source IP: 65.104.251.67 Source port: 1525
Source host: 65.104.251.67
Target IP: 12.82.129.125 Target port: 111 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 09:53:41 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 216.46.199.45 Source port: 1348
Source host: 216.46.199.45
Target IP: 12.82.129.125 Target port: 137 Proto: UDP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:34:59 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.110 Source port: 4686
Source host: 110.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:35:02 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.110 Source port: 4686
Source host: 110.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:41:43 - snort [1:0:0] TCP to 21 ftp
Source IP: 66.28.98.45 Source port: 21
Source host: 66.28.98.45
Target IP: 12.82.129.125 Target port: 21 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:57:21 - snort [1:0:0] TCP to range 1025-60999
Source IP: 172.169.24.4 Source port: 1413
Source host: ACA91804.ipt.aol.com
Target IP: 12.82.129.125 Target port: 6348 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:57:24 - snort [1:0:0] TCP to range 1025-60999
Source IP: 172.169.24.4 Source port: 1413
Source host: ACA91804.ipt.aol.com
Target IP: 12.82.129.125 Target port: 6348 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:57:29 - snort [1:0:0] TCP to range 1025-60999
Source IP: 172.169.24.4 Source port: 1422
Source host: ACA91804.ipt.aol.com
Target IP: 12.82.129.125 Target port: 6348 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:57:31 - snort [1:0:0] TCP to range 1025-60999
Source IP: 172.169.24.4 Source port: 1413
Source host: ACA91804.ipt.aol.com
Target IP: 12.82.129.125 Target port: 6348 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:57:35 - snort [1:0:0] TCP to range 1025-60999
Source IP: 172.169.24.4 Source port: 1422
Source host: ACA91804.ipt.aol.com
Target IP: 12.82.129.125 Target port: 6348 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:57:40 - snort [1:0:0] TCP to range 1025-60999
Source IP: 172.169.24.4 Source port: 1422
Source host: ACA91804.ipt.aol.com
Target IP: 12.82.129.125 Target port: 6348 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:58:36 - snort [1:0:0] TCP to range 1025-60999
Source IP: 172.169.24.4 Source port: 1487
Source host: ACA91804.ipt.aol.com
Target IP: 12.82.129.125 Target port: 6348 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:58:39 - snort [1:0:0] TCP to range 1025-60999
Source IP: 172.169.24.4 Source port: 1487
Source host: ACA91804.ipt.aol.com
Target IP: 12.82.129.125 Target port: 6348 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 10:58:45 - snort [1:0:0] TCP to range 1025-60999
Source IP: 172.169.24.4 Source port: 1487
Source host: ACA91804.ipt.aol.com
Target IP: 12.82.129.125 Target port: 6348 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 11:43:04 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.76 Source port: 4490
Source host: 76.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 11:43:07 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.76 Source port: 4490
Source host: 76.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 11:43:25 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 204.118.20.101 Source port: 137
Source host: 204.118.20.101
Target IP: 12.82.129.125 Target port: 137 Proto: UDP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 11:43:27 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 204.118.20.101 Source port: 137
Source host: 204.118.20.101
Target IP: 12.82.129.125 Target port: 137 Proto: UDP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 11:43:28 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 204.118.20.101 Source port: 137
Source host: 204.118.20.101
Target IP: 12.82.129.125 Target port: 137 Proto: UDP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 12:38:54 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 1783
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 12:38:56 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 1783
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 12:42:43 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 2940
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 12:42:46 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 2940
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 12:45:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.195 Source port: 2264
Source host: 195.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 12:45:23 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.195 Source port: 2264
Source host: 195.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 12:48:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 2417
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 12:48:24 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 2417
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 12:57:39 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 3893
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 12:57:42 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 3893
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 13:12:28 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 3980
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 13:12:31 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 3980
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 13:13:16 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 2205
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 13:13:19 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 2205
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 13:15:15 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 1572
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 13:15:18 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 1572
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 13:23:44 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 2435
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 13:23:47 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.134.140 Source port: 2435
Source host: 140.seattle-16-17rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 14:00:01 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 2321
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 14:00:04 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 2321
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 14:10:57 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.228 Source port: 1470
Source host: 228.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 14:11:00 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.228 Source port: 1470
Source host: 228.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 14:21:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 4391
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 14:21:22 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 4391
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 14:25:07 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.170.129 Source port: 4210
Source host: 129.seattle14rh15rt.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 14:25:10 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.170.129 Source port: 4210
Source host: 129.seattle14rh15rt.wa.dial-access.att.net
Target IP: 12.82.129.125 Target port: 80 Proto: TCP
Target host: 125.seattle-03-04rs.wa.dial-access.att.net
Mar 4 14:57:01 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.247.28 Source port: 1223
Source host: 28.houston-12rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 14:57:05 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.247.28 Source port: 1223
Source host: 28.houston-12rh16rt.tx.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 15:00:50 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.170.129 Source port: 2703
Source host: 129.seattle14rh15rt.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 15:00:53 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.170.129 Source port: 2703
Source host: 129.seattle14rh15rt.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 15:17:22 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.228 Source port: 4454
Source host: 228.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 15:17:25 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.137.228 Source port: 4454
Source host: 228.seattle-23-24rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 15:41:44 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 4422
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 15:41:47 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 4422
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 16:09:49 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 3996
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 16:09:52 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 3996
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 17:38:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 4017
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 17:38:38 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 4017
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 17:50:36 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 3279
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 17:50:39 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.201 Source port: 3279
Source host: 201.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 19:10:09 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.251.38.140 Source port: 2689
Source host: 12-251-38-140.client.attbi.com
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 19:10:12 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.251.38.140 Source port: 2689
Source host: 12-251-38-140.client.attbi.com
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 19:36:03 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 216.46.199.45 Source port: 3666
Source host: 216.46.199.45
Target IP: 12.82.129.39 Target port: 137 Proto: UDP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 19:52:33 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.129.246 Source port: 2800
Source host: 246.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 12345 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 19:52:35 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.129.246 Source port: 2800
Source host: 246.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 12345 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 19:52:41 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.129.246 Source port: 2800
Source host: 246.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 12345 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 19:52:53 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.129.246 Source port: 2800
Source host: 246.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 12345 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 19:56:09 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.139.132 Source port: 3575
Source host: 132.seattle-28-29rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 19:56:12 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.139.132 Source port: 3575
Source host: 132.seattle-28-29rs.wa.dial-access.att.net
Target IP: 12.82.129.39 Target port: 80 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 20:13:06 - snort [1:0:0] TCP to 21 ftp
Source IP: 209.164.21.30 Source port: 1203
Source host: 209.164.21.30
Target IP: 12.82.129.39 Target port: 21 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 20:13:09 - snort [1:0:0] TCP to 21 ftp
Source IP: 209.164.21.30 Source port: 1203
Source host: 209.164.21.30
Target IP: 12.82.129.39 Target port: 21 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 20:13:15 - snort [1:0:0] TCP to 21 ftp
Source IP: 209.164.21.30 Source port: 1203
Source host: 209.164.21.30
Target IP: 12.82.129.39 Target port: 21 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 21:10:40 - snort [1:0:0] TCP to 21 ftp
Source IP: 212.3.248.147 Source port: 21
Source host: 212.3.248.147
Target IP: 12.82.129.39 Target port: 21 Proto: TCP
Target host: 39.seattle-03-04rs.wa.dial-access.att.net
Mar 4 22:46:55 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.247.96.41 Source port: 3802
Source host: 12-247-96-41.client.attbi.com
Target IP: 12.82.132.166 Target port: 80 Proto: TCP
Target host: 166.seattle-11-12rs.wa.dial-access.att.net
This report generated 03/ 5/2002 at 04:01:00
by a perl script written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl
jsage@finchhaven.com
Last modified: Wed Mar 6 07:12:11 2002