Logs: 03-05-02
To: jsage@finchhaven.com
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 03/5/2002
Logs at FinchHaven for 03/5/2002 extracted from /var/log/messages
Report generated 04:01:00 (TZ -08:00) 03/ 6/2002
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
In /var/log/messages: Probes to port 21 ftp: 0
Probes to port 22 ssh: 0
Probes to port 23 telnet: 0
Probes to port 53 dns: 6
Probes to port 80 http: 63
Probes to port 111 sunrpc: 0
Probes to port 137 netbios-ns: 0
Probes to port 139 netbios-ssn: 0
Probes to port 445 ms-ds: 0
Probes to port 515 lpr: 2
Total, probes to all ports: 85
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Mar 5 04:05:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.253.225.171 Source port: 1297
Source host: 12-253-225-171.client.attbi.com
Target IP: 12.82.132.166 Target port: 80 Proto: TCP
Target host: 166.seattle-11-12rs.wa.dial-access.att.net
Mar 5 09:19:19 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.222 Source port: 2762
Source host: 222.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 09:19:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.222 Source port: 2762
Source host: 222.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 10:14:01 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 4014
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 10:14:04 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 4014
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 10:17:00 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.251.38.140 Source port: 1936
Source host: 12-251-38-140.client.attbi.com
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 10:17:03 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.251.38.140 Source port: 1936
Source host: 12-251-38-140.client.attbi.com
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 10:30:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.242.126 Source port: 3383
Source host: 12-224-242-126.client.attbi.com
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 10:30:29 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.242.126 Source port: 3383
Source host: 12-224-242-126.client.attbi.com
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 10:57:56 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1440
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 10:57:59 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1440
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 11:24:15 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.248.236.211 Source port: 25373
Source host: 12-248-236-211.client.attbi.com
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 11:36:08 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.160.197 Source port: 4228
Source host: 197.seattle09rh15rt.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 11:36:11 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.160.197 Source port: 4228
Source host: 197.seattle09rh15rt.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 11:50:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.76 Source port: 1700
Source host: 76.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 11:50:37 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.76 Source port: 1700
Source host: 76.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 11:51:30 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.252 Source port: 2776
Source host: 252.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 11:51:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.237.252 Source port: 2776
Source host: 252.houston-07rh16rt.tx.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:00:32 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 3778
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:00:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 3778
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:11:37 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1683
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:11:40 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1683
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:12:54 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.76 Source port: 2180
Source host: 76.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:12:57 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.140.76 Source port: 2180
Source host: 76.seattle-05-10rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:37:18 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.150.51 Source port: 1083
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:37:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.150.51 Source port: 1083
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:49:05 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1752
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:49:08 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1752
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:50:32 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.252.152.237 Source port: 2607
Source host: 12-252-152-237.client.attbi.com
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 12:50:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.252.152.237 Source port: 2607
Source host: 12-252-152-237.client.attbi.com
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:01:40 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.150.51 Source port: 1297
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:01:43 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.150.51 Source port: 1297
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:14:44 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.150.51 Source port: 2280
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:14:47 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.150.51 Source port: 2280
Source host: 51.seattle04rh15rt.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:01 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:02 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:03 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:04 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:05 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:06 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:07 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:08 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:09 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:10 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:11 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:12 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:13 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:14 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:38:15 - snort [1:0:0] ICMP echo request
Source IP: 63.136.120.74 Source port: -N/A-
Source host: 63.136.120.74
Target IP: 12.82.140.117 Target port: -N/A- Proto: ICMP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
Cable & Wireless USA (NETBLK-CW-11BLK) CW-11BLK
63.136.0.0 - 63.137.255.255
CAIMIS (NETBLK-CW-63-136-120-64)CW-63-136-120-64
63.136.120.64 - 63.136.120.95
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
CAIMIS (NETBLK-CW-63-136-120-64)
3051 Miller Road
Ann Arbor, MI 48103
US
Netname: CW-63-136-120-64
Netblock: 63.136.120.64 - 63.136.120.95
Coordinator:
Beecher, Bryan (BB1195-ARIN) bryan@caimis.com
(734) 730 - 1071
Record last updated on 15-Mar-2001.
Database last updated on 5-Mar-2002 19:57:42 EDT.
Mar 5 13:40:24 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 4259
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:40:27 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 4259
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:42:22 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1402
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 13:42:25 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1402
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 14:02:18 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.150.66 Source port: 1301
Source host: 66.seattle04rh15rt.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 14:02:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.150.66 Source port: 1301
Source host: 66.seattle04rh15rt.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 14:35:28 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.251.120.72 Source port: 3768
Source host: 12-251-120-72.client.attbi.com
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 14:35:30 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.251.120.72 Source port: 3768
Source host: 12-251-120-72.client.attbi.com
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 14:45:56 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1620
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 14:45:59 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1620
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 14:55:15 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 2501
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 14:55:18 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 2501
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 15:06:33 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1249
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 15:06:36 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.107 Source port: 1249
Source host: 107.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.140.117 Target port: 80 Proto: TCP
Target host: 117.seattle-05-10rs.wa.dial-access.att.net
Mar 5 18:07:08 - snort [1:0:0] TCP to 515 lpr
Source IP: 203.125.152.67 Source port: 4041
Source host: 203.125.152.67
Target IP: 12.82.129.170 Target port: 515 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 18:17:43 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.87.60.125 Source port: 4419
Source host: 125.detroit-11-12rs.mi.dial-access.att.net
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 18:17:46 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.87.60.125 Source port: 4419
Source host: 125.detroit-11-12rs.mi.dial-access.att.net
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 18:22:34 - snort [1:0:0] TCP to 515 lpr
Source IP: 62.177.158.170 Source port: 2212
Source host: 62-177-158-170.bbeyond.nl
Target IP: 12.82.129.170 Target port: 515 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 18:52:50 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.254.213.31 Source port: 2513
Source host: 12-254-213-31.client.attbi.com
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 18:52:53 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.254.213.31 Source port: 2513
Source host: 12-254-213-31.client.attbi.com
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 18:56:09 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.64.6 Source port: 1863
Source host: 12-234-64-6.client.attbi.com
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 18:56:12 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.64.6 Source port: 1863
Source host: 12-234-64-6.client.attbi.com
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 19:01:47 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.230.160.36 Source port: 3835
Source host: 12-230-160-36.client.attbi.com
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 19:44:08 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.90.111.21 Source port: 4952
Source host: 21.pittsburgh-04rh16rt.pa.dial-access.att.net
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 19:44:11 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.90.111.21 Source port: 4952
Source host: 21.pittsburgh-04rh16rt.pa.dial-access.att.net
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 22:09:11 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.173.80 Source port: 2852
Source host: 80.seattle15rh16rt.wa.dial-access.att.net
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 22:09:14 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.173.80 Source port: 2852
Source host: 80.seattle15rh16rt.wa.dial-access.att.net
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 22:22:39 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.228.50.13 Source port: 1482
Source host: 12-228-50-13.client.attbi.com
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 22:22:42 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.228.50.13 Source port: 1482
Source host: 12-228-50-13.client.attbi.com
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 23:30:15 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.11.160 Source port: 1262
Source host: 12-234-11-160.client.attbi.com
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
Mar 5 23:30:18 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.234.11.160 Source port: 1262
Source host: 12-234-11-160.client.attbi.com
Target IP: 12.82.129.170 Target port: 80 Proto: TCP
Target host: 170.seattle-03-04rs.wa.dial-access.att.net
This report generated 03/ 6/2002 at 04:01:00
by a perl script written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl
jsage@finchhaven.com
Last modified: Wed Mar 6 06:21:40 2002