Logs: 03-06-02
To: jsage@finchhaven.com
Cc: root@sparky.finchhaven.net
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 03/6/2002
Logs at FinchHaven for 03/6/2002 extracted from /var/log/messages
Report generated 04:01:00 (TZ -08:00) 03/ 7/2002
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
In /var/log/messages: Probes to port 21 ftp: 0
Probes to port 22 ssh: 2
Probes to port 23 telnet: 0
Probes to port 53 dns: 6
Probes to port 80 http: 29
Probes to port 111 sunrpc: 1
Probes to port 137 netbios-ns: 0
Probes to port 139 netbios-ssn: 0
Probes to port 445 ms-ds: 0
Probes to port 515 lpr: 0
Total, probes to all ports: 36
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Mar 6 06:20:57 - snort [1:0:0] TCP to 111 sunrpc
Source IP: 203.231.176.2 Source port: 3565
Source host: 203.231.176.2
Target IP: 12.82.129.223 Target port: 111 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 06:21:10 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.4.242.200 Source port: 4874
Source host: asrweb.asrco.com
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 06:21:13 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.4.242.200 Source port: 4874
Source host: asrweb.asrco.com
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 08:18:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.111 Source port: 1308
Source host: 111.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 08:18:38 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.111 Source port: 1308
Source host: 111.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 08:46:28 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.111 Source port: 3485
Source host: 111.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 08:46:31 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.111 Source port: 3485
Source host: 111.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 09:28:32 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.77.61 Source port: 2194
Source host: 61.minneapolis-07rh16rt.mn.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 09:28:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.77.61 Source port: 2194
Source host: 61.minneapolis-07rh16rt.mn.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 09:52:50 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.77.61 Source port: 2475
Source host: 61.minneapolis-07rh16rt.mn.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 09:52:53 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.77.61 Source port: 2475
Source host: 61.minneapolis-07rh16rt.mn.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 10:12:48 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 24.122.5.139 Source port: 38036
Source host: 5-139.tr.cgocable.ca
Target IP: 12.82.129.223 Target port: 6346 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 10:20:28 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 172.178.210.149 Source port: 1460
Source host: ACB2D295.ipt.aol.com
Target IP: 12.82.129.223 Target port: 6346 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 10:20:31 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 172.178.210.149 Source port: 1460
Source host: ACB2D295.ipt.aol.com
Target IP: 12.82.129.223 Target port: 6346 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 10:20:37 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 172.178.210.149 Source port: 1460
Source host: ACB2D295.ipt.aol.com
Target IP: 12.82.129.223 Target port: 6346 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 11:13:38 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.155 Source port: 1574
Source host: 155.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 11:13:41 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.155 Source port: 1574
Source host: 155.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 11:37:06 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.77.149.9 Source port: 3750
Source host: 9.ojus-08-09rs.fl.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 11:37:09 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.77.149.9 Source port: 3750
Source host: 9.ojus-08-09rs.fl.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 11:49:42 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.254.198 Source port: 1666
Source host: 198.houston-16rh15rt.tx.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 11:49:44 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.254.198 Source port: 1666
Source host: 198.houston-16rh15rt.tx.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 11:56:49 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.217.5.203 Source port: 1733
Source host: 12-217-5-203.client.mchsi.com
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 11:56:52 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.217.5.203 Source port: 1733
Source host: 12-217-5-203.client.mchsi.com
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 12:30:57 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.155 Source port: 4572
Source host: 155.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 12:31:00 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.155 Source port: 4572
Source host: 155.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 12:37:03 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 172.193.78.98 Source port: 2529
Source host: ACC14E62.ipt.aol.com
Target IP: 12.82.129.223 Target port: 6346 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 12:37:06 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 172.193.78.98 Source port: 2529
Source host: ACC14E62.ipt.aol.com
Target IP: 12.82.129.223 Target port: 6346 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 12:37:12 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 172.193.78.98 Source port: 2529
Source host: ACC14E62.ipt.aol.com
Target IP: 12.82.129.223 Target port: 6346 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 12:37:24 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 172.193.78.98 Source port: 2529
Source host: ACC14E62.ipt.aol.com
Target IP: 12.82.129.223 Target port: 6346 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 12:43:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.246.133.55 Source port: 4828
Source host: 12-246-133-55.client.attbi.com
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 12:43:23 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.246.133.55 Source port: 4828
Source host: 12-246-133-55.client.attbi.com
Target IP: 12.82.129.223 Target port: 80 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 13:34:21 - snort [1:0:0] TCP to 22 ssh
Source IP: 66.180.232.6 Source port: 3052
Source host: 66.180.232.6
Target IP: 12.82.129.223 Target port: 22 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 13:34:24 - snort [1:0:0] TCP to 22 ssh
Source IP: 66.180.232.6 Source port: 3052
Source host: 66.180.232.6
Target IP: 12.82.129.223 Target port: 22 Proto: TCP
Target host: 223.seattle-03-04rs.wa.dial-access.att.net
Mar 6 20:55:58 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.253.88.6 Source port: 1363
Source host: 12-253-88-6.client.attbi.com
Target IP: 12.82.135.230 Target port: 80 Proto: TCP
Target host: 230.seattle-18-19rs.wa.dial-access.att.net
Mar 6 20:56:01 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.253.88.6 Source port: 1363
Source host: 12-253-88-6.client.attbi.com
Target IP: 12.82.135.230 Target port: 80 Proto: TCP
Target host: 230.seattle-18-19rs.wa.dial-access.att.net
This report generated 03/ 7/2002 at 04:01:00
by a perl script written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl
jsage@finchhaven.com
Last modified: Thu Mar 7 05:26:51 2002