Logs: 03-08-02
To: jsage@finchhaven.com
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 03/8/2002
Logs at FinchHaven for 03/8/2002 extracted from /var/log/messages
Report generated 04:01:01 (TZ -08:00) 03/ 9/2002
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
In /var/log/messages: Probes to port 21 ftp: 1
Probes to port 22 ssh: 0
Probes to port 23 telnet: 0
Probes to port 53 dns: 55
Probes to port 80 http: 44
Probes to port 111 sunrpc: 0
Probes to port 137 netbios-ns: 1
Probes to port 139 netbios-ssn: 0
Probes to port 445 ms-ds: 0
Probes to port 515 lpr: 0
Total, probes to all ports: 115
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Mar 8 08:38:26 - snort [1:0:0] TCP to 27374 SubSeven
Source IP: 210.104.208.9 Source port: 2257
Source host: 210.104.208.9
Target IP: 12.82.132.168 Target port: 27374 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 08:38:29 - snort [1:0:0] TCP to 27374 SubSeven
Source IP: 210.104.208.9 Source port: 2257
Source host: 210.104.208.9
Target IP: 12.82.132.168 Target port: 27374 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 08:55:45 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 216.206.49.226 Source port: 2520
Source host: web.bair.org
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 08:55:45 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 216.206.49.226 Source port: 2520
Source host: web.bair.org
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 08:55:51 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 216.206.49.226 Source port: 2520
Source host: web.bair.org
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 10:41:12 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.166.217 Source port: 4488
Source host: 12-224-166-217.client.attbi.com
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 10:41:15 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.166.217 Source port: 4488
Source host: 12-224-166-217.client.attbi.com
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 10:50:22 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.96.204.13 Source port: 4773
Source host: 12.96.204.13
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 10:50:25 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.96.204.13 Source port: 4773
Source host: 12.96.204.13
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 10:53:08 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.101.9.122 Source port: 2951
Source host: 122.mujc.wash.washdctt.dsl.att.net
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 10:53:11 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.101.9.122 Source port: 2951
Source host: 122.mujc.wash.washdctt.dsl.att.net
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 14:47:58 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.248.104.193 Source port: 1193
Source host: 12-248-104-193.client.attbi.com
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 14:48:01 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.248.104.193 Source port: 1193
Source host: 12-248-104-193.client.attbi.com
Target IP: 12.82.132.168 Target port: 80 Proto: TCP
Target host: 168.seattle-11-12rs.wa.dial-access.att.net
Mar 8 16:28:13 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.229.70.100 Source port: 4359
Source host: 12-229-70-100.client.attbi.com
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 16:28:16 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.229.70.100 Source port: 4359
Source host: 12-229-70-100.client.attbi.com
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 16:34:29 - snort [1:0:0] UDP to 5632 PCAnywherestat
Source IP: 12.82.141.60 Source port: 1037
Source host: 60.seattle-15-20rs.wa.dial-access.att.net
Target IP: 12.82.141.194 Target port: 5632 Proto: UDP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 18:37:05 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.27 Source port: 2945
Source host: 27.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 18:37:08 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.27 Source port: 2945
Source host: 27.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 18:38:59 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.27 Source port: 3875
Source host: 27.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 18:39:02 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.246.27 Source port: 3875
Source host: 27.houston-12rh15rt.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 18:50:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.166.217 Source port: 2868
Source host: 12-224-166-217.client.attbi.com
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 18:50:29 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.224.166.217 Source port: 2868
Source host: 12-224-166-217.client.attbi.com
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 19:07:51 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.148 Source port: 2548
Source host: 148.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 19:07:52 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.148 Source port: 2548
Source host: 148.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 20:38:27 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.148 Source port: 1483
Source host: 148.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 20:38:30 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.148 Source port: 1483
Source host: 148.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 20:59:56 - snort [1:0:0] TCP to 21 ftp
Source IP: 80.11.190.154 Source port: 3147
Source host: ANeuilly-103-1-2-154.abo.wanadoo.fr
Target IP: 12.82.141.194 Target port: 21 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:02:44 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.148 Source port: 3554
Source host: 148.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:02:47 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.148 Source port: 3554
Source host: 148.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:08 - snort [1:0:0] TCP to 53 domain
Source IP: 216.35.167.58 Source port: 40614
Source host: 216.35.167.58
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:08 - snort [1:0:0] TCP to 53 domain
Source IP: 64.14.200.154 Source port: 37844
Source host: 64.14.200.154
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:08 - snort [1:0:0] TCP to 53 domain
Source IP: 129.250.244.10 Source port: 24556
Source host: 129.250.244.10
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:08 - snort [1:0:0] TCP to 53 domain
Source IP: 209.157.68.18 Source port: 31346
Source host: 209.157.68.18
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:08 - snort [1:0:0] TCP to 53 domain
Source IP: 216.33.35.214 Source port: 48438
Source host: 216.33.35.214
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:08 - snort [1:0:0] TCP to 53 domain
Source IP: 64.37.200.46 Source port: 22809
Source host: 64.37.200.46
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:08 - snort [1:0:0] TCP to 53 domain
Source IP: 128.121.10.146 Source port: 32747
Source host: 128.121.10.146
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:09 - snort [1:0:0] TCP to 53 domain
Source IP: 216.34.68.2 Source port: 60597
Source host: 216.34.68.2
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:09 - snort [1:0:0] TCP to 53 domain
Source IP: 213.248.75.42 Source port: 16832
Source host: mirror-image-01093-ldn-tci-i2.c.telia.net
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:09 - snort [1:0:0] TCP to 53 domain
Source IP: 213.248.69.78 Source port: 46071
Source host: mirror-image-01093-ffm-ix-i1.c.telia.net
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:09 - snort [1:0:0] TCP to 53 domain
Source IP: 64.56.174.186 Source port: 31192
Source host: 64.56.174.186
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:09 - snort [1:0:0] TCP to 53 domain
Source IP: 213.248.70.234 Source port: 55375
Source host: mirror-image-01093-prs-ix-i1.c.telia.net
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:09 - snort [1:0:0] TCP to 53 domain
Source IP: 194.213.64.150 Source port: 13092
Source host: sto1-int-cust-K35959.telenordia.se
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:09 - snort [1:0:0] TCP to 53 domain
Source IP: 202.139.133.129 Source port: 37246
Source host: 202.139.133.129
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:09 - snort [1:0:0] TCP to 53 domain
Source IP: 203.194.166.182 Source port: 59993
Source host: 203.194.166.182
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:09 - snort [1:0:0] TCP to 53 domain
Source IP: 203.81.45.254 Source port: 61290
Source host: 203.81.45.254
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:11 - snort [1:0:0] TCP to 53 domain
Source IP: 213.248.75.42 Source port: 17004
Source host: mirror-image-01093-ldn-tci-i2.c.telia.net
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:11 - snort [1:0:0] TCP to 53 domain
Source IP: 216.35.167.58 Source port: 40614
Source host: 216.35.167.58
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:11 - snort [1:0:0] TCP to 53 domain
Source IP: 209.157.68.18 Source port: 31346
Source host: 209.157.68.18
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:11 - snort [1:0:0] TCP to 53 domain
Source IP: 129.250.244.10 Source port: 24556
Source host: 129.250.244.10
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:11 - snort [1:0:0] TCP to 53 domain
Source IP: 64.14.200.154 Source port: 37844
Source host: 64.14.200.154
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:12 - snort [1:0:0] TCP to 53 domain
Source IP: 216.33.35.214 Source port: 48438
Source host: 216.33.35.214
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:12 - snort [1:0:0] TCP to 53 domain
Source IP: 64.37.200.46 Source port: 22809
Source host: 64.37.200.46
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:23 - snort [1:0:0] TCP to 53 domain
Source IP: 128.121.10.146 Source port: 32747
Source host: 128.121.10.146
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:23 - snort [1:0:0] TCP to 53 domain
Source IP: 216.34.68.2 Source port: 60597
Source host: 216.34.68.2
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:23 - snort [1:0:0] TCP to 53 domain
Source IP: 213.248.75.42 Source port: 16832
Source host: mirror-image-01093-ldn-tci-i2.c.telia.net
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:23 - snort [1:0:0] TCP to 53 domain
Source IP: 213.248.69.78 Source port: 46071
Source host: mirror-image-01093-ffm-ix-i1.c.telia.net
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:23 - snort [1:0:0] TCP to 53 domain
Source IP: 64.56.174.186 Source port: 31192
Source host: 64.56.174.186
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:23 - snort [1:0:0] TCP to 53 domain
Source IP: 213.248.70.234 Source port: 55375
Source host: mirror-image-01093-prs-ix-i1.c.telia.net
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:23 - snort [1:0:0] TCP to 53 domain
Source IP: 194.213.64.150 Source port: 13092
Source host: sto1-int-cust-K35959.telenordia.se
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:23 - snort [1:0:0] TCP to 53 domain
Source IP: 216.35.167.58 Source port: 40758
Source host: 216.35.167.58
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 209.157.68.18 Source port: 31490
Source host: 209.157.68.18
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 64.14.200.154 Source port: 38011
Source host: 64.14.200.154
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 129.250.244.10 Source port: 24722
Source host: 129.250.244.10
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 216.33.35.214 Source port: 48605
Source host: 216.33.35.214
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 64.37.200.46 Source port: 22976
Source host: 64.37.200.46
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 128.121.10.146 Source port: 32880
Source host: 128.121.10.146
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 202.139.133.129 Source port: 37246
Source host: 202.139.133.129
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 216.34.68.2 Source port: 60740
Source host: 216.34.68.2
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 203.194.166.182 Source port: 59993
Source host: 203.194.166.182
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 213.248.69.78 Source port: 46238
Source host: mirror-image-01093-ffm-ix-i1.c.telia.net
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 64.56.174.186 Source port: 31359
Source host: 64.56.174.186
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 213.248.70.234 Source port: 55542
Source host: mirror-image-01093-prs-ix-i1.c.telia.net
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 194.213.64.150 Source port: 13259
Source host: sto1-int-cust-K35959.telenordia.se
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 203.81.45.254 Source port: 61290
Source host: 203.81.45.254
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 202.139.133.129 Source port: 37413
Source host: 202.139.133.129
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 203.194.166.182 Source port: 60160
Source host: 203.194.166.182
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 203.81.45.254 Source port: 61457
Source host: 203.81.45.254
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 216.33.35.214 Source port: 48707
Source host: 216.33.35.214
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 64.37.200.46 Source port: 23078
Source host: 64.37.200.46
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 128.121.10.146 Source port: 32972
Source host: 128.121.10.146
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 209.157.68.18 Source port: 31576
Source host: 209.157.68.18
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:24 - snort [1:0:0] TCP to 53 domain
Source IP: 129.250.244.10 Source port: 24830
Source host: 129.250.244.10
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:25 - snort [1:0:0] TCP to 53 domain
Source IP: 216.35.167.58 Source port: 40842
Source host: 216.35.167.58
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:25 - snort [1:0:0] TCP to 53 domain
Source IP: 64.14.200.154 Source port: 38121
Source host: 64.14.200.154
Target IP: 12.82.141.194 Target port: 53 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
5 seconds and 55 packets later...
Mar 8 21:05:29 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 1589
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:05:31 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 1589
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:13:08 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 3957
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:56:03 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 2683
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 21:56:06 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 2683
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 22:03:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.229.147.250 Source port: 3651
Source host: 12-229-147-250.client.attbi.com
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 22:03:38 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.229.147.250 Source port: 3651
Source host: 12-229-147-250.client.attbi.com
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 22:18:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.229.147.250 Source port: 2184
Source host: 12-229-147-250.client.attbi.com
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 22:18:29 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.229.147.250 Source port: 2184
Source host: 12-229-147-250.client.attbi.com
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 22:32:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 1613
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 22:32:28 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 1613
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 22:40:49 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.148 Source port: 3264
Source host: 148.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 22:40:52 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.148 Source port: 3264
Source host: 148.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 22:58:29 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 2057
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 22:58:31 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 2057
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 23:10:48 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 12.82.141.71 Source port: 1052
Source host: 71.seattle-15-20rs.wa.dial-access.att.net
Target IP: 12.82.141.194 Target port: 137 Proto: UDP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 23:20:49 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 1717
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 23:20:52 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.73.226.93 Source port: 1717
Source host: 93.houston-06-07rs.tx.dial-access.att.net
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 23:53:35 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.88.89.96 Source port: 4564
Source host: 12.88.89.96
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
Mar 8 23:53:38 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.88.89.96 Source port: 4564
Source host: 12.88.89.96
Target IP: 12.82.141.194 Target port: 80 Proto: TCP
Target host: 194.seattle-15-20rs.wa.dial-access.att.net
This report generated 03/ 9/2002 at 04:01:01
by a perl script written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl
jsage@finchhaven.com
Last modified: Sat Mar 9 09:49:07 2002