Logs: 03-18-02
To: jsage@finchhaven.com
From: toot@finchhaven.com
Subject: [Logs] at FinchHaven for 03/18/2002
Logs at FinchHaven for 03/18/2002 extracted from /var/log/messages
Report generated 04:01:00 (TZ -08:00) 03/19/2002
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Context: dialup to access.att.net, dynamic IP in AT&T's 12.82.x.x class A
Connect time this date: +- 20 hours
Timestamps: US Pacific standard, GMT -08:00, synch by xntpd
Tools: snort 1.8.2, ipchains, logcheck, portsentry
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=ver.7
Mar 18 07:26:47 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.128.163 Source port: 1384
Source host: 163.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 12345 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 07:26:52 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.128.163 Source port: 1384
Source host: 163.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 12345 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 07:26:59 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.128.163 Source port: 1384
Source host: 163.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 12345 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 07:27:03 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.128.163 Source port: 1384
Source host: 163.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 12345 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 08:04:59 - snort [1:0:0] UDP to 137 netBIOS ns
Source IP: 12.82.128.87 Source port: 1045
Source host: 87.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 137 Proto: UDP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 09:45:38 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.128.163 Source port: 2060
Source host: 163.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 12345 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 09:45:41 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.128.163 Source port: 2060
Source host: 163.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 12345 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 09:45:47 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.128.163 Source port: 2060
Source host: 163.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 12345 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 09:45:59 - snort [1:0:0] TCP to 12345 NetBus Backdoor
Source IP: 12.82.128.163 Source port: 2060
Source host: 163.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 12345 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 10:22:38 - snort [1:0:0] TCP to 21 ftp
Source IP: 142.59.118.64 Source port: 4073
Source host: 142.59.118.64
Target IP: 12.82.128.220 Target port: 21 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 10:22:41 - snort [1:0:0] TCP to 21 ftp
Source IP: 142.59.118.64 Source port: 4073
Source host: 142.59.118.64
Target IP: 12.82.128.220 Target port: 21 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 10:22:47 - snort [1:0:0] TCP to 21 ftp
Source IP: 142.59.118.64 Source port: 4073
Source host: 142.59.118.64
Target IP: 12.82.128.220 Target port: 21 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 10:38:53 - snort [1:0:0] TCP to 22 ssh
Source IP: 200.207.168.238 Source port: 2797
Source host: 200-207-168-238.dsl.telesp.net.br
Target IP: 12.82.128.220 Target port: 22 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 10:38:56 - snort [1:0:0] TCP to 22 ssh
Source IP: 200.207.168.238 Source port: 2797
Source host: 200-207-168-238.dsl.telesp.net.br
Target IP: 12.82.128.220 Target port: 22 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 11:01:20 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 212.83.171.210 Source port: 1652
Source host: dyn-212-83-171-210.ppp.tiscali.fr
Target IP: 12.82.128.220 Target port: 6346 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 11:01:24 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 212.83.171.210 Source port: 1652
Source host: dyn-212-83-171-210.ppp.tiscali.fr
Target IP: 12.82.128.220 Target port: 6346 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 11:01:29 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 212.83.171.210 Source port: 1652
Source host: dyn-212-83-171-210.ppp.tiscali.fr
Target IP: 12.82.128.220 Target port: 6346 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 11:01:42 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 212.83.171.210 Source port: 1652
Source host: dyn-212-83-171-210.ppp.tiscali.fr
Target IP: 12.82.128.220 Target port: 6346 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 11:02:33 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 212.83.171.210 Source port: 1723
Source host: dyn-212-83-171-210.ppp.tiscali.fr
Target IP: 12.82.128.220 Target port: 6346 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 11:02:36 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 212.83.171.210 Source port: 1723
Source host: dyn-212-83-171-210.ppp.tiscali.fr
Target IP: 12.82.128.220 Target port: 6346 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 11:02:42 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 212.83.171.210 Source port: 1723
Source host: dyn-212-83-171-210.ppp.tiscali.fr
Target IP: 12.82.128.220 Target port: 6346 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 11:02:54 - snort [1:0:0] TCP to 6346 gnutella
Source IP: 212.83.171.210 Source port: 1723
Source host: dyn-212-83-171-210.ppp.tiscali.fr
Target IP: 12.82.128.220 Target port: 6346 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 12:05:41 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 3465
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 80 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 12:05:45 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 3465
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 80 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 12:13:19 - snort [1:0:0] TCP from 23 telnet
Source IP: 66.231.133.63 Source port: 23
Source host: 66.231.133.63
Target IP: 12.82.128.220 Target port: 63953 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 12:13:27 - snort [1:0:0] TCP from 22 ssh
Source IP: 66.231.133.63 Source port: 22
Source host: 66.231.133.63
Target IP: 12.82.128.220 Target port: 63954 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 12:13:47 - snort [1:0:0] TCP from 27374 SubSeven
Source IP: 66.231.133.63 Source port: 27374
Source host: 66.231.133.63
Target IP: 12.82.128.220 Target port: 63956 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 13:07:25 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 1263
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 80 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 13:07:27 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 1263
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 80 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 14:09:40 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.84 Source port: 1564
Source host: 84.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 80 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 14:09:43 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.84 Source port: 1564
Source host: 84.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 80 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 14:17:23 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 1436
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 80 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 14:17:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 1436
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.128.220 Target port: 80 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 14:22:02 - snort [1:0:0] TCP to 22 ssh
Source IP: 24.31.214.5 Source port: 3655
Source host: cae31-214-005.sc.rr.com
Target IP: 12.82.128.220 Target port: 22 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 14:22:05 - snort [1:0:0] TCP to 22 ssh
Source IP: 24.31.214.5 Source port: 3655
Source host: cae31-214-005.sc.rr.com
Target IP: 12.82.128.220 Target port: 22 Proto: TCP
Target host: 220.seattle-01-02rs.wa.dial-access.att.net
Mar 18 14:51:39 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.84 Source port: 3445
Source host: 84.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 14:51:46 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.84 Source port: 3445
Source host: 84.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 14:54:03 - snort [1:0:0] TCP to 21 ftp
Source IP: 62.116.131.15 Source port: 21
Source host: 62.116.131.15
Target IP: 12.82.137.31 Target port: 21 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 14:55:06 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 3496
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 14:55:08 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 3496
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:04:51 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.84 Source port: 2181
Source host: 84.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:04:52 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.84 Source port: 2181
Source host: 84.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:06:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 4900
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:06:23 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 4900
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:10:15 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.84 Source port: 1199
Source host: 84.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:10:18 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.136.84 Source port: 1199
Source host: 84.seattle-21-22rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:32:24 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.65.158.24 Source port: 4352
Source host: 194.65.158.24
Target IP: 12.82.137.31 Target port: 139 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:32:27 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.65.158.24 Source port: 4352
Source host: 194.65.158.24
Target IP: 12.82.137.31 Target port: 139 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:41:50 - snort [1:0:0] TCP from range 1025-4320
Source IP: 210.59.224.161 Source port: 1688
Source host: h03.hotrank.com.tw
Target IP: 12.82.137.31 Target port: 64571 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:50:47 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.155.192 Source port: 4425
Source host: 192.seattle06rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:50:50 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.155.192 Source port: 4425
Source host: 192.seattle06rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:53:52 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 3582
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 15:53:55 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.132.25 Source port: 3582
Source host: 25.seattle-11-12rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 17:01:17 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.77.167 Source port: 1177
Source host: 167.minneapolis-07rh16rt.mn.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 17:01:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.77.167 Source port: 1177
Source host: 167.minneapolis-07rh16rt.mn.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 17:14:15 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.77.167 Source port: 1915
Source host: 167.minneapolis-07rh16rt.mn.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 17:14:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.77.167 Source port: 1915
Source host: 167.minneapolis-07rh16rt.mn.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 17:16:30 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.245.18 Source port: 1346
Source host: 18.houston-11rh16rt.tx.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 17:16:32 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.245.18 Source port: 1346
Source host: 18.houston-11rh16rt.tx.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 17:32:15 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.235 Source port: 3506
Source host: 235.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 17:32:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.128.235 Source port: 3506
Source host: 235.seattle-01-02rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 17:58:21 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.123 Source port: 1963
Source host: 123.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 17:58:24 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.123 Source port: 1963
Source host: 123.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 18:02:55 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.245.18 Source port: 2290
Source host: 18.houston-11rh16rt.tx.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 18:02:57 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.245.18 Source port: 2290
Source host: 18.houston-11rh16rt.tx.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 18:07:40 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.123 Source port: 3227
Source host: 123.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 18:07:43 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.123 Source port: 3227
Source host: 123.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 18:20:42 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.123 Source port: 2632
Source host: 123.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 18:20:45 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.123 Source port: 2632
Source host: 123.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 18:31:26 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.245.18 Source port: 1291
Source host: 18.houston-11rh16rt.tx.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 18:31:29 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.245.18 Source port: 1291
Source host: 18.houston-11rh16rt.tx.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 18:51:59 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.58 Source port: 1417
Source host: 58.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 18:52:02 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.58 Source port: 1417
Source host: 58.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 19:04:17 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.135 Source port: 3120
Source host: 135.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 19:04:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.129.135 Source port: 3120
Source host: 135.seattle-03-04rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 19:07:51 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.58 Source port: 3988
Source host: 58.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 19:07:54 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.142.58 Source port: 3988
Source host: 58.seattle-25-30rs.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 19:49:16 - snort [1:0:0] TCP to 1214 KaZaa
Source IP: 206.128.116.49 Source port: 1155
Source host: aguadulce-pool-49.cwpanama.net
Target IP: 12.82.137.31 Target port: 1214 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 19:49:19 - snort [1:0:0] TCP to 1214 KaZaa
Source IP: 206.128.116.49 Source port: 1155
Source host: aguadulce-pool-49.cwpanama.net
Target IP: 12.82.137.31 Target port: 1214 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 19:49:25 - snort [1:0:0] TCP to 1214 KaZaa
Source IP: 206.128.116.49 Source port: 1155
Source host: aguadulce-pool-49.cwpanama.net
Target IP: 12.82.137.31 Target port: 1214 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 19:49:38 - snort [1:0:0] TCP to 1214 KaZaa
Source IP: 206.128.116.49 Source port: 1155
Source host: aguadulce-pool-49.cwpanama.net
Target IP: 12.82.137.31 Target port: 1214 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:00:34 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.65.158.24 Source port: 4819
Source host: 194.65.158.24
Target IP: 12.82.137.31 Target port: 139 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:00:38 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.65.158.24 Source port: 4819
Source host: 194.65.158.24
Target IP: 12.82.137.31 Target port: 139 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:00:44 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.65.158.24 Source port: 4819
Source host: 194.65.158.24
Target IP: 12.82.137.31 Target port: 139 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:00:57 - snort [1:0:0] TCP to 139 netBIOS ss
Source IP: 194.65.158.24 Source port: 4819
Source host: 194.65.158.24
Target IP: 12.82.137.31 Target port: 139 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:05:12 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.245.18 Source port: 2157
Source host: 18.houston-11rh16rt.tx.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:05:15 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.245.18 Source port: 2157
Source host: 18.houston-11rh16rt.tx.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:18:56 - snort [1:0:0] TCP to 111 sunrpc
Source IP: 61.10.25.110 Source port: 4761
Source host: cm61-10-25-110.hkcable.com.hk
Target IP: 12.82.137.31 Target port: 111 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:18:59 - snort [1:0:0] TCP to 111 sunrpc
Source IP: 61.10.25.110 Source port: 4761
Source host: cm61-10-25-110.hkcable.com.hk
Target IP: 12.82.137.31 Target port: 111 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:22:24 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.238.42.9 Source port: 3484
Source host: 12-238-42-9.client.attbi.com
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:22:27 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.238.42.9 Source port: 3484
Source host: 12-238-42-9.client.attbi.com
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:56:01 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.171.107 Source port: 3057
Source host: 107.seattle14rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 20:59:41 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.171.107 Source port: 4274
Source host: 107.seattle14rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 21:06:48 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.238.117.151 Source port: 4547
Source host: 12-238-117-151.client.attbi.com
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 21:06:51 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.238.117.151 Source port: 4547
Source host: 12-238-117-151.client.attbi.com
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 22:05:19 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.171.107 Source port: 2505
Source host: 107.seattle14rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 22:05:22 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.171.107 Source port: 2505
Source host: 107.seattle14rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 22:12:45 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.145.59 Source port: 3132
Source host: 59.seattle01rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 22:12:48 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.145.59 Source port: 3132
Source host: 59.seattle01rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 22:20:18 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.171.107 Source port: 3837
Source host: 107.seattle14rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 22:20:20 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.171.107 Source port: 3837
Source host: 107.seattle14rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 22:37:59 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.145.59 Source port: 3146
Source host: 59.seattle01rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 18 22:38:02 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.145.59 Source port: 3146
Source host: 59.seattle01rh16rt.wa.dial-access.att.net
Target IP: 12.82.137.31 Target port: 80 Proto: TCP
Target host: 31.seattle-23-24rs.wa.dial-access.att.net
Mar 19 02:04:45 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.171.107 Source port: 4189
Source host: 107.seattle14rh16rt.wa.dial-access.att.net
Target IP: 12.82.140.100 Target port: 80 Proto: TCP
Target host: 100.seattle-05-10rs.wa.dial-access.att.net
Mar 19 02:04:47 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.171.107 Source port: 4189
Source host: 107.seattle14rh16rt.wa.dial-access.att.net
Target IP: 12.82.140.100 Target port: 80 Proto: TCP
Target host: 100.seattle-05-10rs.wa.dial-access.att.net
Mar 19 02:42:01 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.171.107 Source port: 3413
Source host: 107.seattle14rh16rt.wa.dial-access.att.net
Target IP: 12.82.140.100 Target port: 80 Proto: TCP
Target host: 100.seattle-05-10rs.wa.dial-access.att.net
Mar 19 02:42:04 - snort [1:0:0] Potential CodeRed/Nimda probe
Source IP: 12.82.171.107 Source port: 3413
Source host: 107.seattle14rh16rt.wa.dial-access.att.net
Target IP: 12.82.140.100 Target port: 80 Proto: TCP
Target host: 100.seattle-05-10rs.wa.dial-access.att.net
This report generated 03/19/2002 at 04:01:00
by a perl script written by John Sage at FinchHaven.com,
based upon the work of Dan Swan in his script snort2html.pl
jsage@finchhaven.com
Last modified: Sun Mar 31 07:32:56 2002