ACID Report: 04-01-02
Sorted by time
To: toot@sparky.finchhaven.net
Subject: ACID Incident Report
From: ACID Alert
Generated by ACID v0.9.6b21 on Wed April 03, 2002 21:04:35
------------------------------------------------------------------------------
#(14 - 6) [2002-04-01 00:40:01] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=11594 flags=0 offset=0 TTL=125 chksum=32922
TCP: port=2805 -> dport: 80 flags=******S* seq=926744117
ack=0 off=7 res=0 win=8760 urp=0 chksum=53324
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 7) [2002-04-01 00:40:03] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=11828 flags=0 offset=0 TTL=125 chksum=32688
TCP: port=2805 -> dport: 80 flags=******S* seq=926744117
ack=0 off=7 res=0 win=8760 urp=0 chksum=53324
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(14 - 8) [2002-04-01 01:05:04] Potential CodeRed/Nimda probe
IPv4: 12.222.192.110 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=17718 flags=0 offset=0 TTL=118 chksum=22967
TCP: port=2475 -> dport: 80 flags=******S* seq=161958667
ack=0 off=7 res=0 win=16384 urp=0 chksum=32407
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 9) [2002-04-01 01:05:07] Potential CodeRed/Nimda probe
IPv4: 12.222.192.110 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=18099 flags=0 offset=0 TTL=118 chksum=22586
TCP: port=2475 -> dport: 80 flags=******S* seq=161958667
ack=0 off=7 res=0 win=16384 urp=0 chksum=32407
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(14 - 10) [2002-04-01 01:15:19] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=18624 flags=0 offset=0 TTL=125 chksum=25892
TCP: port=2515 -> dport: 80 flags=******S* seq=1392016982
ack=0 off=7 res=0 win=8760 urp=0 chksum=13714
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 11) [2002-04-01 01:15:21] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=18997 flags=0 offset=0 TTL=125 chksum=25519
TCP: port=2515 -> dport: 80 flags=******S* seq=1392016982
ack=0 off=7 res=0 win=8760 urp=0 chksum=13714
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(14 - 12) [2002-04-01 02:20:19] TCP to 23 telnet
IPv4: 209.143.73.128 -> 12.82.140.60
hlen=5 TOS=0 dlen=60 ID=42684 flags=0 offset=0 TTL=47 chksum=61793
TCP: port=4706 -> dport: 23 flags=******S* seq=1904126153
ack=0 off=10 res=0 win=32120 urp=0 chksum=31105
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=1059605500000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(14 - 13) [2002-04-01 02:20:22] TCP to 23 telnet
IPv4: 209.143.73.128 -> 12.82.140.60
hlen=5 TOS=0 dlen=60 ID=43190 flags=0 offset=0 TTL=47 chksum=61287
TCP: port=4706 -> dport: 23 flags=******S* seq=1904126153
ack=0 off=10 res=0 win=32120 urp=0 chksum=30805
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=1059618100000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(14 - 14) [2002-04-01 02:21:36] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=17809 flags=0 offset=0 TTL=125 chksum=26707
TCP: port=1559 -> dport: 80 flags=******S* seq=1642835529
ack=0 off=7 res=0 win=8760 urp=0 chksum=64103
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 15) [2002-04-01 02:21:39] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=18067 flags=0 offset=0 TTL=125 chksum=26449
TCP: port=1559 -> dport: 80 flags=******S* seq=1642835529
ack=0 off=7 res=0 win=8760 urp=0 chksum=64103
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 16) [2002-04-01 02:55:16] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=27851 flags=0 offset=0 TTL=125 chksum=16665
TCP: port=2702 -> dport: 80 flags=******S* seq=1940204488
ack=0 off=7 res=0 win=8760 urp=0 chksum=26296
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 17) [2002-04-01 02:55:19] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=28083 flags=0 offset=0 TTL=125 chksum=16433
TCP: port=2702 -> dport: 80 flags=******S* seq=1940204488
ack=0 off=7 res=0 win=8760 urp=0 chksum=26296
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 18) [2002-04-01 03:55:48] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=57158 flags=0 offset=0 TTL=125 chksum=52893
TCP: port=3075 -> dport: 80 flags=******S* seq=1557933216
ack=0 off=7 res=0 win=8760 urp=0 chksum=31540
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 19) [2002-04-01 03:55:51] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=57424 flags=0 offset=0 TTL=125 chksum=52627
TCP: port=3075 -> dport: 80 flags=******S* seq=1557933216
ack=0 off=7 res=0 win=8760 urp=0 chksum=31540
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 20) [2002-04-01 04:35:08] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=29648 flags=0 offset=0 TTL=125 chksum=14868
TCP: port=1730 -> dport: 80 flags=******S* seq=2594089199
ack=0 off=7 res=0 win=8760 urp=0 chksum=50787
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(14 - 21) [2002-04-01 04:35:11] Potential CodeRed/Nimda probe
IPv4: 12.82.171.3 -> 12.82.140.60
hlen=5 TOS=0 dlen=48 ID=29984 flags=0 offset=0 TTL=125 chksum=14532
TCP: port=1730 -> dport: 80 flags=******S* seq=2594089199
ack=0 off=7 res=0 win=8760 urp=0 chksum=50787
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(14 - 22) [2002-04-01 04:55:42] TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.140.60
hlen=5 TOS=0 dlen=60 ID=1062 flags=0 offset=0 TTL=50 chksum=19171
TCP: port=4821 -> dport: 21 flags=******S* seq=908373943
ack=0 off=10 res=0 win=32120 urp=0 chksum=43282
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=1A79148A00000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(14 - 23) [2002-04-01 04:55:45] TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.140.60
hlen=5 TOS=0 dlen=60 ID=1989 flags=0 offset=0 TTL=50 chksum=18244
TCP: port=4821 -> dport: 21 flags=******S* seq=908373943
ack=0 off=10 res=0 win=32120 urp=0 chksum=42982
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=1A7915B600000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(14 - 24) [2002-04-01 05:10:40] TCP to 21 ftp
IPv4: 80.139.44.106 -> 12.82.140.60
hlen=5 TOS=0 dlen=52 ID=24068 flags=0 offset=0 TTL=237 chksum=6716
TCP: port=1192 -> dport: 21 flags=******S* seq=1120471204
ack=0 off=8 res=0 win=32767 urp=0 chksum=35199
Options:
#1 - MSS len=4 data=05A0
#2 - NOP len=0
#3 - WS len=3 data=00
#4 - NOP len=0
#5 - NOP len=0
#6 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(15 - 1) [2002-04-01 07:23:38] UDP to 137 netBIOS ns
IPv4: 151.203.116.145 -> 12.82.128.230
hlen=5 TOS=0 dlen=78 ID=15060 flags=0 offset=0 TTL=110 chksum=30774
UDP: port=1048 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(15 - 2) [2002-04-01 08:01:27] UDP to 137 netBIOS ns
IPv4: 67.40.51.133 -> 12.82.128.230
hlen=5 TOS=0 dlen=78 ID=17033 flags=0 offset=0 TTL=114 chksum=561
UDP: port=63040 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(15 - 3) [2002-04-01 08:29:53] TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.128.230
hlen=5 TOS=0 dlen=60 ID=9176 flags=0 offset=0 TTL=50 chksum=13959
TCP: port=2000 -> dport: 21 flags=******S* seq=1593516133
ack=0 off=10 res=0 win=32120 urp=0 chksum=35254
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=1A8CB0A900000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(15 - 4) [2002-04-01 08:29:56] TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.128.230
hlen=5 TOS=0 dlen=60 ID=10068 flags=0 offset=0 TTL=50 chksum=13067
TCP: port=2000 -> dport: 21 flags=******S* seq=1593516133
ack=0 off=10 res=0 win=32120 urp=0 chksum=34954
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=1A8CB1D500000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(15 - 5) [2002-04-01 08:40:25] TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.128.230
hlen=5 TOS=0 dlen=60 ID=5548 flags=0 offset=0 TTL=50 chksum=17587
TCP: port=4439 -> dport: 21 flags=******S* seq=2253515947
ack=0 off=10 res=0 win=32120 urp=0 chksum=38392
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=1A8DA74200000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(15 - 6) [2002-04-01 08:40:28] TCP to 21 ftp
IPv4: 210.0.143.36 -> 12.82.128.230
hlen=5 TOS=0 dlen=60 ID=6382 flags=0 offset=0 TTL=50 chksum=16753
TCP: port=4439 -> dport: 21 flags=******S* seq=2253515947
ack=0 off=10 res=0 win=32120 urp=0 chksum=38092
Options:
#1 - MSS len=4 data=05B4
#2 - SACKOK len=0
#3 - TS len=10 data=1A8DA86E00000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(15 - 7) [2002-04-01 10:01:53] TCP to 27374 SubSeven
IPv4: 200.28.185.30 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=59898 flags=0 offset=0 TTL=111 chksum=4954
TCP: port=3966 -> dport: 27374 flags=******S* seq=2522688469
ack=0 off=7 res=0 win=2144 urp=0 chksum=13129
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 8) [2002-04-01 10:01:56] TCP to 27374 SubSeven
IPv4: 200.28.185.30 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=60181 flags=0 offset=0 TTL=111 chksum=4671
TCP: port=3966 -> dport: 27374 flags=******S* seq=2522688469
ack=0 off=7 res=0 win=2144 urp=0 chksum=13129
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 9) [2002-04-01 10:02:03] TCP to 27374 SubSeven
IPv4: 200.28.185.30 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=60682 flags=0 offset=0 TTL=111 chksum=4170
TCP: port=3966 -> dport: 27374 flags=******S* seq=2522688469
ack=0 off=7 res=0 win=2144 urp=0 chksum=13129
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(15 - 10) [2002-04-01 10:19:47] TCP to 27374 SubSeven
IPv4: 67.80.114.112 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=40046 flags=0 offset=0 TTL=111 chksum=11361
TCP: port=2055 -> dport: 27374 flags=******S* seq=68240366
ack=0 off=7 res=0 win=8192 urp=0 chksum=25906
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 11) [2002-04-01 10:19:50] TCP to 27374 SubSeven
IPv4: 67.80.114.112 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=47214 flags=0 offset=0 TTL=111 chksum=4193
TCP: port=2055 -> dport: 27374 flags=******S* seq=68240366
ack=0 off=7 res=0 win=8192 urp=0 chksum=25906
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 12) [2002-04-01 10:19:56] TCP to 27374 SubSeven
IPv4: 67.80.114.112 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=1135 flags=0 offset=0 TTL=111 chksum=50272
TCP: port=2055 -> dport: 27374 flags=******S* seq=68240366
ack=0 off=7 res=0 win=8192 urp=0 chksum=25906
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 13) [2002-04-01 10:20:08] TCP to 27374 SubSeven
IPv4: 67.80.114.112 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=29039 flags=0 offset=0 TTL=111 chksum=22368
TCP: port=2055 -> dport: 27374 flags=******S* seq=68240366
ack=0 off=7 res=0 win=8192 urp=0 chksum=25906
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(15 - 15) [2002-04-01 11:14:46] TCP to 27374 SubSeven
IPv4: 172.161.58.93 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=44270 flags=0 offset=0 TTL=106 chksum=61346
TCP: port=2524 -> dport: 27374 flags=******S* seq=2779501276
ack=0 off=7 res=0 win=16384 urp=0 chksum=57849
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 16) [2002-04-01 11:14:49] TCP to 27374 SubSeven
IPv4: 172.161.58.93 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=44339 flags=0 offset=0 TTL=106 chksum=61277
TCP: port=2524 -> dport: 27374 flags=******S* seq=2779501276
ack=0 off=7 res=0 win=16384 urp=0 chksum=57849
Options:
#1 - MSS len=4 data=0550
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(15 - 17) [2002-04-01 11:49:08] TCP to 27374 SubSeven
IPv4: 12.35.123.106 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=7550 flags=0 offset=0 TTL=118 chksum=53892
TCP: port=1296 -> dport: 27374 flags=******S* seq=2087323441
ack=0 off=7 res=0 win=8760 urp=0 chksum=23588
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 18) [2002-04-01 11:49:11] TCP to 27374 SubSeven
IPv4: 12.35.123.106 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=7619 flags=0 offset=0 TTL=118 chksum=53823
TCP: port=1296 -> dport: 27374 flags=******S* seq=2087323441
ack=0 off=7 res=0 win=8760 urp=0 chksum=23588
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(15 - 19) [2002-04-01 11:49:17] TCP to 27374 SubSeven
IPv4: 12.35.123.106 -> 12.82.128.230
hlen=5 TOS=0 dlen=48 ID=7736 flags=0 offset=0 TTL=118 chksum=53706
TCP: port=1296 -> dport: 27374 flags=******S* seq=2087323441
ack=0 off=7 res=0 win=8760 urp=0 chksum=23588
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(15 - 20) [2002-04-01 12:32:55] Potential CodeRed/Nimda probe
IPv4: 12.82.142.100 -> 12.82.128.230
hlen=5 TOS=0 dlen=44 ID=60481 flags=0 offset=0 TTL=125 chksum=59803
TCP: port=1256 -> dport: 80 flags=******S* seq=15753909
ack=0 off=6 res=0 win=8192 urp=0 chksum=59226
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(15 - 21) [2002-04-01 12:36:48] Potential CodeRed/Nimda probe
IPv4: 12.82.142.100 -> 12.82.128.230
hlen=5 TOS=0 dlen=44 ID=9694 flags=0 offset=0 TTL=125 chksum=45055
TCP: port=4053 -> dport: 80 flags=******S* seq=15986255
ack=0 off=6 res=0 win=8192 urp=0 chksum=20688
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(15 - 22) [2002-04-01 12:36:51] Potential CodeRed/Nimda probe
IPv4: 12.82.142.100 -> 12.82.128.230
hlen=5 TOS=0 dlen=44 ID=21472 flags=0 offset=0 TTL=125 chksum=33277
TCP: port=4053 -> dport: 80 flags=******S* seq=15986255
ack=0 off=6 res=0 win=8192 urp=0 chksum=20688
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(17 - 1) [2002-04-01 14:13:33] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.128.19
hlen=5 TOS=0 dlen=48 ID=43479 flags=0 offset=0 TTL=125 chksum=11907
TCP: port=3083 -> dport: 80 flags=******S* seq=1754742231
ack=0 off=7 res=0 win=16384 urp=0 chksum=27368
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(17 - 2) [2002-04-01 14:13:36] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.128.19
hlen=5 TOS=0 dlen=48 ID=43761 flags=0 offset=0 TTL=125 chksum=11625
TCP: port=3083 -> dport: 80 flags=******S* seq=1754742231
ack=0 off=7 res=0 win=16384 urp=0 chksum=27368
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(17 - 3) [2002-04-01 14:44:23] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.128.19
hlen=5 TOS=0 dlen=48 ID=23186 flags=0 offset=0 TTL=125 chksum=32200
TCP: port=4225 -> dport: 80 flags=******S* seq=1561358123
ack=0 off=7 res=0 win=16384 urp=0 chksum=16549
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(17 - 4) [2002-04-01 14:44:26] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.128.19
hlen=5 TOS=0 dlen=48 ID=23459 flags=0 offset=0 TTL=125 chksum=31927
TCP: port=4225 -> dport: 80 flags=******S* seq=1561358123
ack=0 off=7 res=0 win=16384 urp=0 chksum=16549
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 1) [2002-04-01 15:57:56] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=47831 flags=0 offset=0 TTL=125 chksum=4393
TCP: port=3668 -> dport: 80 flags=******S* seq=2744008958
ack=0 off=7 res=0 win=16384 urp=0 chksum=7719
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 2) [2002-04-01 15:57:59] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=48083 flags=0 offset=0 TTL=125 chksum=4141
TCP: port=3668 -> dport: 80 flags=******S* seq=2744008958
ack=0 off=7 res=0 win=16384 urp=0 chksum=7719
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 3) [2002-04-01 16:12:46] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=64590 flags=0 offset=0 TTL=125 chksum=53169
TCP: port=2956 -> dport: 80 flags=******S* seq=392358357
ack=0 off=7 res=0 win=16384 urp=0 chksum=1092
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 4) [2002-04-01 16:12:49] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=64840 flags=0 offset=0 TTL=125 chksum=52919
TCP: port=2956 -> dport: 80 flags=******S* seq=392358357
ack=0 off=7 res=0 win=16384 urp=0 chksum=1092
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 5) [2002-04-01 16:50:09] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=17805 flags=0 offset=0 TTL=125 chksum=34419
TCP: port=3978 -> dport: 80 flags=******S* seq=1063789026
ack=0 off=7 res=0 win=16384 urp=0 chksum=41011
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 6) [2002-04-01 16:50:12] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=18104 flags=0 offset=0 TTL=125 chksum=34120
TCP: port=3978 -> dport: 80 flags=******S* seq=1063789026
ack=0 off=7 res=0 win=16384 urp=0 chksum=41011
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 7) [2002-04-01 17:14:55] Potential CodeRed/Nimda probe
IPv4: 12.82.173.179 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=45152 flags=0 offset=0 TTL=125 chksum=64162
TCP: port=2539 -> dport: 80 flags=******S* seq=3521745067
ack=0 off=7 res=0 win=16384 urp=0 chksum=33674
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 8) [2002-04-01 17:14:58] Potential CodeRed/Nimda probe
IPv4: 12.82.173.179 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=45355 flags=0 offset=0 TTL=125 chksum=63959
TCP: port=2539 -> dport: 80 flags=******S* seq=3521745067
ack=0 off=7 res=0 win=16384 urp=0 chksum=33674
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 9) [2002-04-01 17:34:23] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=38517 flags=0 offset=0 TTL=126 chksum=16535
TCP: port=1979 -> dport: 80 flags=******S* seq=33844554
ack=0 off=6 res=0 win=8192 urp=0 chksum=56077
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 10) [2002-04-01 17:34:25] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=21111 flags=0 offset=0 TTL=126 chksum=33941
TCP: port=1979 -> dport: 80 flags=******S* seq=33844554
ack=0 off=6 res=0 win=8192 urp=0 chksum=56077
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 11) [2002-04-01 17:37:10] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=16868 flags=0 offset=0 TTL=126 chksum=38184
TCP: port=3453 -> dport: 80 flags=******S* seq=34011991
ack=0 off=6 res=0 win=8192 urp=0 chksum=18236
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 12) [2002-04-01 17:37:12] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=25574 flags=0 offset=0 TTL=126 chksum=29478
TCP: port=3453 -> dport: 80 flags=******S* seq=34011991
ack=0 off=6 res=0 win=8192 urp=0 chksum=18236
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 13) [2002-04-01 17:42:49] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=22213 flags=0 offset=0 TTL=126 chksum=32839
TCP: port=2466 -> dport: 80 flags=******S* seq=34350361
ack=0 off=6 res=0 win=8192 urp=0 chksum=8528
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 14) [2002-04-01 17:42:53] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=65478 flags=0 offset=0 TTL=126 chksum=55109
TCP: port=2466 -> dport: 80 flags=******S* seq=34350361
ack=0 off=6 res=0 win=8192 urp=0 chksum=8528
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 15) [2002-04-01 18:02:05] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=38353 flags=0 offset=0 TTL=125 chksum=13871
TCP: port=1620 -> dport: 80 flags=******S* seq=2034585572
ack=0 off=7 res=0 win=16384 urp=0 chksum=16778
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 16) [2002-04-01 18:02:08] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=38608 flags=0 offset=0 TTL=125 chksum=13616
TCP: port=1620 -> dport: 80 flags=******S* seq=2034585572
ack=0 off=7 res=0 win=16384 urp=0 chksum=16778
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 17) [2002-04-01 18:18:13] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=49734 flags=0 offset=0 TTL=126 chksum=5318
TCP: port=1729 -> dport: 80 flags=******S* seq=36475497
ack=0 off=6 res=0 win=8192 urp=0 chksum=46784
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 18) [2002-04-01 18:18:16] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=33352 flags=0 offset=0 TTL=126 chksum=21700
TCP: port=1729 -> dport: 80 flags=******S* seq=36475497
ack=0 off=6 res=0 win=8192 urp=0 chksum=46784
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 19) [2002-04-01 18:27:31] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=25274 flags=0 offset=0 TTL=126 chksum=29778
TCP: port=2917 -> dport: 80 flags=******S* seq=37034283
ack=0 off=6 res=0 win=8192 urp=0 chksum=11090
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 20) [2002-04-01 18:27:35] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=38332 flags=0 offset=0 TTL=126 chksum=16720
TCP: port=2917 -> dport: 80 flags=******S* seq=37034283
ack=0 off=6 res=0 win=8192 urp=0 chksum=11090
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 21) [2002-04-01 18:31:07] Potential CodeRed/Nimda probe
IPv4: 12.82.140.5 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=64209 flags=0 offset=0 TTL=127 chksum=53215
TCP: port=4472 -> dport: 80 flags=******S* seq=3761356797
ack=0 off=7 res=0 win=8760 urp=0 chksum=32217
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 22) [2002-04-01 18:31:09] Potential CodeRed/Nimda probe
IPv4: 12.82.140.5 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=64462 flags=0 offset=0 TTL=127 chksum=52962
TCP: port=4472 -> dport: 80 flags=******S* seq=3761356797
ack=0 off=7 res=0 win=8760 urp=0 chksum=32217
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 23) [2002-04-01 18:42:29] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=51473 flags=0 offset=0 TTL=126 chksum=3579
TCP: port=3776 -> dport: 80 flags=******S* seq=37931701
ack=0 off=6 res=0 win=8192 urp=0 chksum=30303
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 24) [2002-04-01 18:42:32] Potential CodeRed/Nimda probe
IPv4: 12.82.128.174 -> 12.82.140.109
hlen=5 TOS=0 dlen=44 ID=38931 flags=0 offset=0 TTL=126 chksum=16121
TCP: port=3776 -> dport: 80 flags=******S* seq=37931701
ack=0 off=6 res=0 win=8192 urp=0 chksum=30303
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(18 - 25) [2002-04-01 18:52:33] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=1592 flags=0 offset=0 TTL=125 chksum=50632
TCP: port=3732 -> dport: 80 flags=******S* seq=25323279
ack=0 off=7 res=0 win=16384 urp=0 chksum=39394
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 26) [2002-04-01 18:52:37] Potential CodeRed/Nimda probe
IPv4: 12.82.140.182 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=1895 flags=0 offset=0 TTL=125 chksum=50329
TCP: port=3732 -> dport: 80 flags=******S* seq=25323279
ack=0 off=7 res=0 win=16384 urp=0 chksum=39394
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 28) [2002-04-01 19:51:54] UDP to 137 netBIOS ns
IPv4: 12.82.140.66 -> 12.82.140.109
hlen=5 TOS=0 dlen=78 ID=33031 flags=0 offset=0 TTL=127 chksum=35140
UDP: port=1086 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 29) [2002-04-01 20:14:55] ICMP echo request
IPv4: 210.24.202.27 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=43800 flags=0 offset=0 TTL=111 chksum=27569
ICMP: type=Echo Request code=0
checksum=31779 id=52226 seq=0
Payload: length = 36
000 : 61 00 FA 84 45 45 45 45 45 45 45 45 45 45 45 45 a...EEEEEEEEEEEE
010 : 45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 45 EEEEEEEEEEEEEEEE
020 : 45 45 45 45 EEEE
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 30) [2002-04-01 20:25:59] Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=12966 flags=0 offset=0 TTL=125 chksum=36486
TCP: port=3534 -> dport: 80 flags=******S* seq=728218850
ack=0 off=7 res=0 win=16384 urp=0 chksum=4124
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 31) [2002-04-01 20:26:02] Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=13258 flags=0 offset=0 TTL=125 chksum=36194
TCP: port=3534 -> dport: 80 flags=******S* seq=728218850
ack=0 off=7 res=0 win=16384 urp=0 chksum=4124
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 32) [2002-04-01 20:29:44] Potential CodeRed/Nimda probe
IPv4: 12.248.197.76 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=21585 flags=0 offset=0 TTL=119 chksum=17523
TCP: port=2413 -> dport: 80 flags=******S* seq=320626901
ack=0 off=7 res=0 win=16384 urp=0 chksum=23149
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 33) [2002-04-01 20:35:22] Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=4156 flags=0 offset=0 TTL=125 chksum=45296
TCP: port=4478 -> dport: 80 flags=******S* seq=2027395286
ack=0 off=7 res=0 win=16384 urp=0 chksum=58119
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 34) [2002-04-01 20:35:25] Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=4449 flags=0 offset=0 TTL=125 chksum=45003
TCP: port=4478 -> dport: 80 flags=******S* seq=2027395286
ack=0 off=7 res=0 win=16384 urp=0 chksum=58119
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 50) [2002-04-01 20:41:32] TCP to 21 ftp
IPv4: 80.56.144.47 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=36804 flags=0 offset=0 TTL=109 chksum=1245
TCP: port=3922 -> dport: 21 flags=******S* seq=2075173552
ack=0 off=7 res=0 win=16384 urp=0 chksum=39984
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 51) [2002-04-01 20:41:35] TCP to 21 ftp
IPv4: 80.56.144.47 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=37197 flags=0 offset=0 TTL=109 chksum=852
TCP: port=3922 -> dport: 21 flags=******S* seq=2075173552
ack=0 off=7 res=0 win=16384 urp=0 chksum=39984
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 84) [2002-04-01 20:45:31] ICMP echo request
IPv4: 209.225.26.98 -> 12.82.140.109
hlen=5 TOS=0 dlen=84 ID=17003 flags=0 offset=0 TTL=240 chksum=827
ICMP: type=Echo Request code=0
checksum=62628 id=50944 seq=64903
Payload: length = 56
000 : 00 00 00 00 0C 52 8C 6D 00 00 EE 68 00 00 00 00 .....R.m...h....
010 : BD CA BB 0C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00 ....,;...R.m....
020 : BD CA BB 0C 00 00 00 00 00 00 00 00 00 00 00 00 ................
030 : 00 00 00 00 00 00 00 00 ........
------------------------------------------------------------------------------
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
Request: 209.225.26.98
connecting to whois.arin.net [63.146.182.182:43] ...
connecting to rwhois.exodus.net [64.41.251.179:4321] ...
%rwhois V-1.5:001ab7:00 rwhois.exodus.net (Exodus Communications)
network:Class-Name:network
network:Auth-Area:0.0.0.0/0
network:Network-Name:209.225.26.64
network:IP-Network:209.225.26.64/26
network:Organization;I:Be Free, Inc.
network:Name;I:Brian Chopp
network:Email;I:bchopp@befree.com
network:Street;I:154 Crane Meadow Rd Suite 100
network:City;I:Marlborough
network:State;I:MA
network:Postal-Code;I:01752
network:Country-Code;I:USA
Registrant:
Be Free, Inc. (BEFREE8-DOM)
154 Crane Meadow Rd.
Marlborough, MA 01752
US
Domain Name: BEFREE.COM
Administrative Contact:
Gerace, Samuel P (SPG5) sgerace@BEFREE.COM
Be Free, Inc.
154 Crane Meadow Road, Suite 200
Marlborough, MA 01752
508-480-4400
Technical Contact:
Chopp, Brian (BC693) bchopp@BEFREE.COM
Be Free, Inc.
Suite 2000
Pittsburgh, PA 15219
412-471-7500
------------------------------------------------------------------------------
#(18 - 85) [2002-04-01 20:45:31] ICMP echo request
IPv4: 66.207.130.72 -> 12.82.140.109
hlen=5 TOS=0 dlen=84 ID=46959 flags=0 offset=0 TTL=240 chksum=46434
ICMP: type=Echo Request code=0
checksum=52855 id=50944 seq=57432
Payload: length = 56
000 : 00 00 00 00 0C 52 8C 6D 00 00 AB 0C 00 00 00 00 .....R.m........
010 : DF 06 DD 2C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00 ...,,;...R.m....
020 : DF 06 DD 2C 00 00 00 00 00 00 00 00 00 00 00 00 ...,............
030 : 00 00 00 00 00 00 00 00 ........
------------------------------------------------------------------------------
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman
aspStation, Inc. (NETBLK-ASPSTATION-1)
4736 Penn Ave.
Pittsburgh, PA 15224
US
Netname: ASPSTATION-1
Netblock: 66.207.128.0 - 66.207.143.255
Maintainer: ASPS
Coordinator:
DeHart, Ed (ED200-ARIN) dehart@aspstation.net
412-661-6001 (FAX) 412-519-3323
Domain System inverse mapping provided by:
NS1.ASPSTATION.NET66.207.128.2
NS2.ASPSTATION.NET66.207.128.3
------------------------------------------------------------------------------
#(18 - 98) [2002-04-01 20:45:33] ICMP echo request
IPv4: 209.225.26.98 -> 12.82.140.109
hlen=5 TOS=0 dlen=84 ID=17252 flags=0 offset=0 TTL=240 chksum=578
ICMP: type=Echo Request code=0
checksum=40868 id=50944 seq=21128
Payload: length = 56
000 : 00 00 00 00 0C 52 8C 6D 00 00 D5 66 00 00 00 00 .....R.m...f....
010 : D6 CC BB 0C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00 ....,;...R.m....
020 : BD CA BB 0C 00 00 00 00 00 00 00 00 00 00 00 00 ................
030 : 00 00 00 00 00 00 00 00 ........
------------------------------------------------------------------------------
#(18 - 99) [2002-04-01 20:45:33] ICMP echo request
IPv4: 66.207.130.72 -> 12.82.140.109
hlen=5 TOS=0 dlen=84 ID=47215 flags=0 offset=0 TTL=240 chksum=46178
ICMP: type=Echo Request code=0
checksum=32119 id=50944 seq=12633
Payload: length = 56
000 : 00 00 00 00 0C 52 8C 6D 00 00 A9 0A 00 00 00 00 .....R.m........
010 : E1 08 DD 2C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00 ...,,;...R.m....
020 : DF 06 DD 2C 00 00 00 00 00 00 00 00 00 00 00 00 ...,............
030 : 00 00 00 00 00 00 00 00 ........
------------------------------------------------------------------------------
#(18 - 103) [2002-04-01 20:45:33] ICMP echo request
IPv4: 209.225.26.98 -> 12.82.140.109
hlen=5 TOS=0 dlen=84 ID=17413 flags=0 offset=0 TTL=240 chksum=417
ICMP: type=Echo Request code=0
checksum=26788 id=50944 seq=35208
Payload: length = 56
000 : 00 00 00 00 0C 52 8C 6D 00 00 71 65 00 00 00 00 .....R.m..qe....
010 : 3A CE BB 0C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00 :...,;...R.m....
020 : BD CA BB 0C 00 00 00 00 00 00 00 00 00 00 00 00 ................
030 : 00 00 00 00 00 00 00 00 ........
------------------------------------------------------------------------------
#(18 - 104) [2002-04-01 20:45:33] ICMP echo request
IPv4: 66.207.130.72 -> 12.82.140.109
hlen=5 TOS=0 dlen=84 ID=47350 flags=0 offset=0 TTL=240 chksum=46043
ICMP: type=Echo Request code=0
checksum=17271 id=50944 seq=27481
Payload: length = 56
000 : 00 00 00 00 0C 52 8C 6D 00 00 2F 09 00 00 00 00 .....R.m../.....
010 : 5B 0A DD 2C 2C 3B 00 00 0C 52 8C 6D 01 00 00 00 [..,,;...R.m....
020 : DF 06 DD 2C 00 00 00 00 00 00 00 00 00 00 00 00 ...,............
030 : 00 00 00 00 00 00 00 00 ........
------------------------------------------------------------------------------
#(18 - 126) [2002-04-01 20:46:45] ICMP echo request
IPv4: 63.241.68.71 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=20263 flags=0 offset=0 TTL=54 chksum=6303
ICMP: type=Echo Request code=0
checksum=20791 id=42696 seq=0
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 127) [2002-04-01 20:46:46] ICMP echo request
IPv4: 63.241.68.71 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=20978 flags=0 offset=0 TTL=54 chksum=5588
ICMP: type=Echo Request code=0
checksum=20279 id=42696 seq=256
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 128) [2002-04-01 20:46:47] ICMP echo request
IPv4: 63.241.68.71 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=21690 flags=0 offset=0 TTL=54 chksum=4876
ICMP: type=Echo Request code=0
checksum=19767 id=42696 seq=512
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 129) [2002-04-01 20:47:42] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=61102 flags=0 offset=0 TTL=50 chksum=41697
ICMP: type=Echo Request code=0
checksum=1083 id=62404 seq=0
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 130) [2002-04-01 20:47:43] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=61108 flags=0 offset=0 TTL=50 chksum=41691
ICMP: type=Echo Request code=0
checksum=571 id=62404 seq=256
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 131) [2002-04-01 20:47:44] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=61115 flags=0 offset=0 TTL=50 chksum=41684
ICMP: type=Echo Request code=0
checksum=59 id=62404 seq=512
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 132) [2002-04-01 20:47:46] ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=39170 flags=0 offset=0 TTL=54 chksum=63724
ICMP: type=Echo Request code=0
checksum=52639 id=10848 seq=0
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 133) [2002-04-01 20:47:47] ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=39772 flags=0 offset=0 TTL=54 chksum=63122
ICMP: type=Echo Request code=0
checksum=52127 id=10848 seq=256
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 134) [2002-04-01 20:47:48] ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=34297 flags=0 offset=0 TTL=56 chksum=57332
ICMP: type=Echo Request code=0
checksum=27569 id=35918 seq=0
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 135) [2002-04-01 20:47:48] ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=40712 flags=0 offset=0 TTL=54 chksum=62182
ICMP: type=Echo Request code=0
checksum=51615 id=10848 seq=512
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 136) [2002-04-01 20:47:49] ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=35828 flags=0 offset=0 TTL=56 chksum=55801
ICMP: type=Echo Request code=0
checksum=27057 id=35918 seq=256
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 137) [2002-04-01 20:47:50] ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=36139 flags=0 offset=0 TTL=56 chksum=55490
ICMP: type=Echo Request code=0
checksum=26545 id=35918 seq=512
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 138) [2002-04-01 20:48:07] ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=53966 flags=0 offset=0 TTL=54 chksum=48928
ICMP: type=Echo Request code=0
checksum=44447 id=19040 seq=0
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 139) [2002-04-01 20:48:07] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=61767 flags=0 offset=0 TTL=50 chksum=41032
ICMP: type=Echo Request code=0
checksum=63034 id=453 seq=0
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 140) [2002-04-01 20:48:08] ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=54580 flags=0 offset=0 TTL=54 chksum=48314
ICMP: type=Echo Request code=0
checksum=43935 id=19040 seq=256
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 141) [2002-04-01 20:48:08] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=61770 flags=0 offset=0 TTL=50 chksum=41029
ICMP: type=Echo Request code=0
checksum=62522 id=453 seq=256
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 142) [2002-04-01 20:48:09] ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=55416 flags=0 offset=0 TTL=54 chksum=47478
ICMP: type=Echo Request code=0
checksum=43423 id=19040 seq=512
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 143) [2002-04-01 20:48:09] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=61777 flags=0 offset=0 TTL=50 chksum=41022
ICMP: type=Echo Request code=0
checksum=62010 id=453 seq=512
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 144) [2002-04-01 20:48:15] ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=56669 flags=0 offset=0 TTL=56 chksum=34960
ICMP: type=Echo Request code=0
checksum=24497 id=38990 seq=0
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 145) [2002-04-01 20:48:16] ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=58157 flags=0 offset=0 TTL=56 chksum=33472
ICMP: type=Echo Request code=0
checksum=23985 id=38990 seq=256
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 146) [2002-04-01 20:48:17] ICMP echo request
IPv4: 63.241.68.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=58457 flags=0 offset=0 TTL=56 chksum=33172
ICMP: type=Echo Request code=0
checksum=23473 id=38990 seq=512
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 147) [2002-04-01 20:48:27] ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=2393 flags=0 offset=0 TTL=54 chksum=34966
ICMP: type=Echo Request code=0
checksum=41631 id=21856 seq=0
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 148) [2002-04-01 20:48:27] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=62351 flags=0 offset=0 TTL=50 chksum=40448
ICMP: type=Echo Request code=0
checksum=54586 id=8901 seq=0
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 149) [2002-04-01 20:48:28] ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=3334 flags=0 offset=0 TTL=54 chksum=34025
ICMP: type=Echo Request code=0
checksum=41119 id=21856 seq=256
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 150) [2002-04-01 20:48:28] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=62352 flags=0 offset=0 TTL=50 chksum=40447
ICMP: type=Echo Request code=0
checksum=54074 id=8901 seq=256
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 151) [2002-04-01 20:48:29] ICMP echo request
IPv4: 63.240.26.31 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=4012 flags=0 offset=0 TTL=54 chksum=33347
ICMP: type=Echo Request code=0
checksum=40607 id=21856 seq=512
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 152) [2002-04-01 20:48:29] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=62356 flags=0 offset=0 TTL=50 chksum=40443
ICMP: type=Echo Request code=0
checksum=53562 id=8901 seq=512
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 153) [2002-04-01 20:48:47] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=62878 flags=0 offset=0 TTL=50 chksum=39921
ICMP: type=Echo Request code=0
checksum=51258 id=12229 seq=0
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
#(18 - 154) [2002-04-01 20:48:48] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=62886 flags=0 offset=0 TTL=50 chksum=39913
ICMP: type=Echo Request code=0
checksum=50746 id=12229 seq=256
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 156) [2002-04-01 20:50:58] UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=38788 flags=0 offset=0 TTL=50 chksum=20612
UDP: port=22305 -> dport: 53 len=52
Payload: length = 44
000 : 97 83 00 00 00 01 00 00 00 00 00 00 03 31 30 39 .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
[toot@sparky /]# host 209.225.53.252
252.53.225.209.in-addr.arpa. is an alias for 252.128-25.53.225.209.in-addr.arpa.
252.128-25.53.225.209.in-addr.arpa. domain name pointer bigip2.east.realmedia.com.
------------------------------------------------------------------------------
#(18 - 157) [2002-04-01 20:50:59] UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=38789 flags=0 offset=0 TTL=50 chksum=20611
UDP: port=22305 -> dport: 53 len=52
Payload: length = 44
000 : 97 84 00 00 00 01 00 00 00 00 00 00 03 31 30 39 .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 158) [2002-04-01 20:51:00] UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=38790 flags=0 offset=0 TTL=50 chksum=20610
UDP: port=22305 -> dport: 53 len=52
Payload: length = 44
000 : 97 85 00 00 00 01 00 00 00 00 00 00 03 31 30 39 .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 159) [2002-04-01 20:51:31] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=23625 flags=0 offset=0 TTL=49 chksum=32829
UDP: port=58217 -> dport: 53 len=52
Payload: length = 44
000 : 5C 48 00 00 00 01 00 00 00 00 00 00 03 31 30 39 \H...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 160) [2002-04-01 20:51:32] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=23626 flags=0 offset=0 TTL=49 chksum=32828
UDP: port=58217 -> dport: 53 len=52
Payload: length = 44
000 : 5C 49 00 00 00 01 00 00 00 00 00 00 03 31 30 39 \I...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 161) [2002-04-01 20:51:33] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=23627 flags=0 offset=0 TTL=49 chksum=32827
UDP: port=58217 -> dport: 53 len=52
Payload: length = 44
000 : 5C 4A 00 00 00 01 00 00 00 00 00 00 03 31 30 39 \J...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
[toot@sparky /]# host 66.35.210.60
60.210.35.66.in-addr.arpa. is an alias for 60.0-26.210.35.66.in-addr.arpa.
60.0-26.210.35.66.in-addr.arpa. domain name pointer bigip2.west.realmedia.com.
------------------------------------------------------------------------------
#(18 - 155) [2002-04-01 20:48:49] ICMP echo request
IPv4: 206.146.143.219 -> 12.82.140.109
hlen=5 TOS=0 dlen=64 ID=62890 flags=0 offset=0 TTL=50 chksum=39909
ICMP: type=Echo Request code=0
checksum=50234 id=12229 seq=512
Payload: length = 36
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 ....
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 162) [2002-04-01 20:55:47] Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=65339 flags=0 offset=0 TTL=125 chksum=49648
TCP: port=3839 -> dport: 80 flags=******S* seq=609726252
ack=0 off=7 res=0 win=16384 urp=0 chksum=9137
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(18 - 163) [2002-04-01 20:55:50] Potential CodeRed/Nimda probe
IPv4: 12.82.151.138 -> 12.82.140.109
hlen=5 TOS=0 dlen=48 ID=77 flags=0 offset=0 TTL=125 chksum=49375
TCP: port=3839 -> dport: 80 flags=******S* seq=609726252
ack=0 off=7 res=0 win=16384 urp=0 chksum=9137
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(18 - 164) [2002-04-01 20:55:52] UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=30734 flags=0 offset=0 TTL=49 chksum=25719
UDP: port=24524 -> dport: 53 len=52
Payload: length = 44
000 : 78 0D 00 00 00 01 00 00 00 00 00 00 03 31 30 39 x............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
[root@sparky /]# host 66.35.210.61
61.210.35.66.in-addr.arpa. is an alias for 61.0-26.210.35.66.in-addr.arpa.
61.0-26.210.35.66.in-addr.arpa. domain name pointer bigip1.west.realmedia.com.
------------------------------------------------------------------------------
#(18 - 165) [2002-04-01 20:55:53] UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=30735 flags=0 offset=0 TTL=49 chksum=25718
UDP: port=24524 -> dport: 53 len=52
Payload: length = 44
000 : 78 0E 00 00 00 01 00 00 00 00 00 00 03 31 30 39 x............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 166) [2002-04-01 20:55:54] UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=30736 flags=0 offset=0 TTL=49 chksum=25717
UDP: port=24524 -> dport: 53 len=52
Payload: length = 44
000 : 78 0F 00 00 00 01 00 00 00 00 00 00 03 31 30 39 x............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 167) [2002-04-01 20:59:51] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=29520 flags=0 offset=0 TTL=49 chksum=26961
UDP: port=60093 -> dport: 53 len=25
Payload: length = 17
000 : 73 4F 00 00 00 01 00 00 00 00 00 00 00 00 01 00 sO..............
010 : 01 .
------------------------------------------------------------------------------
#(18 - 168) [2002-04-01 20:59:52] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=29521 flags=0 offset=0 TTL=49 chksum=26960
UDP: port=60093 -> dport: 53 len=25
Payload: length = 17
000 : 73 50 00 00 00 01 00 00 00 00 00 00 00 00 01 00 sP..............
010 : 01 .
------------------------------------------------------------------------------
#(18 - 169) [2002-04-01 20:59:53] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=29522 flags=0 offset=0 TTL=49 chksum=26959
UDP: port=60093 -> dport: 53 len=25
Payload: length = 17
000 : 73 51 00 00 00 01 00 00 00 00 00 00 00 00 01 00 sQ..............
010 : 01 .
------------------------------------------------------------------------------
#(18 - 170) [2002-04-01 21:00:18] UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=44942 flags=0 offset=0 TTL=50 chksum=14485
UDP: port=24273 -> dport: 53 len=25
Payload: length = 17
000 : AF 8D 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 171) [2002-04-01 21:00:19] UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=44943 flags=0 offset=0 TTL=50 chksum=14484
UDP: port=24273 -> dport: 53 len=25
Payload: length = 17
000 : AF 8E 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 172) [2002-04-01 21:00:20] UDP to 53 domain
IPv4: 209.225.53.252 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=44944 flags=0 offset=0 TTL=50 chksum=14483
UDP: port=24273 -> dport: 53 len=25
Payload: length = 17
000 : AF 8F 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 173) [2002-04-01 21:05:57] UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=36577 flags=0 offset=0 TTL=49 chksum=19903
UDP: port=26411 -> dport: 53 len=25
Payload: length = 17
000 : 8E E0 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 174) [2002-04-01 21:05:58] UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=36578 flags=0 offset=0 TTL=49 chksum=19902
UDP: port=26411 -> dport: 53 len=25
Payload: length = 17
000 : 8E E1 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 175) [2002-04-01 21:05:59] UDP to 53 domain
IPv4: 66.35.210.61 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=36579 flags=0 offset=0 TTL=49 chksum=19901
UDP: port=26411 -> dport: 53 len=25
Payload: length = 17
000 : 8E E2 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 176) [2002-04-01 21:12:47] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=38854 flags=0 offset=0 TTL=49 chksum=17600
UDP: port=63081 -> dport: 53 len=52
Payload: length = 44
000 : 97 C5 00 00 00 01 00 00 00 00 00 00 03 31 30 39 .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 177) [2002-04-01 21:12:48] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=38855 flags=0 offset=0 TTL=49 chksum=17599
UDP: port=63081 -> dport: 53 len=52
Payload: length = 44
000 : 97 C6 00 00 00 01 00 00 00 00 00 00 03 31 30 39 .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 178) [2002-04-01 21:12:49] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=38856 flags=0 offset=0 TTL=49 chksum=17598
UDP: port=63081 -> dport: 53 len=52
Payload: length = 44
000 : 97 C7 00 00 00 01 00 00 00 00 00 00 03 31 30 39 .............109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 179) [2002-04-01 21:15:28] UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=43338 flags=0 offset=0 TTL=51 chksum=15804
UDP: port=36131 -> dport: 53 len=52
Payload: length = 44
000 : A9 49 00 00 00 01 00 00 00 00 00 00 03 31 30 39 .I...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 180) [2002-04-01 21:15:29] UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=43339 flags=0 offset=0 TTL=51 chksum=15803
UDP: port=36131 -> dport: 53 len=52
Payload: length = 44
000 : A9 4A 00 00 00 01 00 00 00 00 00 00 03 31 30 39 .J...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 181) [2002-04-01 21:15:30] UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
hlen=5 TOS=0 dlen=72 ID=43340 flags=0 offset=0 TTL=51 chksum=15802
UDP: port=36131 -> dport: 53 len=52
Payload: length = 44
000 : A9 4B 00 00 00 01 00 00 00 00 00 00 03 31 30 39 .K...........109
010 : 03 31 34 30 02 38 32 02 31 32 07 69 6E 2D 61 64 .140.82.12.in-ad
020 : 64 72 04 61 72 70 61 00 00 0C 00 01 dr.arpa.....
------------------------------------------------------------------------------
#(18 - 182) [2002-04-01 21:23:27] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=45853 flags=0 offset=0 TTL=49 chksum=10628
UDP: port=2346 -> dport: 53 len=25
Payload: length = 17
000 : B3 1C 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 183) [2002-04-01 21:23:28] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=45854 flags=0 offset=0 TTL=49 chksum=10627
UDP: port=2346 -> dport: 53 len=25
Payload: length = 17
000 : B3 1D 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 184) [2002-04-01 21:23:29] UDP to 53 domain
IPv4: 66.35.210.60 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=45855 flags=0 offset=0 TTL=49 chksum=10626
UDP: port=2346 -> dport: 53 len=25
Payload: length = 17
000 : B3 1E 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 185) [2002-04-01 21:33:23] UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=50934 flags=0 offset=0 TTL=51 chksum=8235
UDP: port=38640 -> dport: 53 len=25
Payload: length = 17
000 : C6 F5 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 186) [2002-04-01 21:33:24] UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=50935 flags=0 offset=0 TTL=51 chksum=8234
UDP: port=38640 -> dport: 53 len=25
Payload: length = 17
000 : C6 F6 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
#(18 - 187) [2002-04-01 21:33:25] UDP to 53 domain
IPv4: 209.225.53.254 -> 12.82.140.109
hlen=5 TOS=0 dlen=45 ID=50936 flags=0 offset=0 TTL=51 chksum=8233
UDP: port=38640 -> dport: 53 len=25
Payload: length = 17
000 : C6 F7 00 00 00 01 00 00 00 00 00 00 00 00 01 00 ................
010 : 01 .
------------------------------------------------------------------------------
jsage@finchhaven.com
Last modified: Thu Apr 4 18:49:05 2002