Source IP address
=================
64.4.49.71 - (email was sent over the network from victim to this
	 address which containing password and some systems files from 9/17,
	 8:47:47 - 8:47:48)  

24.248.173.56 - nothing
206.75.218.84 - nothing special
192.168.1.102 - victim
138.86.152.104 - UDP and ICMP check, but nothing special
63.168.30.92 - similar to the above
207.245.82.221 - connect to port 80, seems like port scanning
208.179.195.130 - dns check
128.175.106.247 - try to connect to the port 65281 of the victim by entering 't'
207.50.37.225 - UDP and ICMP check, but nothing special

207.35.251.172 - hacker, all trace of hacking found from 9/17, 7:55:45
           - 8:56:15. Port scanning starts from 8:44:48) 

193.231.236.42 - (ftp server, starts transferring file to victim at
            9/17, 8:41:34 - 8:43:05, hacking code through this
            channel, Zer0.tar.gz, copy.tar.gz, ooty.tar.gz) 

217.156.93.166 - (telnet to the victim at 9/17, 7:52:51. later
           successfully logon as nobody at 8:13:33. It leaves at
           9:11:25, it is used as the access terminal. Backdoor
           started to be used on 8:47:17)

24.17.45.29 - UDP and ICMP
210.114.220.46 - can be ignored
66.51.200.115 - nothing