[**] [1:583:1] RPC portmap request rstatd [**] [Classification: Attempted Information Leak] [Priority: 3] 09/15-22:06:06.819252 210.114.220.46:653 -> 192.168.1.102:111 UDP TTL:47 TOS:0x0 ID:41887 IpLen:20 DgmLen:84 Len: 64 [Xref => http://www.whitehats.com/info/IDS10] [**] [1:1282:1] RPC EXPLOIT statdx [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/15-22:06:07.719989 210.114.220.46:654 -> 192.168.1.102:919 UDP TTL:47 TOS:0x0 ID:41890 IpLen:20 DgmLen:1104 Len: 1084 [Xref => http://www.whitehats.com/info/IDS442] [**] [1:615:1] SCAN Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 3] 09/16-15:24:25.575901 206.75.218.84:1027 -> 192.168.1.102:1080 TCP TTL:49 TOS:0x0 ID:17856 IpLen:20 DgmLen:44 DF ******S* Seq: 0x25A8DC2A Ack: 0x0 Win: 0x4000 TcpLen: 24 TCP Options (1) => MSS: 1460 [**] [1:718:1] TELNET login incorrect [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:53:07.197495 192.168.1.102:23 -> 217.156.93.166:61200 TCP TTL:64 TOS:0x0 ID:1606 IpLen:20 DgmLen:59 DF ***AP*** Seq: 0xE2057847 Ack: 0x24C3328 Win: 0x7D78 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS127] [**] [1:718:1] TELNET login incorrect [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:53:15.006933 192.168.1.102:23 -> 217.156.93.166:61200 TCP TTL:64 TOS:0x0 ID:1623 IpLen:20 DgmLen:59 DF ***AP*** Seq: 0xE2057875 Ack: 0x24C3337 Win: 0x7D78 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS127] [**] [1:338:1] FTP EXPLOIT format string [**] [Classification: Attempted User Privilege Gain] [Priority: 8] 09/16-18:55:52.235847 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16648 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0xCF7869CC Ack: 0xEBCD7EC0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391678 29673183 [Xref => http://www.whitehats.com/info/IDS453] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:52.552709 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16651 IpLen:20 DgmLen:468 DF ***AP*** Seq: 0xCF7869E4 Ack: 0xEBCD7EFE Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391708 29673193 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:52.697088 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16656 IpLen:20 DgmLen:471 DF ***AP*** Seq: 0xCF786B84 Ack: 0xEBCD8152 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391723 29673202 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:52.836060 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16660 IpLen:20 DgmLen:474 DF ***AP*** Seq: 0xCF786D27 Ack: 0xEBCD83AA Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391737 29673216 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:52.976743 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16664 IpLen:20 DgmLen:477 DF ***AP*** Seq: 0xCF786ECD Ack: 0xEBCD8606 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391751 29673229 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:53.117404 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16668 IpLen:20 DgmLen:480 DF ***AP*** Seq: 0xCF787076 Ack: 0xEBCD8866 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391765 29673243 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:53.256120 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16672 IpLen:20 DgmLen:483 DF ***AP*** Seq: 0xCF787222 Ack: 0xEBCD8ACA Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391779 29673255 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:53.397788 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16676 IpLen:20 DgmLen:486 DF ***AP*** Seq: 0xCF7873D1 Ack: 0xEBCD8D33 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391793 29673268 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:53.538226 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16680 IpLen:20 DgmLen:489 DF ***AP*** Seq: 0xCF787583 Ack: 0xEBCD8FA0 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391807 29673282 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:53.677437 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16684 IpLen:20 DgmLen:492 DF ***AP*** Seq: 0xCF787738 Ack: 0xEBCD9211 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391821 29673294 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:53.827724 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16688 IpLen:20 DgmLen:495 DF ***AP*** Seq: 0xCF7878F0 Ack: 0xEBCD9565 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391836 29673308 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:53.992024 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16692 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF787AAB Ack: 0xEBCD9971 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391852 29673322 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:54.156831 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16695 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF787CAA Ack: 0xEBCD9DFA Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391869 29673337 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:54.325837 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16698 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF787EA9 Ack: 0xEBCDA283 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391886 29673352 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:54.516028 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16702 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7880A8 Ack: 0xEBCDA70C Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391905 29673370 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:54.686762 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16706 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7882A7 Ack: 0xEBCDAB95 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391922 29673385 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:54.877698 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16710 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7884A6 Ack: 0xEBCDB01E Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391941 29673401 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:55.045227 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16714 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7886A5 Ack: 0xEBCDB4A7 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391958 29673416 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:55.216692 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16718 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7888A4 Ack: 0xEBCDB930 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391975 29673431 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:55.386438 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16722 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF788AA3 Ack: 0xEBCDBDB9 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391992 29673447 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:55.587709 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16726 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF788CA2 Ack: 0xEBCDC243 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392012 29673466 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:55.754999 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16730 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF788EA1 Ack: 0xEBCDC6CC Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392029 29673483 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:55.964651 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16734 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7890A0 Ack: 0xEBCDCB55 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392050 29673497 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:56.125764 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16738 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78929F Ack: 0xEBCDCFE2 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392066 29673510 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:56.315714 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16741 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78949E Ack: 0xEBCDD46B Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392085 29673528 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:56.485183 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16745 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78969D Ack: 0xEBCDD8F6 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392102 29673543 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:56.675160 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16749 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78989C Ack: 0xEBCDDDBE Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392121 29673560 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:56.845403 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16753 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF789A9B Ack: 0xEBCDE247 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392138 29673577 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:57.016369 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16757 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF789C9A Ack: 0xEBCDE6D0 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392155 29673594 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:57.185365 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16761 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF789E99 Ack: 0xEBCDEB59 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392172 29673610 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:57.356579 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16764 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78A098 Ack: 0xEBCDEFE2 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392189 29673626 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:57.525569 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16767 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78A297 Ack: 0xEBCDF46B Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392206 29673640 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:57.697573 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16771 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78A496 Ack: 0xEBCDF8F4 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392223 29673656 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:57.885306 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16774 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78A695 Ack: 0xEBCDFDB2 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392242 29673673 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:346:1] FTP EXPLOIT wu-ftpd 2.6.0 site exec overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:58.054295 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16777 IpLen:20 DgmLen:489 DF ***AP*** Seq: 0xCF78A894 Ack: 0xEBCE0281 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392259 29673688 [Xref => http://www.whitehats.com/info/IDS286] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:58.209849 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16780 IpLen:20 DgmLen:520 DF ***AP*** Seq: 0xCF78AA49 Ack: 0xEBCE067C Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392274 29673702 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:361:2] FTP site exec [**] [Classification: Potentially Bad Traffic] [Priority: 2] 09/16-18:55:58.372588 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16783 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78AC1D Ack: 0xEBCE0AD8 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392290 29673715 [Xref => http://www.securityfocus.com/bid/2241] [Xref => http://www.whitehats.com/info/IDS317] [**] [1:344:1] FTP EXPLOIT wu-ftpd 2.6.0 linux overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/16-18:55:59.485710 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16786 IpLen:20 DgmLen:201 DF ***AP*** Seq: 0xCF78AE1C Ack: 0xEBCE0EB9 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392403 29673724 [Xref => http://www.whitehats.com/info/IDS287] [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 207.35.251.172 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 10/05-09:35:46.501474 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 529 connections across 1 hosts: TCP(529), UDP(0) [**] 10/05-09:35:46.531781 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 697 connections across 1 hosts: TCP(697), UDP(0) [**] 10/05-09:35:46.576687 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 479 connections across 1 hosts: TCP(479), UDP(0) [**] 10/05-09:35:46.607277 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 706 connections across 1 hosts: TCP(706), UDP(0) [**] 10/05-09:35:46.651878 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 564 connections across 1 hosts: TCP(564), UDP(0) [**] 10/05-09:35:46.687851 [**] [1:620:1] SCAN Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 3] 09/16-19:45:11.319691 207.35.251.172:1985 -> 192.168.1.102:8080 TCP TTL:48 TOS:0x0 ID:21439 IpLen:20 DgmLen:60 DF ******S* Seq: 0x8A58309C Ack: 0x0 Win: 0x7D78 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 237687595 0 NOP WS: 0 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 628 connections across 1 hosts: TCP(628), UDP(0) [**] 10/05-09:35:46.727730 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 714 connections across 1 hosts: TCP(714), UDP(0) [**] 10/05-09:35:46.773605 [**] [1:615:1] SCAN Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 3] 09/16-19:45:18.153685 207.35.251.172:3213 -> 192.168.1.102:1080 TCP TTL:48 TOS:0x0 ID:22673 IpLen:20 DgmLen:60 DF ******S* Seq: 0x8B6F8174 Ack: 0x0 Win: 0x7D78 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 237688279 0 NOP WS: 0 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 543 connections across 1 hosts: TCP(543), UDP(0) [**] 10/05-09:35:46.809510 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 644 connections across 1 hosts: TCP(644), UDP(0) [**] 10/05-09:35:46.850181 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 705 connections across 1 hosts: TCP(705), UDP(0) [**] 10/05-09:35:46.894626 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 552 connections across 1 hosts: TCP(552), UDP(0) [**] 10/05-09:35:46.937440 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 291 connections across 1 hosts: TCP(291), UDP(0) [**] 10/05-09:35:46.957636 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 300 connections across 1 hosts: TCP(300), UDP(0) [**] 10/05-09:35:46.977697 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 354 connections across 1 hosts: TCP(354), UDP(0) [**] 10/05-09:35:47.001891 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 378 connections across 1 hosts: TCP(378), UDP(0) [**] 10/05-09:35:47.027852 [**] [1:618:1] INFO - Possible Squid Scan [**] [Classification: Attempted Information Leak] [Priority: 3] 09/16-19:45:50.243447 207.35.251.172:3287 -> 192.168.1.102:3128 TCP TTL:48 TOS:0x0 ID:26737 IpLen:20 DgmLen:60 DF ******S* Seq: 0x8D14B4C8 Ack: 0x0 Win: 0x7D78 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 237691489 0 NOP WS: 0 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 330 connections across 1 hosts: TCP(330), UDP(0) [**] 10/05-09:35:47.051549 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 387 connections across 1 hosts: TCP(387), UDP(0) [**] 10/05-09:35:47.077228 [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 718 connections across 1 hosts: TCP(718), UDP(0) [**] 10/05-09:35:47.123486 [**] [1:160:1] BACKDOOR NetMetro Incoming Traffic [**] 09/16-19:46:00.474897 192.168.1.102:5031 -> 207.35.251.172:4821 TCP TTL:255 TOS:0x0 ID:12192 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x8DFC1E68 Win: 0x0 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS79] [**] [100:2:1] spp_portscan: portscan status from 207.35.251.172: 553 connections across 1 hosts: TCP(553), UDP(0) [**] 10/05-09:35:47.160756 [**] [100:3:1] spp_portscan: End of portscan from 207.35.251.172: TOTAL time(75s) hosts(1) TCP(10072) UDP(0) [**] 10/05-09:35:47.169166