[**] RPC portmap request rstatd [**] 09/16-11:06:06.819252 210.114.220.46:653 -> 192.168.1.102:111 UDP TTL:47 TOS:0x0 ID:41887 IpLen:20 DgmLen:84 Len: 64 [**] RPC portmap request rstatd [**] 09/16-11:06:06.819252 210.114.220.46:653 -> 192.168.1.102:111 UDP TTL:47 TOS:0x0 ID:41887 IpLen:20 DgmLen:84 Len: 64 [**] RPC portmap request rstatd [**] 09/16-11:06:06.819252 210.114.220.46:653 -> 192.168.1.102:111 UDP TTL:47 TOS:0x0 ID:41887 IpLen:20 DgmLen:84 Len: 64 [**] RPC portmap request rstatd [**] 09/16-11:06:06.819252 210.114.220.46:653 -> 192.168.1.102:111 UDP TTL:47 TOS:0x0 ID:41887 IpLen:20 DgmLen:84 Len: 64 [**] EXPLOIT x86 NOPS [**] 09/16-11:06:07.719989 210.114.220.46:654 -> 192.168.1.102:919 UDP TTL:47 TOS:0x0 ID:41890 IpLen:20 DgmLen:1104 Len: 1084 [**] ICMP Destination Unreachable [**] 09/16-15:34:42.927841 192.168.1.102 -> 138.86.152.104 ICMP TTL:255 TOS:0xC0 ID:1519 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 138.86.152.104:137 -> 192.168.1.102:137 UDP TTL:105 TOS:0x0 ID:60142 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/16-15:34:44.422077 192.168.1.102 -> 138.86.152.104 ICMP TTL:255 TOS:0xC0 ID:1520 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 138.86.152.104:137 -> 192.168.1.102:137 UDP TTL:105 TOS:0x0 ID:14831 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/16-15:34:45.921908 192.168.1.102 -> 138.86.152.104 ICMP TTL:255 TOS:0xC0 ID:1521 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 138.86.152.104:137 -> 192.168.1.102:137 UDP TTL:105 TOS:0x0 ID:33007 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:58:16.660203 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1528 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:23939 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:58:17.554771 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1529 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:23952 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:58:19.631870 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1530 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:23973 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:58:23.694260 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1531 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:23999 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:58:31.881869 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1532 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:24057 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:58:43.563086 192.168.1.102 -> 207.50.37.225 ICMP TTL:255 TOS:0xC0 ID:1533 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 207.50.37.225:1041 -> 192.168.1.102:137 UDP TTL:109 TOS:0x0 ID:32005 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:58:47.211051 192.168.1.102 -> 207.50.37.225 ICMP TTL:255 TOS:0xC0 ID:1534 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 207.50.37.225:1041 -> 192.168.1.102:137 UDP TTL:109 TOS:0x0 ID:43269 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:58:48.204289 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1535 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:24164 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:59:01.515410 192.168.1.102 -> 207.50.37.225 ICMP TTL:255 TOS:0xC0 ID:1536 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 207.50.37.225:1041 -> 192.168.1.102:137 UDP TTL:109 TOS:0x0 ID:518 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:59:20.828239 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1537 IpLen:20 DgmLen:112 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:24435 IpLen:20 DgmLen:84 Len: 64 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:59:24.840916 192.168.1.102 -> 207.50.37.225 ICMP TTL:255 TOS:0xC0 ID:1538 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 207.50.37.225:1041 -> 192.168.1.102:137 UDP TTL:109 TOS:0x0 ID:30214 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-01:59:59.263139 192.168.1.102 -> 207.50.37.225 ICMP TTL:255 TOS:0xC0 ID:1539 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 207.50.37.225:1041 -> 192.168.1.102:137 UDP TTL:109 TOS:0x0 ID:19975 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:16:56.968220 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1540 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:32297 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:16:57.990212 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1541 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:32305 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:17:00.036561 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1542 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:32321 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:17:04.112317 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1543 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:32352 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:17:12.257585 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1544 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:32400 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:17:28.499678 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1545 IpLen:20 DgmLen:576 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:32491 IpLen:20 DgmLen:740 Len: 720 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:17:29.701544 192.168.1.102 -> 63.168.30.92 ICMP TTL:255 TOS:0xC0 ID:1546 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 63.168.30.92:1144 -> 192.168.1.102:137 UDP TTL:54 TOS:0x0 ID:27998 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:17:33.172757 192.168.1.102 -> 63.168.30.92 ICMP TTL:255 TOS:0xC0 ID:1547 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 63.168.30.92:1144 -> 192.168.1.102:137 UDP TTL:54 TOS:0x0 ID:61534 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:17:47.119371 192.168.1.102 -> 63.168.30.92 ICMP TTL:255 TOS:0xC0 ID:1548 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 63.168.30.92:1144 -> 192.168.1.102:137 UDP TTL:54 TOS:0x0 ID:58208 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:18:01.098426 192.168.1.102 -> 24.17.45.29 ICMP TTL:255 TOS:0xC0 ID:1549 IpLen:20 DgmLen:112 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 24.17.45.29:500 -> 192.168.1.102:500 UDP TTL:115 TOS:0x0 ID:32787 IpLen:20 DgmLen:84 Len: 64 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:18:12.769996 192.168.1.102 -> 63.168.30.92 ICMP TTL:255 TOS:0xC0 ID:1550 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 63.168.30.92:1144 -> 192.168.1.102:137 UDP TTL:54 TOS:0x0 ID:10083 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] ICMP Destination Unreachable [**] 09/17-02:18:46.906607 192.168.1.102 -> 63.168.30.92 ICMP TTL:255 TOS:0xC0 ID:1551 IpLen:20 DgmLen:106 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 63.168.30.92:1144 -> 192.168.1.102:137 UDP TTL:54 TOS:0x0 ID:23910 IpLen:20 DgmLen:78 Len: 58 ** END OF DUMP [**] SCAN Proxy attempt [**] 09/17-04:24:25.575901 206.75.218.84:1027 -> 192.168.1.102:1080 TCP TTL:49 TOS:0x0 ID:17856 IpLen:20 DgmLen:44 DF ******S* Seq: 0x25A8DC2A Ack: 0x0 Win: 0x4000 TcpLen: 24 TCP Options (1) => MSS: 1460 [**] TELNET login incorrect [**] 09/17-07:53:07.197495 192.168.1.102:23 -> 217.156.93.166:61200 TCP TTL:64 TOS:0x0 ID:1606 IpLen:20 DgmLen:59 DF ***AP*** Seq: 0xE2057847 Ack: 0x24C3328 Win: 0x7D78 TcpLen: 20 [**] TELNET login incorrect [**] 09/17-07:53:15.006933 192.168.1.102:23 -> 217.156.93.166:61200 TCP TTL:64 TOS:0x0 ID:1623 IpLen:20 DgmLen:59 DF ***AP*** Seq: 0xE2057875 Ack: 0x24C3337 Win: 0x7D78 TcpLen: 20 [**] FTP EXPLOIT format string [**] 09/17-07:55:52.235847 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16648 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0xCF7869CC Ack: 0xEBCD7EC0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391678 29673183 [**] FTP site exec [**] 09/17-07:55:52.552709 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16651 IpLen:20 DgmLen:468 DF ***AP*** Seq: 0xCF7869E4 Ack: 0xEBCD7EFE Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391708 29673193 [**] FTP site exec [**] 09/17-07:55:52.697088 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16656 IpLen:20 DgmLen:471 DF ***AP*** Seq: 0xCF786B84 Ack: 0xEBCD8152 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391723 29673202 [**] FTP site exec [**] 09/17-07:55:52.836060 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16660 IpLen:20 DgmLen:474 DF ***AP*** Seq: 0xCF786D27 Ack: 0xEBCD83AA Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391737 29673216 [**] FTP site exec [**] 09/17-07:55:52.976743 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16664 IpLen:20 DgmLen:477 DF ***AP*** Seq: 0xCF786ECD Ack: 0xEBCD8606 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391751 29673229 [**] FTP site exec [**] 09/17-07:55:53.117404 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16668 IpLen:20 DgmLen:480 DF ***AP*** Seq: 0xCF787076 Ack: 0xEBCD8866 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391765 29673243 [**] FTP site exec [**] 09/17-07:55:53.256120 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16672 IpLen:20 DgmLen:483 DF ***AP*** Seq: 0xCF787222 Ack: 0xEBCD8ACA Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391779 29673255 [**] FTP site exec [**] 09/17-07:55:53.397788 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16676 IpLen:20 DgmLen:486 DF ***AP*** Seq: 0xCF7873D1 Ack: 0xEBCD8D33 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391793 29673268 [**] FTP site exec [**] 09/17-07:55:53.538226 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16680 IpLen:20 DgmLen:489 DF ***AP*** Seq: 0xCF787583 Ack: 0xEBCD8FA0 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391807 29673282 [**] FTP site exec [**] 09/17-07:55:53.677437 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16684 IpLen:20 DgmLen:492 DF ***AP*** Seq: 0xCF787738 Ack: 0xEBCD9211 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391821 29673294 [**] FTP site exec [**] 09/17-07:55:53.827724 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16688 IpLen:20 DgmLen:495 DF ***AP*** Seq: 0xCF7878F0 Ack: 0xEBCD9565 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391836 29673308 [**] FTP site exec [**] 09/17-07:55:53.992024 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16692 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF787AAB Ack: 0xEBCD9971 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391852 29673322 [**] FTP site exec [**] 09/17-07:55:54.156831 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16695 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF787CAA Ack: 0xEBCD9DFA Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391869 29673337 [**] FTP site exec [**] 09/17-07:55:54.325837 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16698 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF787EA9 Ack: 0xEBCDA283 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391886 29673352 [**] FTP site exec [**] 09/17-07:55:54.516028 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16702 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7880A8 Ack: 0xEBCDA70C Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391905 29673370 [**] FTP site exec [**] 09/17-07:55:54.686762 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16706 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7882A7 Ack: 0xEBCDAB95 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391922 29673385 [**] FTP site exec [**] 09/17-07:55:54.877698 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16710 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7884A6 Ack: 0xEBCDB01E Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391941 29673401 [**] FTP site exec [**] 09/17-07:55:55.045227 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16714 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7886A5 Ack: 0xEBCDB4A7 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391958 29673416 [**] FTP site exec [**] 09/17-07:55:55.216692 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16718 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7888A4 Ack: 0xEBCDB930 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391975 29673431 [**] FTP site exec [**] 09/17-07:55:55.386438 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16722 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF788AA3 Ack: 0xEBCDBDB9 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237391992 29673447 [**] FTP site exec [**] 09/17-07:55:55.587709 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16726 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF788CA2 Ack: 0xEBCDC243 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392012 29673466 [**] FTP site exec [**] 09/17-07:55:55.754999 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16730 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF788EA1 Ack: 0xEBCDC6CC Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392029 29673483 [**] FTP site exec [**] 09/17-07:55:55.964651 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16734 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF7890A0 Ack: 0xEBCDCB55 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392050 29673497 [**] FTP site exec [**] 09/17-07:55:56.125764 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16738 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78929F Ack: 0xEBCDCFE2 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392066 29673510 [**] FTP site exec [**] 09/17-07:55:56.315714 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16741 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78949E Ack: 0xEBCDD46B Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392085 29673528 [**] FTP site exec [**] 09/17-07:55:56.485183 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16745 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78969D Ack: 0xEBCDD8F6 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392102 29673543 [**] FTP site exec [**] 09/17-07:55:56.675160 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16749 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78989C Ack: 0xEBCDDDBE Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392121 29673560 [**] FTP site exec [**] 09/17-07:55:56.845403 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16753 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF789A9B Ack: 0xEBCDE247 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392138 29673577 [**] FTP site exec [**] 09/17-07:55:57.016369 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16757 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF789C9A Ack: 0xEBCDE6D0 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392155 29673594 [**] FTP site exec [**] 09/17-07:55:57.185365 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16761 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF789E99 Ack: 0xEBCDEB59 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392172 29673610 [**] FTP site exec [**] 09/17-07:55:57.356579 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16764 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78A098 Ack: 0xEBCDEFE2 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392189 29673626 [**] FTP site exec [**] 09/17-07:55:57.525569 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16767 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78A297 Ack: 0xEBCDF46B Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392206 29673640 [**] FTP site exec [**] 09/17-07:55:57.697573 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16771 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78A496 Ack: 0xEBCDF8F4 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392223 29673656 [**] FTP site exec [**] 09/17-07:55:57.885306 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16774 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78A695 Ack: 0xEBCDFDB2 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392242 29673673 [**] FTP site exec [**] 09/17-07:55:58.054295 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16777 IpLen:20 DgmLen:489 DF ***AP*** Seq: 0xCF78A894 Ack: 0xEBCE0281 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392259 29673688 [**] FTP site exec [**] 09/17-07:55:58.209849 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16780 IpLen:20 DgmLen:520 DF ***AP*** Seq: 0xCF78AA49 Ack: 0xEBCE067C Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392274 29673702 [**] FTP site exec [**] 09/17-07:55:58.372588 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16783 IpLen:20 DgmLen:563 DF ***AP*** Seq: 0xCF78AC1D Ack: 0xEBCE0AD8 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392290 29673715 [**] FTP EXPLOIT wu-ftpd 2.6.0 tf8 [**] 09/17-07:55:59.485710 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:16786 IpLen:20 DgmLen:201 DF ***AP*** Seq: 0xCF78AE1C Ack: 0xEBCE0EB9 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237392403 29673724 [**] FTP passwd attempt [**] 09/17-08:12:54.474110 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:17445 IpLen:20 DgmLen:70 DF ***AP*** Seq: 0xCF78AF7C Ack: 0xEBCEB311 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237493896 29711804 [**] FTP passwd attempt [**] 09/17-08:22:12.209385 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:17463 IpLen:20 DgmLen:97 DF ***AP*** Seq: 0xCF78AFBA Ack: 0xEBCEB365 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237549681 29812031 [**] FTP passwd attempt [**] 09/17-08:22:12.274420 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:17466 IpLen:20 DgmLen:176 DF ***AP*** Seq: 0xCF78AFE7 Ack: 0xEBCEB365 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237549687 29812046 [**] FTP passwd attempt [**] 09/17-08:22:12.492582 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:17470 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0xCF78B096 Ack: 0xEBCEB365 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237549709 29812066 [**] FTP passwd attempt [**] 09/17-08:26:11.338121 207.35.251.172:2243 -> 192.168.1.102:21 TCP TTL:48 TOS:0x0 ID:17614 IpLen:20 DgmLen:64 DF ***AP*** Seq: 0xCF78B13F Ack: 0xEBCED9EA Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 237573594 29820860 [**] spp_portscan: PORTSCAN DETECTED from 207.35.251.172 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 10/10-00:27:54.158000 [**] spp_portscan: portscan status from 207.35.251.172: 529 connections across 1 hosts: TCP(529), UDP(0) [**] 10/10-00:27:55.920000 [**] spp_portscan: portscan status from 207.35.251.172: 697 connections across 1 hosts: TCP(697), UDP(0) [**] 10/10-00:27:58.013000 [**] spp_portscan: portscan status from 207.35.251.172: 479 connections across 1 hosts: TCP(479), UDP(0) [**] 10/10-00:27:59.335000 [**] spp_portscan: portscan status from 207.35.251.172: 706 connections across 1 hosts: TCP(706), UDP(0) [**] 10/10-00:28:01.218000 [**] spp_portscan: portscan status from 207.35.251.172: 564 connections across 1 hosts: TCP(564), UDP(0) [**] 10/10-00:28:02.730000 [**] spp_portscan: portscan status from 207.35.251.172: 628 connections across 1 hosts: TCP(628), UDP(0) [**] 10/10-00:28:04.382000 [**] spp_portscan: portscan status from 207.35.251.172: 714 connections across 1 hosts: TCP(714), UDP(0) [**] 10/10-00:28:06.225000 [**] SCAN Proxy attempt [**] 09/17-08:45:18.153685 207.35.251.172:3213 -> 192.168.1.102:1080 TCP TTL:48 TOS:0x0 ID:22673 IpLen:20 DgmLen:60 DF ******S* Seq: 0x8B6F8174 Ack: 0x0 Win: 0x7D78 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 237688279 0 NOP WS: 0 [**] spp_portscan: portscan status from 207.35.251.172: 543 connections across 1 hosts: TCP(543), UDP(0) [**] 10/10-00:28:07.727000 [**] spp_portscan: portscan status from 207.35.251.172: 644 connections across 1 hosts: TCP(644), UDP(0) [**] 10/10-00:28:09.580000 [**] spp_portscan: portscan status from 207.35.251.172: 705 connections across 1 hosts: TCP(705), UDP(0) [**] 10/10-00:28:13.245000 [**] spp_portscan: portscan status from 207.35.251.172: 552 connections across 1 hosts: TCP(552), UDP(0) [**] 10/10-00:28:15.068000 [**] spp_portscan: portscan status from 207.35.251.172: 291 connections across 1 hosts: TCP(291), UDP(0) [**] 10/10-00:28:16.119000 [**] spp_portscan: portscan status from 207.35.251.172: 300 connections across 1 hosts: TCP(300), UDP(0) [**] 10/10-00:28:16.990000 [**] spp_portscan: portscan status from 207.35.251.172: 354 connections across 1 hosts: TCP(354), UDP(0) [**] 10/10-00:28:18.042000 [**] spp_portscan: portscan status from 207.35.251.172: 378 connections across 1 hosts: TCP(378), UDP(0) [**] 10/10-00:28:19.204000 [**] INFO - Possible Squid Scan [**] 09/17-08:45:50.243447 207.35.251.172:3287 -> 192.168.1.102:3128 TCP TTL:48 TOS:0x0 ID:26737 IpLen:20 DgmLen:60 DF ******S* Seq: 0x8D14B4C8 Ack: 0x0 Win: 0x7D78 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 237691489 0 NOP WS: 0 [**] spp_portscan: portscan status from 207.35.251.172: 330 connections across 1 hosts: TCP(330), UDP(0) [**] 10/10-00:28:20.225000 [**] spp_portscan: portscan status from 207.35.251.172: 387 connections across 1 hosts: TCP(387), UDP(0) [**] 10/10-00:28:21.357000 [**] spp_portscan: portscan status from 207.35.251.172: 718 connections across 1 hosts: TCP(718), UDP(0) [**] 10/10-00:28:23.309000 [**] spp_portscan: portscan status from 207.35.251.172: 553 connections across 1 hosts: TCP(553), UDP(0) [**] 10/10-00:28:25.152000 [**] spp_portscan: End of portscan from 207.35.251.172: TOTAL time(75s) hosts(1) TCP(10072) UDP(0) [**] 10/10-00:28:25.563000