psad XMAS Scan Alert
=-=-=-=-=-=-=-=-=-=-=-= Mon Mar 13 13:26:28 2006 =-=-=-=-=-=-=-=-=-=-=-=
Danger level: [4] (out of 5)
Scanned tcp ports: [1-43188: 282 packets]
tcp flags: [URG PSH FIN: 282 packets, Nmap: -sX]
Iptables chain: INPUT (prefix "DROP"), 282 packets
Source: 192.168.10.3
DNS: [No reverse dns info available]
Destination: 192.168.10.1
DNS: [No reverse dns info available]
Syslog hostname: minastirith
Current interval: Mon Mar 13 13:26:23 2006 (start)
Mon Mar 13 13:26:28 2006 (end)
Overall scan start: Mon Mar 13 13:25:51 2006
Total email alerts: 8
Complete tcp range: [1-65301]
chain: interface: tcp: udp: icmp:
INPUT eth1 3316 0 0
[+] tcp scan signatures:
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=892 flags=[URG PSH FIN] No local server on tcp/892
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=8009 flags=[URG PSH FIN] No local server on tcp/8009
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=90 flags=[URG PSH FIN] No local server on tcp/90
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=118 flags=[URG PSH FIN] No local server on tcp/118
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=620 flags=[URG PSH FIN] No local server on tcp/620
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=13710 flags=[URG PSH FIN] No local server on tcp/13710
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=5301 flags=[URG PSH FIN] No local server on tcp/5301
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1434 flags=[URG PSH FIN] No local server on tcp/1434
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=891 flags=[URG PSH FIN] No local server on tcp/891
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=785 flags=[URG PSH FIN] No local server on tcp/785
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1393 flags=[URG PSH FIN] No local server on tcp/1393
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=667 flags=[URG PSH FIN] No local server on tcp/667
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=1 dp=84 flags=[URG PSH FIN] No local server on tcp/84
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=190 flags=[URG PSH FIN] No local server on tcp/190
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=6141 flags=[URG PSH FIN] No local server on tcp/6141
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=194 flags=[URG PSH FIN] No local server on tcp/194
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=57 flags=[URG PSH FIN] No local server on tcp/57
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=2008 flags=[URG PSH FIN] No local server on tcp/2008
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=5555 flags=[URG PSH FIN] No local server on tcp/5555
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=2108 flags=[URG PSH FIN] No local server on tcp/2108
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=7004 flags=[URG PSH FIN] No local server on tcp/7004
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1364 flags=[URG PSH FIN] No local server on tcp/1364
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=633 flags=[URG PSH FIN] No local server on tcp/633
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=846 flags=[URG PSH FIN] No local server on tcp/846
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1363 flags=[URG PSH FIN] No local server on tcp/1363
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=611 flags=[URG PSH FIN] No local server on tcp/611
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=988 flags=[URG PSH FIN] No local server on tcp/988
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=27002 flags=[URG PSH FIN] No local server on tcp/27002
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1019 flags=[URG PSH FIN] No local server on tcp/1019
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=769 flags=[URG PSH FIN] No local server on tcp/769
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=292 flags=[URG PSH FIN] No local server on tcp/292
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1665 flags=[URG PSH FIN] No local server on tcp/1665
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1549 flags=[URG PSH FIN] No local server on tcp/1549
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=3689 flags=[URG PSH FIN] No local server on tcp/3689
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=26208 flags=[URG PSH FIN] No local server on tcp/26208
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=3984 flags=[URG PSH FIN] No local server on tcp/3984
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1067 flags=[URG PSH FIN] No local server on tcp/1067
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=792 flags=[URG PSH FIN] No local server on tcp/792
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=284 flags=[URG PSH FIN] No local server on tcp/284
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=9535 flags=[URG PSH FIN] No local server on tcp/9535
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=489 flags=[URG PSH FIN] No local server on tcp/489
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=6003 flags=[URG PSH FIN] No local server on tcp/6003
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=548 flags=[URG PSH FIN] No local server on tcp/548
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1516 flags=[URG PSH FIN] No local server on tcp/1516
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=361 flags=[URG PSH FIN] No local server on tcp/361
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=531 flags=[URG PSH FIN] No local server on tcp/531
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=135 flags=[URG PSH FIN] No local server on tcp/135
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=819 flags=[URG PSH FIN] No local server on tcp/819
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=348 flags=[URG PSH FIN] No local server on tcp/348
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=345 flags=[URG PSH FIN] No local server on tcp/345
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=4045 flags=[URG PSH FIN] No local server on tcp/4045
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=993 flags=[URG PSH FIN] No local server on tcp/993
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1493 flags=[URG PSH FIN] No local server on tcp/1493
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1359 flags=[URG PSH FIN] No local server on tcp/1359
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=314 flags=[URG PSH FIN] No local server on tcp/314
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1438 flags=[URG PSH FIN] No local server on tcp/1438
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1505 flags=[URG PSH FIN] No local server on tcp/1505
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1513 flags=[URG PSH FIN] No local server on tcp/1513
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1006 flags=[URG PSH FIN] No local server on tcp/1006
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=553 flags=[URG PSH FIN] No local server on tcp/553
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=5000 flags=[URG PSH FIN] No local server on tcp/5000
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1533 flags=[URG PSH FIN] No local server on tcp/1533
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=3064 flags=[URG PSH FIN] No local server on tcp/3064
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=569 flags=[URG PSH FIN] No local server on tcp/569
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1662 flags=[URG PSH FIN] No local server on tcp/1662
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1487 flags=[URG PSH FIN] No local server on tcp/1487
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=810 flags=[URG PSH FIN] No local server on tcp/810
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=574 flags=[URG PSH FIN] No local server on tcp/574
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=538 flags=[URG PSH FIN] No local server on tcp/538
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=621 flags=[URG PSH FIN] No local server on tcp/621
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=778 flags=[URG PSH FIN] No local server on tcp/778
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=743 flags=[URG PSH FIN] No local server on tcp/743
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=680 flags=[URG PSH FIN] No local server on tcp/680
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=7 flags=[URG PSH FIN] No local server on tcp/7
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=162 flags=[URG PSH FIN] No local server on tcp/162
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=806 flags=[URG PSH FIN] No local server on tcp/806
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=963 flags=[URG PSH FIN] No local server on tcp/963
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1666 flags=[URG PSH FIN] No local server on tcp/1666
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1755 flags=[URG PSH FIN] No local server on tcp/1755
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=230 flags=[URG PSH FIN] No local server on tcp/230
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=447 flags=[URG PSH FIN] No local server on tcp/447
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1489 flags=[URG PSH FIN] No local server on tcp/1489
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=536 flags=[URG PSH FIN] No local server on tcp/536
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=871 flags=[URG PSH FIN] No local server on tcp/871
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1032 flags=[URG PSH FIN] No local server on tcp/1032
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1477 flags=[URG PSH FIN] No local server on tcp/1477
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1394 flags=[URG PSH FIN] No local server on tcp/1394
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=1 dp=2241 flags=[URG PSH FIN] No local server on tcp/2241
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1651 flags=[URG PSH FIN] No local server on tcp/1651
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=862 flags=[URG PSH FIN] No local server on tcp/862
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=266 flags=[URG PSH FIN] No local server on tcp/266
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=13783 flags=[URG PSH FIN] No local server on tcp/13783
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=107 flags=[URG PSH FIN] No local server on tcp/107
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=360 flags=[URG PSH FIN] No local server on tcp/360
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=701 flags=[URG PSH FIN] No local server on tcp/701
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=6142 flags=[URG PSH FIN] No local server on tcp/6142
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=77 flags=[URG PSH FIN] No local server on tcp/77
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=995 flags=[URG PSH FIN] No local server on tcp/995
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=5903 flags=[URG PSH FIN] No local server on tcp/5903
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=547 flags=[URG PSH FIN] No local server on tcp/547
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1544 flags=[URG PSH FIN] No local server on tcp/1544
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=417 flags=[URG PSH FIN] No local server on tcp/417
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=766 flags=[URG PSH FIN] No local server on tcp/766
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=43188 flags=[URG PSH FIN] No local server on tcp/43188
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=774 flags=[URG PSH FIN] No local server on tcp/774
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=66 flags=[URG PSH FIN] No local server on tcp/66
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=370 flags=[URG PSH FIN] No local server on tcp/370
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=503 flags=[URG PSH FIN] No local server on tcp/503
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1530 flags=[URG PSH FIN] No local server on tcp/1530
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1524 flags=[URG PSH FIN] No local server on tcp/1524
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=6017 flags=[URG PSH FIN] No local server on tcp/6017
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=5716 flags=[URG PSH FIN] No local server on tcp/5716
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=5400 flags=[URG PSH FIN] No local server on tcp/5400
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1 flags=[URG PSH FIN] No local server on tcp/1
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=136 flags=[URG PSH FIN] No local server on tcp/136
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=88 flags=[URG PSH FIN] No local server on tcp/88
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=570 flags=[URG PSH FIN] No local server on tcp/570
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=761 flags=[URG PSH FIN] No local server on tcp/761
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=380 flags=[URG PSH FIN] No local server on tcp/380
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=40 flags=[URG PSH FIN] No local server on tcp/40
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=283 flags=[URG PSH FIN] No local server on tcp/283
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=278 flags=[URG PSH FIN] No local server on tcp/278
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=150 flags=[URG PSH FIN] No local server on tcp/150
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=373 flags=[URG PSH FIN] No local server on tcp/373
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=155 flags=[URG PSH FIN] No local server on tcp/155
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=13713 flags=[URG PSH FIN] No local server on tcp/13713
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=5530 flags=[URG PSH FIN] No local server on tcp/5530
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=755 flags=[URG PSH FIN] No local server on tcp/755
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=607 flags=[URG PSH FIN] No local server on tcp/607
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=6144 flags=[URG PSH FIN] No local server on tcp/6144
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=281 flags=[URG PSH FIN] No local server on tcp/281
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=363 flags=[URG PSH FIN] No local server on tcp/363
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=18183 flags=[URG PSH FIN] No local server on tcp/18183
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=7070 flags=[URG PSH FIN] No local server on tcp/7070
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=757 flags=[URG PSH FIN] No local server on tcp/757
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=630 flags=[URG PSH FIN] No local server on tcp/630
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=332 flags=[URG PSH FIN] No local server on tcp/332
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1450 flags=[URG PSH FIN] No local server on tcp/1450
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=296 flags=[URG PSH FIN] No local server on tcp/296
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=1480 flags=[URG PSH FIN] No local server on tcp/1480
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=736 flags=[URG PSH FIN] No local server on tcp/736
"SCAN nmap XMAS"
sid=1228 chain=INPUT packets=2 dp=16959 flags=[URG PSH FIN] No local server on tcp/16959
[+] Whois Information:
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-16
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org
OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org
# ARIN WHOIS database, last updated 2006-03-12 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
=-=-=-=-=-=-=-=-=-=-=-= Mon Mar 13 13:26:28 2006 =-=-=-=-=-=-=-=-=-=-=-=
