[+] Top 50 signature matches:
"BACKDOOR DoomJuice file upload attempt" (tcp), Count: 27333, Unique sources: 497, Sid: 2375
"ICMP PING" (icmp), Count: 19604, Unique sources: 6005, Sid: 384
"PSAD-CUSTOM Slammer communication attempt" (udp), Count: 5905, Unique sources: 2829, Sid: 100208
"MISC Microsoft SQL Server communication attempt" (tcp), Count: 2745, Unique sources: 63, Sid: 100205
"MISC Windows popup spam attempt" (udp), Count: 2622, Unique sources: 459, Sid: 100196
"PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Count: 2147, Unique sources: 47, Sid: 100206
"MISC Radmin Default install options attempt" (tcp), Count: 1412, Unique sources: 35, Sid: 100204
"BACKDOOR Subseven connection attempt" (tcp), Count: 535, Unique sources: 9, Sid: 100207
"BACKDOOR typot trojan traffic" (tcp), Count: 239, Unique sources: 12, Sid: 2182
"BACKDOOR netbus Connection Cttempt" (tcp), Count: 182, Unique sources: 3, Sid: 100028
"MISC HP Web JetAdmin communication attempt" (tcp), Count: 89, Unique sources: 3, Sid: 100084
"DOS Real Audio Server communication attempt" (tcp), Count: 24, Unique sources: 1, Sid: 100112
"BACKDOOR DeepThroat 3.1 Server Response [3150]" (udp), Count: 8, Unique sources: 1, Sid: 1982
"MISC MS Terminal Server communication attempt" (tcp), Count: 6, Unique sources: 1, Sid: 100077
"BACKDOOR DeepThroat 3.1 Server Response [4120]" (udp), Count: 4, Unique sources: 1, Sid: 1984
"MISC PCAnywhere communication attempt" (tcp), Count: 4, Unique sources: 1, Sid: 100073
"ICMP traceroute" (icmp), Count: 3, Unique sources: 1, Sid: 385
"ICMP PING Sun Solaris" (icmp), Count: 1, Unique sources: 1, Sid: 381
[+] Top 25 attackers:
11.11.11.67 DL: 4, Packets: 22803, Sig count: 12, local IP!
61.48.11.170 DL: 3, Packets: 1820, Sig count: 15
69.55.143.53 DL: 3, Packets: 1819, Sig count: 10
63.126.133.234 DL: 3, Packets: 530, Sig count: 0
203.200.213.182 DL: 3, Packets: 399, Sig count: 3
63.123.70.166 DL: 3, Packets: 7237, Sig count: 3219
63.126.133.117 DL: 3, Packets: 2801, Sig count: 0
67.123.234.132 DL: 3, Packets: 2351, Sig count: 17
63.13.135.27 DL: 3, Packets: 8121, Sig count: 0
61.120.200.227 DL: 3, Packets: 882, Sig count: 0
63.125.10.7 DL: 3, Packets: 6881, Sig count: 3087
63.126.133.8 DL: 3, Packets: 2087, Sig count: 0
66.186.83.178 DL: 3, Packets: 10217, Sig count: 20
218.103.70.82 DL: 3, Packets: 1547, Sig count: 0
68.237.49.113 DL: 3, Packets: 1610, Sig count: 26
63.123.38.103 DL: 3, Packets: 3928, Sig count: 3928
66.12.135.62 DL: 2, Packets: 2, Sig count: 1
64.91.161.181 DL: 2, Packets: 2, Sig count: 1
64.167.239.248 DL: 2, Packets: 4, Sig count: 1
61.229.131.23 DL: 2, Packets: 1, Sig count: 1
203.164.76.0 DL: 2, Packets: 1, Sig count: 1
220.213.67.58 DL: 2, Packets: 1, Sig count: 1
4.34.143.112 DL: 2, Packets: 4, Sig count: 1
202.215.44.233 DL: 2, Packets: 1, Sig count: 1
[+] Top 20 scanned ports:
tcp 135 86565 packets
tcp 445 46433 packets
tcp 443 26339 packets
tcp 3127 25781 packets
tcp 139 14980 packets
tcp 80 10418 packets
tcp 6129 3427 packets
tcp 901 3097 packets
tcp 1433 2745 packets
tcp 17300 2147 packets
tcp 1080 1916 packets
tcp 3128 1529 packets
tcp 4899 1412 packets
tcp 21 1061 packets
tcp 10080 557 packets
tcp 27374 535 packets
tcp 113 440 packets
tcp 23 401 packets
tcp 20168 378 packets
tcp 111 311 packets
udp 53 18124 packets
udp 137 8752 packets
udp 1434 5905 packets
udp 138 3819 packets
udp 1026 2394 packets
udp 135 1525 packets
udp 1027 290 packets
udp 514 268 packets
udp 1812 146 packets
udp 111 28 packets
udp 1024 25 packets
udp 1028 19 packets
udp 31789 18 packets
udp 64820 15 packets
udp 1033 14 packets
udp 1031 11 packets
udp 1039 9 packets
udp 1029 8 packets
udp 60909 8 packets
udp 21028 7 packets
Netfilter log prefix counters:
"OUTG CONN TCP:": 1739
"Drop TCP after 13 attempts": 38
"Legal DNS:": 18107
"INBOUND UDP:": 18994
"INBLOCK:": 187
"INBOUND TCP:": 244546
"OUTG CONN UDP:": 485
"INBOUND ICMP:": 19602
"Legal Broadcast:": 3792
"OUTG CONN OTHER:": 7
"Drop udp after 20 attempts": 7
Total scan sources: 10967
Total scan destinations: 119
Total packet counters: tcp: 113288, udp: 38955, icmp: 19604
[+] IP Status Detail:
SRC: 11.11.11.67, DL: 4, Dsts: 95, Pkts: 3606647, Unique sigs: 2, local IP!
Source OS fingerprint:
Linux (2.4.x kernel)
DST: 158.205.180.50
Scanned ports: FORWARD br0 udp 34789-34980 (21 packets)
DST: 211.222.248.110
Scanned ports: FORWARD br0 tcp 113 (2 packets)
DST: 64.222.17.79
Scanned ports: FORWARD br0 udp 60909 (8 packets)
DST: 211.22.72.136
Scanned ports: FORWARD br0 tcp 113 (11 packets)
DST: 213.203.145.78
Scanned ports: FORWARD br0 udp 137 (3 packets)
DST: 222.3.17.211
Scanned ports: FORWARD br0 udp 137 (3 packets)
DST: 68.17.108.90
Scanned ports: FORWARD br0 udp 1266-2913 (19 packets)
DST: 80.55.71.34
Scanned ports: FORWARD br0 udp 40787-40807 (18 packets)
DST: 211.222.249.231
Scanned ports: FORWARD br0 tcp 113 (1 packets)
DST: 209.63.57.10
Scanned ports: FORWARD br0 tcp 21-80 (5 packets)
DST: 80.131.223.108
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 23.23.23.60
Scanned ports: FORWARD br0 udp 53 (9109 packets)
Signature match: "BACKDOOR DeepThroat 3.1 Server Response [4120]" (udp), Chain: FORWARD, Count: 4, DP: 53, Sid: 1984
DST: 211.158.76.139
Scanned ports: FORWARD br0 tcp 113 (1 packets)
DST: 64.187.36.226
Scanned ports: FORWARD br0 udp 3954-3994 (18 packets)
DST: 81.93.69.237
Scanned ports: FORWARD br0 udp 1025 (5 packets)
DST: 221.154.7.108
Scanned ports: FORWARD br0 tcp 113 (1 packets)
DST: 80.8.1.94
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 200.223.161.169
Scanned ports: FORWARD br0 udp 60227-60371 (6 packets)
DST: 128.164.136.46
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 195.27.176.155
Scanned ports: FORWARD br0 tcp 80 (3 packets)
DST: 203.215.82.181
Scanned ports: FORWARD br0 tcp 113 (3 packets)
DST: 61.35.133.209
Scanned ports: FORWARD br0 udp 1039 (5 packets)
DST: 61.124.164.113
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 200.66.158.190
Scanned ports: FORWARD br0 udp 21086 (1 packets)
DST: 210.9.192.74
Scanned ports: FORWARD br0 udp 55378-57839 (2 packets)
DST: 63.157.24.11
Scanned ports: FORWARD br0 udp 1024 (9 packets)
DST: 81.49.20.224
Scanned ports: FORWARD br0 tcp 113 (10 packets)
DST: 209.83.64.147
Scanned ports: FORWARD br0 udp 1031 (3 packets)
DST: 141.151.75.225
Scanned ports: FORWARD br0 udp 1029 (2 packets)
DST: 220.116.166.142
Scanned ports: FORWARD br0 tcp 113 (1 packets)
DST: 11.11.11.65
Scanned ports: FORWARD br0 udp 514 (139 packets)
Scanned ports: INPUT eth1 udp 514 (6 packets)
DST: 68.88.195.162
Scanned ports: FORWARD br0 udp 1026 (9 packets)
DST: 210.65.6.130
Scanned ports: FORWARD br0 udp 58428-58429 (2 packets)
DST: 61.129.64.139
Scanned ports: FORWARD br0 tcp 113 (31 packets)
DST: 81.53.86.15
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 218.38.159.132
Scanned ports: FORWARD br0 udp 55226-55247 (21 packets)
DST: 61.185.219.74
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 211.185.194.194
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 213.97.13.172
Scanned ports: FORWARD br0 udp 57767 (1 packets)
DST: 200.64.220.14
Scanned ports: FORWARD br0 udp 21028 (7 packets)
DST: 211.182.117.130
Scanned ports: FORWARD br0 tcp 113 (16 packets)
DST: 172.16.3.74
Scanned ports: FORWARD br0 udp 1039 (4 packets)
DST: 81.86.94.71
Scanned ports: FORWARD br0 tcp 113 (8 packets)
DST: 211.181.185.216
Scanned ports: FORWARD br0 udp 1027 (1 packets)
DST: 208.191.104.228
Scanned ports: FORWARD br0 udp 137 (3 packets)
DST: 80.188.62.27
Scanned ports: FORWARD br0 udp 137 (3 packets)
DST: 80.102.5.174
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 221.161.82.209
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 11.11.11.255
Scanned ports: FORWARD br0 udp 137-138 (3792 packets)
Scanned ports: INPUT eth1 udp 137-138 (28 packets)
DST: 195.36.244.104
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 62.211.66.12
Scanned ports: FORWARD br0 tcp 80 (4 packets)
DST: 63.202.184.17
Scanned ports: FORWARD br0 udp 65325 (2 packets)
DST: 219.133.183.95
Scanned ports: FORWARD br0 udp 137 (3 packets)
DST: 61.143.30.145
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 211.74.101.93
Scanned ports: FORWARD br0 udp 1029 (6 packets)
DST: 62.181.161.36
Scanned ports: FORWARD br0 udp 3159-3195 (17 packets)
DST: 198.69.64.40
Scanned ports: FORWARD br0 udp 58218 (2 packets)
DST: 22.22.22.40
Scanned ports: FORWARD br0 udp 53 (8998 packets)
Signature match: "BACKDOOR DeepThroat 3.1 Server Response [3150]" (udp), Chain: FORWARD, Count: 8, DP: 53, Sid: 1982
DST: 66.187.232.40
Scanned ports: FORWARD br0 tcp 21 (1 packets)
DST: 162.84.235.239
Scanned ports: FORWARD br0 udp 1027 (2 packets)
DST: 63.162.204.122
Scanned ports: FORWARD br0 udp 15573-15580 (3 packets)
DST: 64.161.61.115
Scanned ports: FORWARD br0 tcp 1051-3184 (3 packets)
DST: 67.68.37.235
Scanned ports: FORWARD br0 udp 137 (9 packets)
DST: 81.40.50.238
Scanned ports: FORWARD br0 udp 1040 (3 packets)
DST: 218.70.138.102
Scanned ports: FORWARD br0 tcp 113 (2 packets)
DST: 200.255.114.102
Scanned ports: FORWARD br0 udp 137 (3 packets)
DST: 63.202.89.212
Scanned ports: FORWARD br0 udp 34805 (3 packets)
DST: 211.63.95.196
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 172.178.106.208
Scanned ports: FORWARD br0 tcp 113 (1 packets)
DST: 203.190.146.137
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 218.173.87.33
Scanned ports: FORWARD br0 udp 1031 (8 packets)
DST: 216.254.0.38
Scanned ports: FORWARD br0 tcp 21 (1 packets)
DST: 211.222.247.108
Scanned ports: FORWARD br0 tcp 113 (2 packets)
DST: 220.163.210.166
Scanned ports: FORWARD br0 udp 1027 (19 packets)
DST: 81.50.172.22
Scanned ports: FORWARD br0 tcp 113 (10 packets)
DST: 207.66.155.21
Scanned ports: FORWARD br0 tcp 80 (24 packets)
DST: 81.129.124.247
Scanned ports: FORWARD br0 udp 1028 (11 packets)
DST: 218.108.31.187
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 193.230.153.133
Scanned ports: FORWARD br0 tcp 21 (2 packets)
DST: 63.202.232.44
Scanned ports: FORWARD br0 udp 1033 (14 packets)
DST: 218.104.80.179
Scanned ports: FORWARD br0 tcp 113 (1 packets)
DST: 62.209.236.2
Scanned ports: FORWARD br0 udp 64820 (15 packets)
DST: 200.151.230.146
Scanned ports: FORWARD br0 udp 1028 (7 packets)
DST: 220.210.24.237
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 80.116.93.36
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 193.251.93.211
Scanned ports: FORWARD br0 tcp 113 (10 packets)
DST: 211.185.238.162
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 195.56.203.177
Scanned ports: FORWARD br0 tcp 113 (1 packets)
DST: 80.54.26.160
Scanned ports: FORWARD br0 udp 1027 (1 packets)
DST: 211.147.224.40
Scanned ports: FORWARD br0 tcp 113 (14 packets)
DST: 212.182.31.200
Scanned ports: FORWARD br0 udp 1027 (7 packets)
DST: 216.82.64.254
Scanned ports: FORWARD br0 udp 33200-33223 (21 packets)
DST: 162.40.248.197
Scanned ports: FORWARD br0 udp 1026 (19 packets)
DST: 217.234.249.76
Scanned ports: FORWARD br0 tcp 113 (22 packets)
DST: 212.195.86.202
Scanned ports: FORWARD br0 tcp 113 (5 packets)
SRC: 61.48.11.170, DL: 3, Dsts: 11, Pkts: 173639, Unique sigs: 11
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 139-445 (184 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 139-445 (185 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 139-445 (177 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 139-445 (174 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 139-445 (182 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 139-445 (185 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 139-445 (174 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 3, Sid: 384
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 139-445 (168 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 139-445 (188 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 139-445 (188 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 69.55.143.53, DL: 3, Dsts: 24, Pkts: 482029, Unique sigs: 8
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 139-445 (65 packets)
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 139-445 (18 packets)
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 139-445 (64 packets)
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 139-445 (12 packets)
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 139-445 (221 packets)
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 139-445 (85 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 139-445 (14 packets)
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 139-445 (264 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 139-445 (196 packets)
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 139-445 (69 packets)
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 445 (10 packets)
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 139-445 (147 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 139-445 (68 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 139-445 (106 packets)
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 139-445 (26 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 445 (7 packets)
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 139-445 (62 packets)
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 445 (11 packets)
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 139-445 (246 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 139-445 (25 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 139-445 (23 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 3, Sid: 384
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 139-445 (9 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 139-445 (61 packets)
SRC: 63.126.133.234, DL: 3, Dsts: 17, Pkts: 425055, Unique sigs: 0
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 135-445 (12 packets)
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 135-445 (30 packets)
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 135-445 (15 packets)
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 135-445 (6 packets)
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 135-445 (30 packets)
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 135-445 (72 packets)
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 135-445 (30 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135-445 (6 packets)
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 135-445 (8 packets)
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 135-445 (22 packets)
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 135-445 (3 packets)
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 135-445 (24 packets)
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 135-445 (156 packets)
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 135-445 (36 packets)
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 135-445 (8 packets)
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 135-445 (48 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 135-445 (24 packets)
SRC: 203.200.213.182, DL: 3, Dsts: 1, Pkts: 34772, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.87
Scanned ports: FORWARD br0 udp 137 (168 packets)
Scanned ports: FORWARD br0 tcp 135-6129 (231 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
SRC: 63.123.70.166, DL: 3, Dsts: 24, Pkts: 881028, Unique sigs: 24
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 135 (183 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 162, Sid: 384
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 135 (174 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 161, Sid: 384
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 135 (179 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 161, Sid: 384
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 135 (183 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 160, Sid: 384
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 135 (77 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 4, Sid: 384
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 135 (227 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 160, Sid: 384
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 135 (174 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 162, Sid: 384
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 135 (101 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 8, Sid: 384
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 135 (84 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 5, Sid: 384
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 135 (185 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 160, Sid: 384
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 135 (185 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 162, Sid: 384
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135 (114 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 137, Sid: 384
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 135 (176 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 161, Sid: 384
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135 (215 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 159, Sid: 384
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 135 (261 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 162, Sid: 384
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 135 (206 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 161, Sid: 384
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 135 (180 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 161, Sid: 384
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 135 (190 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 162, Sid: 384
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 135 (90 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 4, Sid: 384
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 135 (224 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 162, Sid: 384
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 135 (251 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 162, Sid: 384
DST: 11.11.11.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 162, Sid: 384
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 135 (174 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 162, Sid: 384
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 135 (185 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 159, Sid: 384
SRC: 63.126.133.117, DL: 3, Dsts: 24, Pkts: 1016617, Unique sigs: 0
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 135-445 (107 packets)
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 135-445 (207 packets)
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 135-445 (192 packets)
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 135-445 (120 packets)
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 135-445 (33 packets)
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 135-445 (48 packets)
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 135-445 (132 packets)
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 135-445 (30 packets)
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 135-445 (66 packets)
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 135-445 (197 packets)
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 135-445 (112 packets)
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135-445 (125 packets)
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 135-445 (114 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135-445 (96 packets)
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 135-445 (201 packets)
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 135-445 (144 packets)
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 135-445 (144 packets)
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 135-445 (126 packets)
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 135-445 (107 packets)
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 135-445 (6 packets)
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 135-445 (127 packets)
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 135-445 (162 packets)
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 135-445 (103 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 135-445 (102 packets)
SRC: 67.123.234.132, DL: 3, Dsts: 15, Pkts: 564219, Unique sigs: 15
DST: 11.11.11.85
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.83
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 139-445 (176 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.84
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 139-445 (296 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 139-445 (286 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 139-445 (282 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 139-445 (118 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 139-445 (294 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 139-445 (241 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 3, Sid: 384
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 139-445 (284 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 139-445 (287 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.89
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 139-445 (70 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 63.13.135.27, DL: 3, Dsts: 24, Pkts: 1418200, Unique sigs: 0
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.83
Scanned ports: FORWARD br0 udp 137 (131 packets)
Scanned ports: FORWARD br0 tcp 113-445 (230 packets)
DST: 11.11.11.80
Scanned ports: FORWARD br0 udp 137 (107 packets)
Scanned ports: FORWARD br0 tcp 113-445 (238 packets)
DST: 11.11.11.84
Scanned ports: FORWARD br0 udp 137 (101 packets)
Scanned ports: FORWARD br0 tcp 113-445 (225 packets)
DST: 11.11.11.71
Scanned ports: FORWARD br0 udp 137 (105 packets)
Scanned ports: FORWARD br0 tcp 113-445 (253 packets)
DST: 11.11.11.115
Scanned ports: FORWARD br0 udp 137 (111 packets)
Scanned ports: FORWARD br0 tcp 113-445 (237 packets)
DST: 11.11.11.95
Scanned ports: FORWARD br0 udp 137 (123 packets)
Scanned ports: FORWARD br0 tcp 113-445 (243 packets)
DST: 11.11.11.81
Scanned ports: FORWARD br0 udp 137 (118 packets)
Scanned ports: FORWARD br0 tcp 113-445 (249 packets)
DST: 11.11.11.125
Scanned ports: FORWARD br0 udp 137 (93 packets)
Scanned ports: FORWARD br0 tcp 113-445 (220 packets)
DST: 11.11.11.110
Scanned ports: FORWARD br0 udp 137 (102 packets)
Scanned ports: FORWARD br0 tcp 113-445 (217 packets)
DST: 11.11.11.87
Scanned ports: FORWARD br0 udp 137 (105 packets)
Scanned ports: FORWARD br0 tcp 113-445 (235 packets)
DST: 11.11.11.75
Scanned ports: FORWARD br0 udp 137 (113 packets)
Scanned ports: FORWARD br0 tcp 113-445 (240 packets)
DST: 11.11.11.105
Scanned ports: FORWARD br0 udp 137 (109 packets)
Scanned ports: FORWARD br0 tcp 113-445 (226 packets)
DST: 11.11.11.85
Scanned ports: FORWARD br0 udp 137 (123 packets)
Scanned ports: FORWARD br0 tcp 113-445 (251 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 udp 137 (124 packets)
Scanned ports: FORWARD br0 tcp 113-445 (243 packets)
DST: 11.11.11.69
Scanned ports: FORWARD br0 udp 137 (102 packets)
Scanned ports: FORWARD br0 tcp 113-445 (259 packets)
DST: 11.11.11.73
Scanned ports: FORWARD br0 udp 137 (115 packets)
Scanned ports: FORWARD br0 tcp 113-445 (232 packets)
DST: 11.11.11.90
Scanned ports: FORWARD br0 udp 137 (119 packets)
Scanned ports: FORWARD br0 tcp 113-445 (239 packets)
DST: 11.11.11.72
Scanned ports: FORWARD br0 udp 137 (126 packets)
Scanned ports: FORWARD br0 tcp 113-445 (242 packets)
DST: 11.11.11.120
Scanned ports: FORWARD br0 udp 137 (125 packets)
Scanned ports: FORWARD br0 tcp 113-445 (235 packets)
DST: 11.11.11.70
Scanned ports: FORWARD br0 udp 137 (112 packets)
Scanned ports: FORWARD br0 tcp 113-445 (270 packets)
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 137 (108 packets)
Scanned ports: FORWARD br0 tcp 113-445 (257 packets)
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 113 (3 packets)
DST: 11.11.11.82
Scanned ports: FORWARD br0 udp 137 (111 packets)
Scanned ports: FORWARD br0 tcp 113-445 (244 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 udp 137 (105 packets)
Scanned ports: FORWARD br0 tcp 113-445 (245 packets)
SRC: 61.120.200.227, DL: 3, Dsts: 24, Pkts: 1437478, Unique sigs: 0
Source OS fingerprint:
Linux (2.4.x kernel)
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 80-443 (4 packets)
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 443 (1 packets)
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 443 (1 packets)
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 80-443 (6 packets)
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 80-443 (7 packets)
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 443 (1 packets)
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 80-443 (482 packets)
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 80-443 (340 packets)
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 443 (1 packets)
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 443 (1 packets)
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 443 (1 packets)
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 443 (1 packets)
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 443 (3 packets)
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 80-443 (3 packets)
SRC: 63.125.10.7, DL: 3, Dsts: 24, Pkts: 1900136, Unique sigs: 24
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 135 (174 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 135 (172 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 159, Sid: 384
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 135 (165 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 156, Sid: 384
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 135 (193 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 157, Sid: 384
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 135 (59 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 10, Sid: 384
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 135 (205 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 159, Sid: 384
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 135 (172 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 135 (62 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 3, Sid: 384
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 135 (75 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 4, Sid: 384
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 135 (178 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 135 (170 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135 (70 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 63, Sid: 384
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 135 (179 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 157, Sid: 384
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135 (213 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 135 (250 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 135 (185 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 135 (172 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 135 (176 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 157, Sid: 384
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 135 (74 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 10, Sid: 384
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 135 (218 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 157, Sid: 384
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 135 (285 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 157, Sid: 384
DST: 11.11.11.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 135 (164 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 135 (183 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 158, Sid: 384
SRC: 63.126.133.8, DL: 3, Dsts: 24, Pkts: 1853110, Unique sigs: 0
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 135-445 (47 packets)
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 135-445 (145 packets)
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 135-445 (37 packets)
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 135-445 (60 packets)
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 135-445 (278 packets)
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 135-445 (32 packets)
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 135-445 (112 packets)
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 135-445 (11 packets)
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 135-445 (111 packets)
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 135-445 (52 packets)
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 135-445 (243 packets)
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135-445 (4 packets)
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 135-445 (22 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135-445 (37 packets)
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 135-445 (24 packets)
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 135-445 (203 packets)
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 135-445 (64 packets)
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 135-445 (57 packets)
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 135-445 (4 packets)
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 135-445 (4 packets)
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 135-445 (77 packets)
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 135-445 (133 packets)
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 135-445 (54 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 135-445 (276 packets)
SRC: 66.186.83.178, DL: 3, Dsts: 24, Pkts: 2229799, Unique sigs: 18
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 139-445 (287 packets)
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 139-445 (522 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 139-445 (272 packets)
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 139-445 (520 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 139-445 (637 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 139-445 (291 packets)
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 139-445 (521 packets)
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 139-445 (647 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 139-445 (626 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 139-445 (274 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 139-445 (524 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 139-445 (344 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 139-445 (279 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 139-445 (313 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 139-445 (535 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 139-445 (528 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 139-445 (287 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 139-445 (526 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 139-445 (638 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 139-445 (533 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 139-445 (530 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 3, Sid: 384
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 139-445 (281 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 139-445 (282 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.103.70.82, DL: 3, Dsts: 24, Pkts: 2462997, Unique sigs: 0
Source OS fingerprint:
Linux (2.4.x kernel)
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 80-443 (36 packets)
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 80-443 (50 packets)
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 80-443 (36 packets)
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 80-443 (64 packets)
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 80-443 (36 packets)
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 80-443 (22 packets)
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 80-443 (210 packets)
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 80-443 (64 packets)
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 80-443 (36 packets)
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 80-443 (59 packets)
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 80-443 (306 packets)
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80-443 (36 packets)
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 80-443 (55 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80-443 (214 packets)
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 80-443 (2 packets)
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 80-443 (87 packets)
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 80-443 (11 packets)
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 80-443 (36 packets)
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 80-443 (70 packets)
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 80-443 (2 packets)
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 80-443 (2 packets)
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 443 (2 packets)
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 80-443 (36 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 80-443 (75 packets)
SRC: 68.237.49.113, DL: 3, Dsts: 24, Pkts: 3754808, Unique sigs: 24
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.83
Scanned ports: FORWARD br0 udp 137 (18 packets)
Scanned ports: FORWARD br0 tcp 80-445 (46 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.80
Scanned ports: FORWARD br0 udp 137 (24 packets)
Scanned ports: FORWARD br0 tcp 80-445 (46 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.84
Scanned ports: FORWARD br0 udp 137 (15 packets)
Scanned ports: FORWARD br0 tcp 80-445 (43 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.71
Scanned ports: FORWARD br0 udp 137 (18 packets)
Scanned ports: FORWARD br0 tcp 80-445 (53 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.115
Scanned ports: FORWARD br0 udp 137 (21 packets)
Scanned ports: FORWARD br0 tcp 80-445 (39 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.95
Scanned ports: FORWARD br0 udp 137 (21 packets)
Scanned ports: FORWARD br0 tcp 80-445 (36 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.81
Scanned ports: FORWARD br0 udp 137 (18 packets)
Scanned ports: FORWARD br0 tcp 80-445 (48 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.125
Scanned ports: FORWARD br0 udp 137 (21 packets)
Scanned ports: FORWARD br0 tcp 80-445 (43 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.110
Scanned ports: FORWARD br0 udp 137 (6 packets)
Scanned ports: FORWARD br0 tcp 80-445 (11 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.87
Scanned ports: FORWARD br0 udp 137 (30 packets)
Scanned ports: FORWARD br0 tcp 80-445 (59 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.75
Scanned ports: FORWARD br0 udp 137 (54 packets)
Scanned ports: FORWARD br0 tcp 80-445 (104 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.105
Scanned ports: FORWARD br0 udp 137 (20 packets)
Scanned ports: FORWARD br0 tcp 80-445 (45 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.85
Scanned ports: FORWARD br0 udp 137 (22 packets)
Scanned ports: FORWARD br0 tcp 80-445 (55 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.100
Scanned ports: FORWARD br0 udp 137 (21 packets)
Scanned ports: FORWARD br0 tcp 80-445 (46 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.69
Scanned ports: FORWARD br0 udp 137 (3 packets)
Scanned ports: FORWARD br0 tcp 80-445 (9 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.73
Scanned ports: FORWARD br0 udp 137 (39 packets)
Scanned ports: FORWARD br0 tcp 80-445 (79 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.90
Scanned ports: FORWARD br0 udp 137 (21 packets)
Scanned ports: FORWARD br0 tcp 80-445 (36 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.72
Scanned ports: FORWARD br0 udp 137 (54 packets)
Scanned ports: FORWARD br0 tcp 80-445 (103 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.120
Scanned ports: FORWARD br0 udp 137 (21 packets)
Scanned ports: FORWARD br0 tcp 80-445 (38 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.70
Scanned ports: FORWARD br0 udp 137 (3 packets)
Scanned ports: FORWARD br0 tcp 80-445 (8 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 137 (3 packets)
Scanned ports: FORWARD br0 tcp 80-445 (9 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 3, Sid: 384
DST: 11.11.11.82
Scanned ports: FORWARD br0 udp 137 (33 packets)
Scanned ports: FORWARD br0 tcp 80-445 (80 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.89
Scanned ports: FORWARD br0 udp 137 (21 packets)
Scanned ports: FORWARD br0 tcp 80-445 (41 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 63.123.38.103, DL: 3, Dsts: 24, Pkts: 419174, Unique sigs: 24
DST: 11.11.11.83
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.80
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.84
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 163, Sid: 384
DST: 11.11.11.71
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 163, Sid: 384
DST: 11.11.11.115
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 163, Sid: 384
DST: 11.11.11.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.81
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 163, Sid: 384
DST: 11.11.11.125
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.87
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.75
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.85
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 163, Sid: 384
DST: 11.11.11.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 165, Sid: 384
DST: 11.11.11.69
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 163, Sid: 384
DST: 11.11.11.73
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 163, Sid: 384
DST: 11.11.11.72
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 163, Sid: 384
DST: 11.11.11.120
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.70
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.67
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 165, Sid: 384
DST: 11.11.11.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 164, Sid: 384
DST: 11.11.11.82
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 163, Sid: 384
DST: 11.11.11.89
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 163, Sid: 384
SRC: 66.12.135.62, DL: 2, Dsts: 1, Pkts: 2, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 64.91.161.181, DL: 2, Dsts: 1, Pkts: 4, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 64.167.239.248, DL: 2, Dsts: 1, Pkts: 8, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 61.229.131.23, DL: 2, Dsts: 1, Pkts: 1, Unique sigs: 1
DST: 11.11.11.69
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 203.164.76.0, DL: 2, Dsts: 1, Pkts: 2, Unique sigs: 1
DST: 11.11.11.85
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 220.213.67.58, DL: 2, Dsts: 1, Pkts: 3, Unique sigs: 1
DST: 11.11.11.69
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 4.34.143.112, DL: 2, Dsts: 1, Pkts: 12, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 202.215.44.233, DL: 2, Dsts: 1, Pkts: 4, Unique sigs: 1
DST: 11.11.11.81
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 65.198.154.4, DL: 2, Dsts: 1, Pkts: 20, Unique sigs: 1
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 68.161.137.137, DL: 2, Dsts: 1, Pkts: 24, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 203.164.77.23, DL: 2, Dsts: 2, Pkts: 11, Unique sigs: 2
DST: 11.11.11.120
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
DST: 11.11.11.71
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 63.167.237.11, DL: 2, Dsts: 3, Pkts: 90, Unique sigs: 3
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 80 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 66.14.177.152, DL: 2, Dsts: 2, Pkts: 45, Unique sigs: 2
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 209.147.245.44, DL: 2, Dsts: 1, Pkts: 39, Unique sigs: 1
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 172.202.207.31, DL: 2, Dsts: 1, Pkts: 41, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 64.70.25.219, DL: 2, Dsts: 18, Pkts: 279, Unique sigs: 18
DST: 11.11.11.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.83
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.84
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.115
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.95
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.110
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.125
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.75
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.105
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.73
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.69
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.90
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.72
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 218.169.84.81, DL: 2, Dsts: 1, Pkts: 25, Unique sigs: 1
DST: 11.11.11.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 62.147.10.22, DL: 2, Dsts: 1, Pkts: 26, Unique sigs: 1
DST: 11.11.11.90
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 65.73.175.98, DL: 2, Dsts: 1, Pkts: 45, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 219.142.59.101, DL: 2, Dsts: 1, Pkts: 15, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.64.123.157, DL: 2, Dsts: 1, Pkts: 16, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 216.23.226.2, DL: 2, Dsts: 1, Pkts: 17, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 216.148.219.135, DL: 2, Dsts: 1, Pkts: 52, Unique sigs: 1
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 24.169.224.60, DL: 2, Dsts: 1, Pkts: 54, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.14.65.47, DL: 2, Dsts: 1, Pkts: 56, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.234.87.181, DL: 2, Dsts: 1, Pkts: 21, Unique sigs: 1
DST: 11.11.11.80
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 12.101.39.131, DL: 2, Dsts: 1, Pkts: 27, Unique sigs: 1
DST: 11.11.11.85
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 204.63.218.120, DL: 2, Dsts: 24, Pkts: 1384, Unique sigs: 24
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
SRC: 144.134.53.108, DL: 2, Dsts: 1, Pkts: 28, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 160.79.140.60, DL: 2, Dsts: 1, Pkts: 29, Unique sigs: 1
DST: 11.11.11.110
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 213.58.11.204, DL: 2, Dsts: 1, Pkts: 30, Unique sigs: 1
DST: 11.11.11.89
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 213.229.167.40, DL: 2, Dsts: 1, Pkts: 101, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 67.86.136.203, DL: 2, Dsts: 1, Pkts: 105, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 172.191.79.140, DL: 2, Dsts: 1, Pkts: 31, Unique sigs: 1
DST: 11.11.11.89
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 61.175.157.168, DL: 2, Dsts: 1, Pkts: 24, Unique sigs: 1
DST: 11.11.11.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 81.79.151.99, DL: 2, Dsts: 1, Pkts: 32, Unique sigs: 1
DST: 11.11.11.84
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 81.173.149.159, DL: 2, Dsts: 22, Pkts: 1066, Unique sigs: 0
DST: 11.11.11.83
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.80
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.84
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.71
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.115
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.81
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.125
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.110
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.87
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.75
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.85
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.69
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.73
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.90
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.72
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.120
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.70
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 137 (1 packets)
Scanned ports: FORWARD br0 tcp 139 (21 packets)
DST: 11.11.11.64
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.82
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 udp 137 (1 packets)
SRC: 63.159.20.228, DL: 2, Dsts: 1, Pkts: 55, Unique sigs: 1
DST: 11.11.11.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 218.74.121.7, DL: 2, Dsts: 1, Pkts: 25, Unique sigs: 1
DST: 11.11.11.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 64.174.95.189, DL: 2, Dsts: 1, Pkts: 136, Unique sigs: 1
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 65.3.44.126, DL: 2, Dsts: 1, Pkts: 138, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 65.162.73.130, DL: 2, Dsts: 1, Pkts: 140, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.80.207.17, DL: 2, Dsts: 1, Pkts: 29, Unique sigs: 1
DST: 11.11.11.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 80.100.114.38, DL: 2, Dsts: 1, Pkts: 56, Unique sigs: 1
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 172.137.144.228, DL: 2, Dsts: 1, Pkts: 143, Unique sigs: 1
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 82.65.61.21, DL: 2, Dsts: 24, Pkts: 3607, Unique sigs: 24
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
SRC: 220.98.225.31, DL: 2, Dsts: 1, Pkts: 57, Unique sigs: 1
DST: 11.11.11.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 138.88.161.145, DL: 2, Dsts: 1, Pkts: 215, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 202.124.33.174, DL: 2, Dsts: 1, Pkts: 204, Unique sigs: 0
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 135-445 (20 packets)
SRC: 200.69.31.36, DL: 2, Dsts: 1, Pkts: 58, Unique sigs: 1
DST: 11.11.11.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 216.38.215.228, DL: 2, Dsts: 2, Pkts: 67, Unique sigs: 2
DST: 11.11.11.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 209.198.175.134, DL: 2, Dsts: 1, Pkts: 35, Unique sigs: 1
DST: 11.11.11.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 208.60.166.196, DL: 2, Dsts: 1, Pkts: 261, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 208.36.72.204, DL: 2, Dsts: 1, Pkts: 263, Unique sigs: 1
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 203.164.79.213, DL: 2, Dsts: 2, Pkts: 119, Unique sigs: 2
DST: 11.11.11.83
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
DST: 11.11.11.100
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 218.24.96.244, DL: 2, Dsts: 1, Pkts: 38, Unique sigs: 1
DST: 11.11.11.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 67.95.114.75, DL: 2, Dsts: 1, Pkts: 274, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 80 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 62.46.142.254, DL: 2, Dsts: 1, Pkts: 84, Unique sigs: 1
DST: 11.11.11.81
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 216.221.99.210, DL: 2, Dsts: 1, Pkts: 40, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 213.102.203.206, DL: 2, Dsts: 1, Pkts: 85, Unique sigs: 1
DST: 11.11.11.95
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 205.205.106.150, DL: 2, Dsts: 1, Pkts: 279, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 68.40.204.48, DL: 2, Dsts: 1, Pkts: 42, Unique sigs: 1
DST: 11.11.11.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 203.170.158.134, DL: 2, Dsts: 1, Pkts: 86, Unique sigs: 1
DST: 11.11.11.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 211.155.244.68, DL: 2, Dsts: 1, Pkts: 43, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 61.164.161.131, DL: 2, Dsts: 1, Pkts: 285, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 12.74.231.171, DL: 2, Dsts: 1, Pkts: 87, Unique sigs: 1
DST: 11.11.11.125
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 81.225.162.244, DL: 2, Dsts: 1, Pkts: 287, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 172.192.38.170, DL: 2, Dsts: 24, Pkts: 6622, Unique sigs: 24
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 3127 (1 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 1, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
SRC: 66.192.193.197, DL: 2, Dsts: 1, Pkts: 351, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 208.218.237.185, DL: 2, Dsts: 1, Pkts: 88, Unique sigs: 1
DST: 11.11.11.85
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 62.234.147.202, DL: 2, Dsts: 1, Pkts: 371, Unique sigs: 1
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 68.222.2.85, DL: 2, Dsts: 1, Pkts: 373, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 193.255.245.200, DL: 2, Dsts: 1, Pkts: 326, Unique sigs: 1
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 31105 (1 packets)
Signature match: "BACKDOOR typot trojan traffic" (tcp), Chain: FORWARD, Count: 1, DP: 31105, SYN, Sid: 2182
SRC: 67.4.77.46, DL: 2, Dsts: 1, Pkts: 49, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 220.226.17.41, DL: 2, Dsts: 1, Pkts: 89, Unique sigs: 1
DST: 11.11.11.84
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 207.105.252.101, DL: 2, Dsts: 1, Pkts: 50, Unique sigs: 1
DST: 11.11.11.80
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 12.47.58.103, DL: 2, Dsts: 1, Pkts: 386, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 221.6.146.132, DL: 2, Dsts: 1, Pkts: 90, Unique sigs: 1
DST: 11.11.11.83
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 24.123.186.183, DL: 2, Dsts: 1, Pkts: 390, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 148.240.200.185, DL: 2, Dsts: 1, Pkts: 91, Unique sigs: 1
DST: 11.11.11.125
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 141.152.175.57, DL: 2, Dsts: 1, Pkts: 400, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 66.0.20.106, DL: 2, Dsts: 1, Pkts: 402, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 209.63.66.39, DL: 2, Dsts: 1, Pkts: 404, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 203.186.155.29, DL: 2, Dsts: 2, Pkts: 113, Unique sigs: 2
DST: 11.11.11.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 4.46.111.185, DL: 2, Dsts: 1, Pkts: 58, Unique sigs: 1
DST: 11.11.11.80
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 61.5.68.82, DL: 2, Dsts: 1, Pkts: 92, Unique sigs: 1
DST: 11.11.11.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 68.211.164.55, DL: 2, Dsts: 1, Pkts: 409, Unique sigs: 1
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 66.55.48.183, DL: 2, Dsts: 1, Pkts: 419, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 203.164.76.231, DL: 2, Dsts: 1, Pkts: 93, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 64.201.108.181, DL: 2, Dsts: 1, Pkts: 94, Unique sigs: 1
DST: 11.11.11.90
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 199.180.16.10, DL: 2, Dsts: 1, Pkts: 61, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.4.83.243, DL: 2, Dsts: 1, Pkts: 62, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 203.164.76.89, DL: 2, Dsts: 1, Pkts: 95, Unique sigs: 1
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 64.50.31.46, DL: 2, Dsts: 1, Pkts: 425, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 64.229.179.70, DL: 2, Dsts: 1, Pkts: 96, Unique sigs: 1
DST: 11.11.11.84
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 217.230.71.22, DL: 2, Dsts: 1, Pkts: 97, Unique sigs: 1
DST: 11.11.11.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 66.106.184.106, DL: 2, Dsts: 1, Pkts: 435, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 200.158.156.27, DL: 2, Dsts: 4, Pkts: 1524, Unique sigs: 4
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 3127 (4 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 4, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 3127 (4 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 4, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 3127 (4 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 4, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 3127 (4 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 4, DP: 3127, SYN, Sid: 2375
SRC: 203.164.84.239, DL: 2, Dsts: 1, Pkts: 98, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 63.65.191.28, DL: 2, Dsts: 1, Pkts: 99, Unique sigs: 1
DST: 11.11.11.120
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 141.157.85.128, DL: 2, Dsts: 2, Pkts: 525, Unique sigs: 2
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80-135 (4 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.11.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
SRC: 212.150.51.25, DL: 2, Dsts: 1, Pkts: 69, Unique sigs: 1
DST: 11.11.11.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 61.243.111.73, DL: 2, Dsts: 1, Pkts: 100, Unique sigs: 1
DST: 11.11.11.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 217.85.163.126, DL: 2, Dsts: 24, Pkts: 10468, Unique sigs: 24
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 1433 (5 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 5, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 1433 (5 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 5, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 1433, SYN, Sid: 100205
SRC: 220.176.192.73, DL: 2, Dsts: 1, Pkts: 70, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 200.84.202.3, DL: 2, Dsts: 1, Pkts: 101, Unique sigs: 1
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.77.94.33, DL: 2, Dsts: 1, Pkts: 102, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 203.237.81.146, DL: 2, Dsts: 1, Pkts: 71, Unique sigs: 1
DST: 11.11.11.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 202.184.143.243, DL: 2, Dsts: 1, Pkts: 72, Unique sigs: 1
DST: 11.11.11.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 203.164.82.40, DL: 2, Dsts: 1, Pkts: 103, Unique sigs: 1
DST: 11.11.11.75
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 207.160.64.174, DL: 2, Dsts: 1, Pkts: 555, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 63.108.90.23, DL: 2, Dsts: 1, Pkts: 74, Unique sigs: 1
DST: 11.11.11.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 68.81.142.251, DL: 2, Dsts: 1, Pkts: 104, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 210.50.32.122, DL: 2, Dsts: 1, Pkts: 105, Unique sigs: 1
DST: 11.11.11.125
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 172.146.160.200, DL: 2, Dsts: 1, Pkts: 106, Unique sigs: 1
DST: 11.11.11.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 64.2.112.131, DL: 2, Dsts: 1, Pkts: 560, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 200.64.230.2, DL: 2, Dsts: 1, Pkts: 107, Unique sigs: 1
DST: 11.11.11.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 200.180.110.18, DL: 2, Dsts: 23, Pkts: 3242, Unique sigs: 0
DST: 11.11.11.83
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.80
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.84
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.71
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.115
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.95
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.81
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.110
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.87
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.75
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.105
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.85
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.69
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.73
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.90
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.72
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.120
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.70
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 137 (1 packets)
Scanned ports: FORWARD br0 tcp 139 (20 packets)
DST: 11.11.11.64
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.82
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 udp 137 (1 packets)
SRC: 63.84.224.2, DL: 2, Dsts: 1, Pkts: 76, Unique sigs: 1
DST: 11.11.11.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 68.147.127.155, DL: 2, Dsts: 1, Pkts: 77, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 65.90.179.95, DL: 2, Dsts: 1, Pkts: 596, Unique sigs: 1
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 221.5.107.144, DL: 2, Dsts: 2, Pkts: 311, Unique sigs: 2
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.89
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 4.7.9.203, DL: 2, Dsts: 1, Pkts: 157, Unique sigs: 1
DST: 11.11.11.110
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 68.117.183.96, DL: 2, Dsts: 1, Pkts: 158, Unique sigs: 1
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 12.35.249.253, DL: 2, Dsts: 2, Pkts: 159, Unique sigs: 2
DST: 11.11.11.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 202.144.86.228, DL: 2, Dsts: 1, Pkts: 81, Unique sigs: 1
DST: 11.11.11.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 66.0.29.189, DL: 2, Dsts: 24, Pkts: 13266, Unique sigs: 24
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
SRC: 172.172.2.24, DL: 2, Dsts: 1, Pkts: 159, Unique sigs: 1
DST: 11.11.11.110
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 202.69.79.239, DL: 2, Dsts: 24, Pkts: 14628, Unique sigs: 24
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
SRC: 68.77.51.2, DL: 2, Dsts: 2, Pkts: 1460, Unique sigs: 2
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 203.164.75.188, DL: 2, Dsts: 1, Pkts: 166, Unique sigs: 1
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 67.250.79.54, DL: 2, Dsts: 1, Pkts: 167, Unique sigs: 1
DST: 11.11.11.125
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 140.109.18.93, DL: 2, Dsts: 1, Pkts: 84, Unique sigs: 1
DST: 11.11.11.80
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 148.221.49.51, DL: 2, Dsts: 1, Pkts: 168, Unique sigs: 1
DST: 11.11.11.70
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 81.43.66.177, DL: 2, Dsts: 1, Pkts: 169, Unique sigs: 1
DST: 11.11.11.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 64.201.89.204, DL: 2, Dsts: 1, Pkts: 170, Unique sigs: 1
DST: 11.11.11.70
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 217.56.225.147, DL: 2, Dsts: 1, Pkts: 649, Unique sigs: 1
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 3127 (1 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 1, DP: 3127, SYN, Sid: 2375
SRC: 24.94.54.218, DL: 2, Dsts: 1, Pkts: 735, Unique sigs: 1
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 65.93.146.163, DL: 2, Dsts: 2, Pkts: 1480, Unique sigs: 2
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.3.1.86, DL: 2, Dsts: 1, Pkts: 88, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 207.157.110.12, DL: 2, Dsts: 4, Pkts: 362, Unique sigs: 4
DST: 11.11.11.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.80
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 81.39.112.88, DL: 2, Dsts: 1, Pkts: 171, Unique sigs: 1
DST: 11.11.11.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 195.74.127.158, DL: 2, Dsts: 3, Pkts: 519, Unique sigs: 3
DST: 11.11.11.84
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.75
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.11.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 64.140.52.100, DL: 2, Dsts: 1, Pkts: 750, Unique sigs: 1
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 67.86.95.80, DL: 2, Dsts: 1, Pkts: 752, Unique sigs: 1
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 81.128.93.13, DL: 2, Dsts: 24, Pkts: 16541, Unique sigs: 24
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
SRC: 68.35.79.40, DL: 2, Dsts: 1, Pkts: 816, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 209.179.226.186, DL: 2, Dsts: 1, Pkts: 175, Unique sigs: 1
DST: 11.11.11.73
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 64.220.228.194, DL: 2, Dsts: 2, Pkts: 1642, Unique sigs: 2
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 80 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.79.97.213, DL: 2, Dsts: 1, Pkts: 824, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 82.67.2.66, DL: 2, Dsts: 1, Pkts: 176, Unique sigs: 1
DST: 11.11.11.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 64.105.32.50, DL: 2, Dsts: 1, Pkts: 828, Unique sigs: 1
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 195.175.148.145, DL: 2, Dsts: 1, Pkts: 177, Unique sigs: 1
DST: 11.11.11.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 24.90.109.26, DL: 2, Dsts: 1, Pkts: 832, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 67.74.56.104, DL: 2, Dsts: 1, Pkts: 101, Unique sigs: 1
DST: 11.11.11.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 67.30.251.155, DL: 2, Dsts: 1, Pkts: 178, Unique sigs: 1
DST: 11.11.11.90
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 216.94.210.227, DL: 2, Dsts: 1, Pkts: 102, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 68.79.93.118, DL: 2, Dsts: 1, Pkts: 836, Unique sigs: 1
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 211.55.246.1, DL: 2, Dsts: 2, Pkts: 949, Unique sigs: 2
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 198.65.194.245, DL: 2, Dsts: 2, Pkts: 1700, Unique sigs: 2
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 213.101.32.246, DL: 2, Dsts: 1, Pkts: 179, Unique sigs: 1
DST: 11.11.11.81
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 64.201.107.161, DL: 2, Dsts: 1, Pkts: 180, Unique sigs: 1
DST: 11.11.11.115
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 211.40.233.200, DL: 2, Dsts: 24, Pkts: 18332, Unique sigs: 24
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 17300 (2 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 17300 (4 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 17300 (2 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 17300 (4 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 17300 (2 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 17300 (2 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 17300 (4 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 17300 (2 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 17300 (4 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 4, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 17300 (1 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 17300, SYN, Sid: 100206
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 17300 (2 packets)
Signature match: "PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 17300, SYN, Sid: 100206
SRC: 81.29.4.102, DL: 2, Dsts: 1, Pkts: 895, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.20.248.190, DL: 2, Dsts: 1, Pkts: 109, Unique sigs: 1
DST: 11.11.11.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 82.32.66.45, DL: 2, Dsts: 1, Pkts: 898, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 67.101.107.15, DL: 2, Dsts: 1, Pkts: 902, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 65.95.116.124, DL: 2, Dsts: 2, Pkts: 1814, Unique sigs: 2
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 216.10.108.130, DL: 2, Dsts: 1, Pkts: 912, Unique sigs: 1
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 213.3.206.191, DL: 2, Dsts: 1, Pkts: 181, Unique sigs: 1
DST: 11.11.11.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 66.75.227.22, DL: 2, Dsts: 1, Pkts: 182, Unique sigs: 1
DST: 11.11.11.95
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 220.130.7.117, DL: 2, Dsts: 1, Pkts: 115, Unique sigs: 1
DST: 11.11.11.80
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 140.136.205.57, DL: 2, Dsts: 1, Pkts: 116, Unique sigs: 1
DST: 11.11.11.80
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 207.175.216.216, DL: 2, Dsts: 1, Pkts: 117, Unique sigs: 1
DST: 11.11.11.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 65.92.172.235, DL: 2, Dsts: 1, Pkts: 183, Unique sigs: 1
DST: 11.11.11.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 64.191.134.21, DL: 2, Dsts: 1, Pkts: 919, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 61.166.100.18, DL: 2, Dsts: 1, Pkts: 921, Unique sigs: 1
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 200.154.136.19, DL: 2, Dsts: 24, Pkts: 5516, Unique sigs: 0
DST: 11.11.11.83
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.80
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.84
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.71
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.115
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.95
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.81
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.125
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.110
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.87
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.75
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.105
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.85
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.100
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.69
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.73
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.90
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.72
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.120
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.70
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.67
Scanned ports: FORWARD br0 udp 137 (1 packets)
Scanned ports: FORWARD br0 tcp 139 (22 packets)
DST: 11.11.11.64
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.82
Scanned ports: FORWARD br0 udp 137 (1 packets)
DST: 11.11.11.89
Scanned ports: FORWARD br0 udp 137 (1 packets)
SRC: 221.5.128.1, DL: 2, Dsts: 1, Pkts: 208, Unique sigs: 1
DST: 11.11.11.110
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 205.158.169.54, DL: 2, Dsts: 1, Pkts: 945, Unique sigs: 1
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 81.62.38.11, DL: 2, Dsts: 1, Pkts: 121, Unique sigs: 1
DST: 11.11.11.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 216.39.250.3, DL: 2, Dsts: 1, Pkts: 948, Unique sigs: 1
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 135 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 63.233.148.216, DL: 2, Dsts: 24, Pkts: 20600, Unique sigs: 24
DST: 11.11.11.83
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.80
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.84
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.71
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.115
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.95
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.81
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.125
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.110
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.87
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.75
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.105
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.85
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.100
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.69
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.73
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.90
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.72
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.120
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.70
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.67
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.64
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.82
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
DST: 11.11.11.89
Scanned ports: FORWARD br0 tcp 3127 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3127, SYN, Sid: 2375
SRC: 203.164.77.229, DL: 2, Dsts: 1, Pkts: 209, Unique sigs: 1
DST: 11.11.11.85
Scanned ports: FORWARD br0 udp 1026 (1 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196