[+] Top 50 signature matches:
"MISC Radmin Default install options attempt" (tcp), Count: 12246, Unique sources: 215, Sid: 100204
"MISC Microsoft SQL Server communication attempt" (tcp), Count: 9841, Unique sources: 729, Sid: 100205
"PSAD-CUSTOM Slammer communication attempt" (udp), Count: 5979, Unique sources: 1617, Sid: 100208
"ICMP PING" (icmp), Count: 4877, Unique sources: 1384, Sid: 384
"ICMP PING Sun Solaris" (icmp), Count: 1766, Unique sources: 124, Sid: 381
"MISC Windows popup spam attempt" (udp), Count: 1411, Unique sources: 36, Sid: 100196
"BACKDOOR DoomJuice file upload attempt" (tcp), Count: 738, Unique sources: 59, Sid: 2375
"MISC MS Terminal Server communication attempt" (tcp), Count: 730, Unique sources: 12, Sid: 100077
"MISC VNC communication attempt" (tcp), Count: 194, Unique sources: 7, Sid: 100202
"MISC HP Web JetAdmin communication attempt" (tcp), Count: 164, Unique sources: 9, Sid: 100084
"BACKDOOR netbus Connection Cttempt" (tcp), Count: 96, Unique sources: 2, Sid: 100028
"BACKDOOR Subseven connection attempt" (tcp), Count: 78, Unique sources: 2, Sid: 100207
"DOS arkiea backup communication attempt" (tcp), Count: 71, Unique sources: 1, Sid: 282
"BACKDOOR typot trojan traffic" (tcp), Count: 37, Unique sources: 11, Sid: 2182
"ICMP traceroute" (icmp), Count: 33, Unique sources: 2, Sid: 385
"BACKDOOR SatansBackdoor.2.0.Beta, or BackConstruction 2.1 Connection Attempt" (tcp), Count: 28, Unique sources: 1, Sid: 100041
"PSAD-CUSTOM Kuang2 virus communication attempt" (tcp), Count: 9, Unique sources: 1, Sid: 100206
"P2P napster communication attempt" (tcp), Count: 6, Unique sources: 1, Sid: 100090
"POLICY vncviewer Java applet communication attempt" (tcp), Count: 1, Unique sources: 1, Sid: 1846
"RPC portmap listing UDP 32771" (udp), Count: 1, Unique sources: 1, Sid: 1281
"ICMP Large ICMP Packet" (icmp), Count: 1, Unique sources: 1, Sid: 499
[+] Top 25 attackers:
82.42.102.90 DL: 2, Packets: 2, Sig count: 1
172.172.125.249 DL: 2, Packets: 1, Sig count: 1
222.248.13.38 DL: 2, Packets: 2, Sig count: 1
81.195.3.202 DL: 2, Packets: 1, Sig count: 1
63.91.25.179 DL: 2, Packets: 1, Sig count: 1
221.209.56.17 DL: 2, Packets: 2, Sig count: 1
211.229.94.192 DL: 2, Packets: 35, Sig count: 35
146.129.242.30 DL: 2, Packets: 1, Sig count: 1
201.254.227.2 DL: 2, Packets: 3, Sig count: 3
69.211.59.234 DL: 2, Packets: 1, Sig count: 1
81.86.102.64 DL: 2, Packets: 1, Sig count: 1
195.122.21.119 DL: 2, Packets: 1, Sig count: 1
220.152.76.204 DL: 2, Packets: 1, Sig count: 1
222.149.177.224 DL: 2, Packets: 1, Sig count: 1
210.127.255.156 DL: 2, Packets: 3, Sig count: 3
84.222.61.42 DL: 2, Packets: 1, Sig count: 1
220.249.95.131 DL: 2, Packets: 2, Sig count: 1
218.154.82.100 DL: 2, Packets: 1, Sig count: 2
85.65.187.234 DL: 2, Packets: 72, Sig count: 72
66.30.106.216 DL: 2, Packets: 1, Sig count: 1
66.131.126.31 DL: 2, Packets: 2, Sig count: 1
207.181.177.58 DL: 2, Packets: 47, Sig count: 47
211.91.221.208 DL: 2, Packets: 1, Sig count: 1
63.175.148.150 DL: 2, Packets: 3, Sig count: 3
[+] Top 20 scanned ports:
tcp 135 56400 packets
tcp 445 27142 packets
tcp 139 16510 packets
tcp 4899 12246 packets
tcp 1433 9841 packets
tcp 3306 4786 packets
tcp 80 3924 packets
tcp 22 2829 packets
tcp 42 2413 packets
tcp 21 1387 packets
tcp 1025 1215 packets
tcp 5554 880 packets
tcp 3389 730 packets
tcp 25 723 packets
tcp 3127 638 packets
tcp 9898 620 packets
tcp 6129 529 packets
tcp 6101 493 packets
tcp 2100 399 packets
tcp 1023 363 packets
udp 1434 5979 packets
udp 137 3448 packets
udp 1026 907 packets
udp 514 810 packets
udp 1027 527 packets
udp 53 320 packets
udp 3412 64 packets
udp 43215 50 packets
udp 1 46 packets
udp 135 39 packets
udp 5093 33 packets
udp 111 20 packets
udp 1024 19 packets
udp 9969 4 packets
udp 666 3 packets
udp 1432 2 packets
udp 14328 2 packets
udp 13866 1 packets
udp 7 1 packets
udp 6195 1 packets
Netfilter log prefix counters:
"Drop udp after inbound try": 27
"OUTBOUND CONN UDP:": 955
"INBOUND UDP:": 11374
"Drop TCP after 17 attempts": 14
"OUTBOUND CONN TCP:": 1664
"INBOUND TCP:": 160789
"INBOUND ICMP:": 4877
"Drop udp after 23 attempts": 35
"Drop it after inbound try": 1
Total scan sources: 4205
Total scan destinations: 70
Total packet counters: tcp: 40938, udp: 9001, icmp: 4877
[+] IP Status Detail:
SRC: 82.42.102.90, DL: 2, Dsts: 1, Pkts: 2, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 172.172.125.249, DL: 2, Dsts: 1, Pkts: 1, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 222.248.13.38, DL: 2, Dsts: 1, Pkts: 4, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 81.195.3.202, DL: 2, Dsts: 1, Pkts: 2, Unique sigs: 1
DST: 11.11.79.75
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.91.25.179, DL: 2, Dsts: 1, Pkts: 3, Unique sigs: 1
DST: 11.11.79.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 221.209.56.17, DL: 2, Dsts: 1, Pkts: 7, Unique sigs: 1
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 211.229.94.192, DL: 2, Dsts: 13, Pkts: 280, Unique sigs: 13
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
SRC: 146.129.242.30, DL: 2, Dsts: 1, Pkts: 5, Unique sigs: 1
DST: 11.11.79.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 201.254.227.2, DL: 2, Dsts: 1, Pkts: 41, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 69.211.59.234, DL: 2, Dsts: 1, Pkts: 3, Unique sigs: 1
DST: 11.11.79.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 81.86.102.64, DL: 2, Dsts: 1, Pkts: 4, Unique sigs: 1
DST: 11.11.79.81
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 195.122.21.119, DL: 2, Dsts: 1, Pkts: 5, Unique sigs: 1
DST: 11.11.79.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 220.152.76.204, DL: 2, Dsts: 1, Pkts: 6, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 222.149.177.224, DL: 2, Dsts: 1, Pkts: 6, Unique sigs: 1
DST: 11.11.79.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 210.127.255.156, DL: 2, Dsts: 1, Pkts: 44, Unique sigs: 1
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 84.222.61.42, DL: 2, Dsts: 1, Pkts: 7, Unique sigs: 1
DST: 11.11.79.110
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 220.249.95.131, DL: 2, Dsts: 1, Pkts: 52, Unique sigs: 1
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.154.82.100, DL: 2, Dsts: 1, Pkts: 8, Unique sigs: 2
DST: 11.11.79.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
Signature match: "ICMP PING Sun Solaris" (icmp), Chain: FORWARD, Count: 1, Sid: 381
SRC: 85.65.187.234, DL: 2, Dsts: 24, Pkts: 1980, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
SRC: 66.30.106.216, DL: 2, Dsts: 1, Pkts: 9, Unique sigs: 1
DST: 11.11.79.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 66.131.126.31, DL: 2, Dsts: 1, Pkts: 128, Unique sigs: 1
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 207.181.177.58, DL: 2, Dsts: 24, Pkts: 832, Unique sigs: 24
DST: 11.11.79.69
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.73
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.84
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.89
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.87
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.81
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.70
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.71
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.82
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.125
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.115
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.80
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.83
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.72
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.85
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.75
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.120
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.67
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
SRC: 211.91.221.208, DL: 2, Dsts: 1, Pkts: 58, Unique sigs: 1
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 63.175.148.150, DL: 2, Dsts: 1, Pkts: 121, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 61.187.118.39, DL: 2, Dsts: 1, Pkts: 59, Unique sigs: 1
DST: 11.11.79.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 172.202.205.64, DL: 2, Dsts: 1, Pkts: 8, Unique sigs: 1
DST: 11.11.79.125
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 203.248.3.235, DL: 2, Dsts: 8, Pkts: 108, Unique sigs: 8
DST: 11.11.79.84
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.100
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.125
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.81
Scanned ports: FORWARD br0 udp 1434 (2 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 2, DP: 1434, Sid: 100208
DST: 11.11.79.115
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.83
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.70
Scanned ports: FORWARD br0 udp 1434 (2 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 2, DP: 1434, Sid: 100208
DST: 11.11.79.67
Scanned ports: FORWARD br0 udp 1434 (2 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 2, DP: 1434, Sid: 100208
SRC: 211.212.230.147, DL: 2, Dsts: 1, Pkts: 124, Unique sigs: 1
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 202.105.129.215, DL: 2, Dsts: 1, Pkts: 60, Unique sigs: 2
DST: 11.11.79.89
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
Signature match: "ICMP PING Sun Solaris" (icmp), Chain: FORWARD, Count: 1, Sid: 381
SRC: 211.177.79.44, DL: 2, Dsts: 24, Pkts: 7658, Unique sigs: 43
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 57-1433 (13 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 6, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 57-1433 (10 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 57-1433 (7 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 57-1433 (8 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 57-139 (10 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 57-1433 (9 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 57-139 (7 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 139-1433 (9 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 57-1433 (12 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 5, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 57-1433 (8 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 57-1433 (13 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 6, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 57-139 (9 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 57-1433 (15 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 6, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 57-1433 (11 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 57-1433 (10 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 139-1433 (12 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 6, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 5, Sid: 384
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 57-1433 (10 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 57-1433 (10 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 57-1433 (13 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 5, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 57 (6 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 57-1433 (12 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 5, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 57-1433 (14 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 6, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 57-1433 (10 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
SRC: 61.185.75.121, DL: 2, Dsts: 3, Pkts: 63, Unique sigs: 3
DST: 11.11.79.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.81
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 68.42.156.108, DL: 2, Dsts: 1, Pkts: 23, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 172.150.117.3, DL: 2, Dsts: 1, Pkts: 24, Unique sigs: 1
DST: 11.11.79.70
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 138.73.71.118, DL: 2, Dsts: 1, Pkts: 472, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.88.15.41, DL: 2, Dsts: 1, Pkts: 110, Unique sigs: 1
DST: 11.11.79.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 208.211.19.57, DL: 2, Dsts: 3, Pkts: 78, Unique sigs: 3
DST: 11.11.79.81
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.83
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.70
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 212.98.20.130, DL: 2, Dsts: 1, Pkts: 28, Unique sigs: 1
DST: 11.11.79.72
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 220.209.82.20, DL: 2, Dsts: 1, Pkts: 29, Unique sigs: 1
DST: 11.11.79.89
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 64.62.145.98, DL: 2, Dsts: 24, Pkts: 16856, Unique sigs: 0
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 80 (20 packets)
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 22-80 (21 packets)
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 22-80 (20 packets)
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 80 (20 packets)
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 22-80 (20 packets)
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 80 (20 packets)
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 22-80 (4 packets)
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 80 (20 packets)
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 80 (19 packets)
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 22-80 (20 packets)
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 22-80 (22 packets)
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 22-80 (20 packets)
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 22-80 (20 packets)
SRC: 80.73.209.173, DL: 2, Dsts: 1, Pkts: 30, Unique sigs: 1
DST: 11.11.79.125
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 219.84.78.31, DL: 2, Dsts: 1, Pkts: 111, Unique sigs: 1
DST: 11.11.79.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 201.1.110.192, DL: 2, Dsts: 1, Pkts: 922, Unique sigs: 1
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 211.142.70.108, DL: 2, Dsts: 1, Pkts: 112, Unique sigs: 1
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 62.177.153.106, DL: 2, Dsts: 1, Pkts: 1036, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 213.120.98.50, DL: 2, Dsts: 1, Pkts: 31, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 217.221.171.21, DL: 2, Dsts: 1, Pkts: 32, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.108.90.23, DL: 2, Dsts: 2, Pkts: 229, Unique sigs: 2
DST: 11.11.79.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 211.140.254.50, DL: 2, Dsts: 8, Pkts: 307, Unique sigs: 8
DST: 11.11.79.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.87
Scanned ports: FORWARD br0 udp 1434 (2 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 2, DP: 1434, Sid: 100208
DST: 11.11.79.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.105
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.83
Scanned ports: FORWARD br0 udp 1434 (3 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 3, DP: 1434, Sid: 100208
DST: 11.11.79.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.70
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.90
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 203.116.15.241, DL: 2, Dsts: 1, Pkts: 116, Unique sigs: 1
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 81.174.220.106, DL: 2, Dsts: 1, Pkts: 926, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 4.249.135.159, DL: 2, Dsts: 1, Pkts: 44, Unique sigs: 1
DST: 11.11.79.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 172.128.13.102, DL: 2, Dsts: 1, Pkts: 1044, Unique sigs: 1
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 220.173.187.144, DL: 2, Dsts: 1, Pkts: 118, Unique sigs: 1
DST: 11.11.79.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.11.200.77, DL: 2, Dsts: 1, Pkts: 45, Unique sigs: 1
DST: 11.11.79.90
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 222.144.232.176, DL: 2, Dsts: 1, Pkts: 46, Unique sigs: 1
DST: 11.11.79.69
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 218.11.200.59, DL: 2, Dsts: 1, Pkts: 47, Unique sigs: 1
DST: 11.11.79.115
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 200.208.177.186, DL: 2, Dsts: 1, Pkts: 930, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 61.249.222.67, DL: 2, Dsts: 24, Pkts: 23220, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
SRC: 221.11.156.218, DL: 2, Dsts: 1, Pkts: 1005, Unique sigs: 1
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 69.251.26.49, DL: 2, Dsts: 1, Pkts: 48, Unique sigs: 1
DST: 11.11.79.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 83.17.61.186, DL: 2, Dsts: 2, Pkts: 239, Unique sigs: 4
DST: 11.11.79.81
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
Signature match: "ICMP PING Sun Solaris" (icmp), Chain: FORWARD, Count: 1, Sid: 381
DST: 11.11.79.73
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
Signature match: "ICMP PING Sun Solaris" (icmp), Chain: FORWARD, Count: 1, Sid: 381
SRC: 221.168.197.4, DL: 2, Dsts: 1, Pkts: 1008, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 218.20.115.100, DL: 2, Dsts: 1, Pkts: 1009, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
SRC: 218.85.238.186, DL: 2, Dsts: 1, Pkts: 1012, Unique sigs: 1
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 200.74.33.101, DL: 2, Dsts: 1, Pkts: 49, Unique sigs: 1
DST: 11.11.79.90
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 200.40.106.194, DL: 2, Dsts: 1, Pkts: 1015, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 220.76.67.248, DL: 2, Dsts: 24, Pkts: 25260, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
SRC: 210.195.12.11, DL: 2, Dsts: 1, Pkts: 50, Unique sigs: 1
DST: 11.11.79.70
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 130.239.67.227, DL: 2, Dsts: 1, Pkts: 51, Unique sigs: 1
DST: 11.11.79.72
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 81.243.196.240, DL: 2, Dsts: 1, Pkts: 52, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 203.106.185.37, DL: 2, Dsts: 1, Pkts: 53, Unique sigs: 1
DST: 11.11.79.105
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 222.118.116.132, DL: 2, Dsts: 24, Pkts: 26583, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
SRC: 66.60.32.126, DL: 2, Dsts: 1, Pkts: 121, Unique sigs: 2
DST: 11.11.79.83
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
Signature match: "ICMP PING Sun Solaris" (icmp), Chain: FORWARD, Count: 1, Sid: 381
SRC: 218.164.48.163, DL: 2, Dsts: 1, Pkts: 1129, Unique sigs: 1
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 3127 (3 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3127, SYN, Sid: 2375
SRC: 67.126.194.45, DL: 2, Dsts: 2, Pkts: 245, Unique sigs: 2
DST: 11.11.79.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 81.240.29.3, DL: 2, Dsts: 2, Pkts: 109, Unique sigs: 2
DST: 11.11.79.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.72
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 194.179.25.55, DL: 2, Dsts: 2, Pkts: 113, Unique sigs: 2
DST: 11.11.79.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.75
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.191.113.85, DL: 2, Dsts: 1, Pkts: 124, Unique sigs: 1
DST: 11.11.79.67
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 63.191.128.14, DL: 2, Dsts: 2, Pkts: 251, Unique sigs: 2
DST: 11.11.79.82
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 220.184.231.133, DL: 2, Dsts: 1, Pkts: 1131, Unique sigs: 1
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
SRC: 220.158.63.23, DL: 2, Dsts: 1, Pkts: 58, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 209.217.79.250, DL: 2, Dsts: 1, Pkts: 59, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 12.17.180.104, DL: 2, Dsts: 1, Pkts: 1344, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 212.179.251.125, DL: 2, Dsts: 24, Pkts: 30108, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
SRC: 4.232.57.228, DL: 2, Dsts: 1, Pkts: 60, Unique sigs: 1
DST: 11.11.79.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 85.33.107.145, DL: 2, Dsts: 19, Pkts: 24740, Unique sigs: 19
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
SRC: 68.196.112.117, DL: 2, Dsts: 1, Pkts: 61, Unique sigs: 1
DST: 11.11.79.89
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 202.99.177.56, DL: 2, Dsts: 8, Pkts: 524, Unique sigs: 8
DST: 11.11.79.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.115
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.69
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.85
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.120
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.90
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 151.44.154.244, DL: 2, Dsts: 1, Pkts: 70, Unique sigs: 1
DST: 11.11.79.115
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 148.223.119.56, DL: 2, Dsts: 1, Pkts: 71, Unique sigs: 1
DST: 11.11.79.72
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 61.18.240.122, DL: 2, Dsts: 1, Pkts: 128, Unique sigs: 1
DST: 11.11.79.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 63.69.63.171, DL: 2, Dsts: 3, Pkts: 2764, Unique sigs: 1
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 135 (3 packets)
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 135 (3 packets)
DST: 11.11.79.69
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 63.26.221.160, DL: 2, Dsts: 1, Pkts: 1452, Unique sigs: 1
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 445 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 146.145.49.181, DL: 2, Dsts: 24, Pkts: 35638, Unique sigs: 34
Source OS fingerprint:
Windows NT
DST: 11.11.79.69
Scanned ports: FORWARD br0 udp 137 (2 packets)
Scanned ports: FORWARD br0 tcp 57-1433 (6 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.73
Scanned ports: FORWARD br0 udp 137 (1 packets)
Scanned ports: FORWARD br0 tcp 57-1433 (5 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 57-139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.95
Scanned ports: FORWARD br0 udp 137 (3 packets)
Scanned ports: FORWARD br0 tcp 57-139 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 57 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 57-139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.81
Scanned ports: FORWARD br0 udp 137 (2 packets)
Scanned ports: FORWARD br0 tcp 57-1433 (5 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.105
Scanned ports: FORWARD br0 udp 137 (3 packets)
Scanned ports: FORWARD br0 tcp 57-1433 (5 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 57 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 57-1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 57-1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 57-1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.125
Scanned ports: FORWARD br0 udp 137 (3 packets)
Scanned ports: FORWARD br0 tcp 57-139 (7 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.110
Scanned ports: FORWARD br0 udp 137 (3 packets)
Scanned ports: FORWARD br0 tcp 57-139 (4 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.100
Scanned ports: FORWARD br0 udp 137 (3 packets)
Scanned ports: FORWARD br0 tcp 57-139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.115
Scanned ports: FORWARD br0 udp 137 (3 packets)
Scanned ports: FORWARD br0 tcp 139-1433 (5 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 3, Sid: 384
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 57-1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.80
Scanned ports: FORWARD br0 udp 137 (2 packets)
Scanned ports: FORWARD br0 tcp 57 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.72
Scanned ports: FORWARD br0 udp 137 (2 packets)
Scanned ports: FORWARD br0 tcp 57-139 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 57 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 57-1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.120
Scanned ports: FORWARD br0 udp 137 (3 packets)
Scanned ports: FORWARD br0 tcp 57-1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.67
Scanned ports: FORWARD br0 udp 137 (1 packets)
Scanned ports: FORWARD br0 tcp 57-1433 (4 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 62.175.7.79, DL: 2, Dsts: 1, Pkts: 103, Unique sigs: 1
DST: 11.11.79.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 221.124.104.154, DL: 2, Dsts: 1, Pkts: 104, Unique sigs: 1
DST: 11.11.79.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 203.161.252.199, DL: 2, Dsts: 1, Pkts: 105, Unique sigs: 1
DST: 11.11.79.105
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 61.153.220.158, DL: 2, Dsts: 2, Pkts: 1712, Unique sigs: 2
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.90
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 4.227.29.211, DL: 2, Dsts: 1, Pkts: 106, Unique sigs: 1
DST: 11.11.79.89
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.233.9.244, DL: 2, Dsts: 1, Pkts: 1561, Unique sigs: 1
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 445 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 220.165.172.81, DL: 2, Dsts: 1, Pkts: 158, Unique sigs: 1
DST: 11.11.79.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 24.0.241.249, DL: 2, Dsts: 1, Pkts: 108, Unique sigs: 1
DST: 11.11.79.71
Scanned ports: FORWARD br0 udp 1434 (2 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 2, DP: 1434, Sid: 100208
SRC: 63.28.114.152, DL: 2, Dsts: 1, Pkts: 1407, Unique sigs: 1
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 218.207.26.199, DL: 2, Dsts: 2, Pkts: 219, Unique sigs: 2
DST: 11.11.79.84
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.83
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 61.178.57.62, DL: 2, Dsts: 1, Pkts: 159, Unique sigs: 1
DST: 11.11.79.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 221.215.154.19, DL: 2, Dsts: 3, Pkts: 4234, Unique sigs: 3
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
SRC: 61.185.28.106, DL: 2, Dsts: 4, Pkts: 452, Unique sigs: 4
DST: 11.11.79.100
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.120
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.70
Scanned ports: FORWARD br0 udp 1434 (2 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 2, DP: 1434, Sid: 100208
DST: 11.11.79.90
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.17.38.80, DL: 2, Dsts: 1, Pkts: 1576, Unique sigs: 1
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 445 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 61.15.233.44, DL: 2, Dsts: 1, Pkts: 161, Unique sigs: 1
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 82.125.199.246, DL: 2, Dsts: 1, Pkts: 116, Unique sigs: 1
DST: 11.11.79.72
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 62.209.160.173, DL: 2, Dsts: 24, Pkts: 34599, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 61.18.172.23, DL: 2, Dsts: 1, Pkts: 162, Unique sigs: 1
DST: 11.11.79.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 200.122.195.88, DL: 2, Dsts: 1, Pkts: 117, Unique sigs: 1
DST: 11.11.79.70
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 220.9.84.90, DL: 2, Dsts: 1, Pkts: 1630, Unique sigs: 1
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 63.159.173.1, DL: 2, Dsts: 1, Pkts: 164, Unique sigs: 1
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 200.103.25.210, DL: 2, Dsts: 1, Pkts: 118, Unique sigs: 1
DST: 11.11.79.100
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 218.88.40.202, DL: 2, Dsts: 1, Pkts: 165, Unique sigs: 1
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 66.67.128.111, DL: 2, Dsts: 1, Pkts: 1470, Unique sigs: 1
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 65.122.119.10, DL: 2, Dsts: 1, Pkts: 1637, Unique sigs: 1
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 221.218.20.19, DL: 2, Dsts: 1, Pkts: 1474, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 61.18.111.62, DL: 2, Dsts: 1, Pkts: 167, Unique sigs: 1
DST: 11.11.79.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 172.158.125.107, DL: 2, Dsts: 1, Pkts: 119, Unique sigs: 1
DST: 11.11.79.90
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 81.49.202.91, DL: 2, Dsts: 24, Pkts: 36276, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
SRC: 199.232.230.61, DL: 2, Dsts: 1, Pkts: 120, Unique sigs: 1
DST: 11.11.79.115
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 172.211.163.97, DL: 2, Dsts: 1, Pkts: 121, Unique sigs: 1
DST: 11.11.79.115
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 172.214.25.70, DL: 2, Dsts: 1, Pkts: 122, Unique sigs: 1
DST: 11.11.79.70
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 220.185.167.232, DL: 2, Dsts: 1, Pkts: 1548, Unique sigs: 1
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
SRC: 149.156.162.162, DL: 2, Dsts: 1, Pkts: 123, Unique sigs: 1
DST: 11.11.79.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 69.153.17.136, DL: 2, Dsts: 2, Pkts: 3105, Unique sigs: 2
Source OS fingerprint:
Windows XP/2000
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 172.167.51.110, DL: 2, Dsts: 1, Pkts: 124, Unique sigs: 1
DST: 11.11.79.120
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 211.189.18.33, DL: 2, Dsts: 24, Pkts: 37855, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 3389 (1 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 3389 (1 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 3389 (1 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 3389 (3 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 3389 (1 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 3389 (1 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 3389, SYN, Sid: 100077
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 3389 (2 packets)
Signature match: "MISC MS Terminal Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3389, SYN, Sid: 100077
SRC: 218.0.6.200, DL: 2, Dsts: 14, Pkts: 22477, Unique sigs: 14
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
SRC: 203.136.78.157, DL: 2, Dsts: 1, Pkts: 125, Unique sigs: 1
DST: 11.11.79.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.228.91.98, DL: 2, Dsts: 1, Pkts: 126, Unique sigs: 1
DST: 11.11.79.105
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 220.86.10.224, DL: 2, Dsts: 1, Pkts: 1615, Unique sigs: 1
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 211.200.8.200, DL: 2, Dsts: 24, Pkts: 41540, Unique sigs: 22
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 139 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 139 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 139 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 139 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 139 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 139 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 139 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 139 (2 packets)
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 139 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.64
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 139 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 139 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 139 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 139 (2 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 139 (2 packets)
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 139 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 68.74.187.61, DL: 2, Dsts: 1, Pkts: 1654, Unique sigs: 1
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 3128 (1 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 1, DP: 3128, SYN, Sid: 2375
SRC: 220.169.225.120, DL: 2, Dsts: 1, Pkts: 1656, Unique sigs: 1
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
SRC: 222.252.32.213, DL: 2, Dsts: 1, Pkts: 190, Unique sigs: 1
DST: 11.11.79.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 203.217.26.190, DL: 2, Dsts: 1, Pkts: 127, Unique sigs: 1
DST: 11.11.79.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 220.184.238.22, DL: 2, Dsts: 1, Pkts: 1659, Unique sigs: 1
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 212.21.207.148, DL: 2, Dsts: 1, Pkts: 128, Unique sigs: 1
DST: 11.11.79.73
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 195.194.178.154, DL: 2, Dsts: 1, Pkts: 191, Unique sigs: 2
DST: 11.11.79.120
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
Signature match: "ICMP PING Sun Solaris" (icmp), Chain: FORWARD, Count: 1, Sid: 381
SRC: 218.7.136.60, DL: 2, Dsts: 18, Pkts: 30267, Unique sigs: 18
Source OS fingerprint:
Windows XP/2000
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (1 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 1, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
SRC: 63.18.123.98, DL: 2, Dsts: 1, Pkts: 192, Unique sigs: 1
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 221.232.144.26, DL: 2, Dsts: 2, Pkts: 387, Unique sigs: 2
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.13.12.241, DL: 2, Dsts: 1, Pkts: 1703, Unique sigs: 1
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
SRC: 213.102.116.29, DL: 2, Dsts: 1, Pkts: 129, Unique sigs: 1
DST: 11.11.79.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 218.31.113.242, DL: 2, Dsts: 22, Pkts: 37934, Unique sigs: 22
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
SRC: 68.89.167.87, DL: 2, Dsts: 1, Pkts: 1941, Unique sigs: 1
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 211.143.29.129, DL: 2, Dsts: 5, Pkts: 660, Unique sigs: 5
DST: 11.11.79.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.100
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.85
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.72
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 221.226.110.175, DL: 2, Dsts: 4, Pkts: 6999, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 80 (1 packets)
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 3128 (2 packets)
Signature match: "BACKDOOR DoomJuice file upload attempt" (tcp), Chain: FORWARD, Count: 2, DP: 3128, SYN, Sid: 2375
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 80 (2 packets)
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 80 (1 packets)
SRC: 202.105.237.238, DL: 2, Dsts: 1, Pkts: 1755, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 82.81.249.81, DL: 2, Dsts: 1, Pkts: 196, Unique sigs: 1
DST: 11.11.79.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 68.207.207.104, DL: 2, Dsts: 1, Pkts: 135, Unique sigs: 1
DST: 11.11.79.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.20.175.54, DL: 2, Dsts: 1, Pkts: 1955, Unique sigs: 1
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 445 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 61.15.105.109, DL: 2, Dsts: 1, Pkts: 198, Unique sigs: 1
DST: 11.11.79.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 69.1.28.141, DL: 2, Dsts: 2, Pkts: 273, Unique sigs: 2
DST: 11.11.79.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 4.157.38.51, DL: 2, Dsts: 1, Pkts: 138, Unique sigs: 1
DST: 11.11.79.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 220.111.51.139, DL: 2, Dsts: 2, Pkts: 279, Unique sigs: 2
DST: 11.11.79.69
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.120
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 172.216.143.184, DL: 2, Dsts: 1, Pkts: 141, Unique sigs: 1
DST: 11.11.79.85
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 211.237.125.81, DL: 2, Dsts: 1, Pkts: 1761, Unique sigs: 1
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 212.104.102.101, DL: 2, Dsts: 1, Pkts: 199, Unique sigs: 2
DST: 11.11.79.73
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
Signature match: "ICMP PING Sun Solaris" (icmp), Chain: FORWARD, Count: 1, Sid: 381
SRC: 24.6.97.6, DL: 2, Dsts: 1, Pkts: 200, Unique sigs: 1
DST: 11.11.79.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 61.159.62.131, DL: 2, Dsts: 2, Pkts: 285, Unique sigs: 2
DST: 11.11.79.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.72
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 200.249.126.194, DL: 2, Dsts: 2, Pkts: 289, Unique sigs: 2
DST: 11.11.79.83
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 209.47.200.225, DL: 2, Dsts: 1, Pkts: 1965, Unique sigs: 1
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 200.216.239.180, DL: 2, Dsts: 1, Pkts: 1767, Unique sigs: 1
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 218.75.196.34, DL: 2, Dsts: 1, Pkts: 202, Unique sigs: 1
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 61.198.203.151, DL: 2, Dsts: 1, Pkts: 1973, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 65.115.46.225, DL: 2, Dsts: 2, Pkts: 3952, Unique sigs: 2
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 200.87.128.114, DL: 2, Dsts: 1, Pkts: 1775, Unique sigs: 1
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 172.145.33.88, DL: 2, Dsts: 1, Pkts: 146, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 193.126.173.200, DL: 2, Dsts: 1, Pkts: 147, Unique sigs: 1
DST: 11.11.79.83
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 61.68.2.151, DL: 2, Dsts: 1, Pkts: 148, Unique sigs: 1
DST: 11.11.79.82
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 134.215.203.97, DL: 2, Dsts: 1, Pkts: 149, Unique sigs: 1
DST: 11.11.79.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 212.1.241.118, DL: 2, Dsts: 24, Pkts: 43475, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
SRC: 63.159.64.101, DL: 2, Dsts: 2, Pkts: 2052, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 135 (2 packets)
DST: 11.11.79.100
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.13.28.104, DL: 2, Dsts: 1, Pkts: 207, Unique sigs: 1
DST: 11.11.79.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 61.90.79.73, DL: 2, Dsts: 1, Pkts: 208, Unique sigs: 2
DST: 11.11.79.85
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
Signature match: "ICMP PING Sun Solaris" (icmp), Chain: FORWARD, Count: 1, Sid: 381
SRC: 218.0.1.204, DL: 2, Dsts: 24, Pkts: 45051, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
SRC: 202.71.143.195, DL: 2, Dsts: 1, Pkts: 150, Unique sigs: 1
DST: 11.11.79.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 220.172.91.251, DL: 2, Dsts: 1, Pkts: 1908, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
SRC: 219.147.35.20, DL: 2, Dsts: 1, Pkts: 151, Unique sigs: 1
DST: 11.11.79.87
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 81.120.43.12, DL: 2, Dsts: 1, Pkts: 2120, Unique sigs: 1
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 445 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 81.245.100.225, DL: 2, Dsts: 1, Pkts: 1920, Unique sigs: 1
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 80.52.27.87, DL: 2, Dsts: 1, Pkts: 152, Unique sigs: 1
DST: 11.11.79.120
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.183.169.120, DL: 2, Dsts: 1, Pkts: 210, Unique sigs: 1
DST: 11.11.79.69
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 66.134.87.154, DL: 2, Dsts: 1, Pkts: 2136, Unique sigs: 1
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 80-135 (4 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 2, Sid: 384
SRC: 63.27.198.226, DL: 2, Dsts: 1, Pkts: 1927, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 63.21.200.212, DL: 2, Dsts: 1, Pkts: 153, Unique sigs: 1
DST: 11.11.79.110
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 221.127.4.135, DL: 2, Dsts: 7, Pkts: 1099, Unique sigs: 7
DST: 11.11.79.84
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.71
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.100
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.69
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.120
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.70
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.85
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 11.11.79.71, DL: 2, Dsts: 2, Pkts: 340, Unique sigs: 0, local IP!
DST: 62.75.177.165
Scanned ports: FORWARD br0 udp 1026 (1 packets)
DST: 217.172.188.228
Scanned ports: FORWARD br0 udp 3412-43215 (18 packets)
SRC: 62.126.79.89, DL: 2, Dsts: 1, Pkts: 181, Unique sigs: 1
DST: 11.11.79.89
Scanned ports: FORWARD br0 udp 135-1026 (2 packets)
Signature match: "MISC Windows popup spam attempt" (udp), Chain: FORWARD, Count: 1, DP: 1026, Sid: 100196
SRC: 221.137.217.236, DL: 2, Dsts: 1, Pkts: 1929, Unique sigs: 1
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
SRC: 221.126.136.90, DL: 2, Dsts: 1, Pkts: 182, Unique sigs: 1
DST: 11.11.79.95
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 65.107.69.197, DL: 2, Dsts: 2, Pkts: 4292, Unique sigs: 2
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 135 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 66.148.207.102, DL: 2, Dsts: 1, Pkts: 183, Unique sigs: 1
DST: 11.11.79.83
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 66.108.170.13, DL: 2, Dsts: 1, Pkts: 184, Unique sigs: 1
DST: 11.11.79.100
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 69.66.70.158, DL: 2, Dsts: 1, Pkts: 185, Unique sigs: 1
DST: 11.11.79.100
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.20.8.111, DL: 2, Dsts: 1, Pkts: 2151, Unique sigs: 1
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 445 (3 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 65.132.36.10, DL: 2, Dsts: 2, Pkts: 373, Unique sigs: 2
DST: 11.11.79.115
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
DST: 11.11.79.64
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 213.249.130.235, DL: 2, Dsts: 1, Pkts: 216, Unique sigs: 1
DST: 11.11.79.110
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 134.215.193.203, DL: 2, Dsts: 1, Pkts: 188, Unique sigs: 1
DST: 11.11.79.80
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 10.204.6.220, DL: 2, Dsts: 1, Pkts: 217, Unique sigs: 1
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 218.63.73.136, DL: 2, Dsts: 3, Pkts: 5814, Unique sigs: 3
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 1433 (1 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 1, DP: 1433, SYN, Sid: 100205
SRC: 221.3.108.133, DL: 2, Dsts: 1, Pkts: 1942, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 84.247.54.63, DL: 2, Dsts: 1, Pkts: 189, Unique sigs: 1
DST: 11.11.79.120
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 63.27.12.28, DL: 2, Dsts: 1, Pkts: 218, Unique sigs: 1
DST: 11.11.79.125
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 220.166.185.183, DL: 2, Dsts: 1, Pkts: 219, Unique sigs: 1
DST: 11.11.79.95
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 219.134.33.26, DL: 2, Dsts: 1, Pkts: 220, Unique sigs: 1
DST: 11.11.79.105
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 24.194.40.220, DL: 2, Dsts: 1, Pkts: 2173, Unique sigs: 1
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 212.48.163.141, DL: 2, Dsts: 2, Pkts: 4352, Unique sigs: 2
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 80 (1 packets)
Signature match: "ICMP PING" (icmp), Chain: FORWARD, Count: 1, Sid: 384
SRC: 203.109.142.75, DL: 2, Dsts: 1, Pkts: 190, Unique sigs: 1
DST: 11.11.79.125
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 203.196.165.47, DL: 2, Dsts: 24, Pkts: 47777, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 4899 (2 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 2, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
SRC: 213.66.95.232, DL: 2, Dsts: 1, Pkts: 191, Unique sigs: 1
DST: 11.11.79.72
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 200.217.80.65, DL: 2, Dsts: 1, Pkts: 2028, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 66.30.125.150, DL: 2, Dsts: 1, Pkts: 192, Unique sigs: 1
DST: 11.11.79.90
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 201.8.132.160, DL: 2, Dsts: 1, Pkts: 2031, Unique sigs: 1
Source OS fingerprint:
Windows XP/2000
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 1433 (3 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 3, DP: 1433, SYN, Sid: 100205
SRC: 172.196.201.54, DL: 2, Dsts: 1, Pkts: 193, Unique sigs: 1
DST: 11.11.79.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 202.62.85.66, DL: 2, Dsts: 24, Pkts: 49644, Unique sigs: 24
DST: 11.11.79.69
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.73
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.84
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.95
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.89
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.87
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.81
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.105
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.70
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.90
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.71
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.82
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.110
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.100
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.115
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.64
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.80
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.83
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.72
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.85
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.75
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.120
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
DST: 11.11.79.67
Scanned ports: FORWARD br0 tcp 4899 (3 packets)
Signature match: "MISC Radmin Default install options attempt" (tcp), Chain: FORWARD, Count: 3, DP: 4899, SYN, Sid: 100204
SRC: 220.189.91.241, DL: 2, Dsts: 1, Pkts: 2105, Unique sigs: 1
DST: 11.11.79.125
Scanned ports: FORWARD br0 tcp 1433 (2 packets)
Signature match: "MISC Microsoft SQL Server communication attempt" (tcp), Chain: FORWARD, Count: 2, DP: 1433, SYN, Sid: 100205
SRC: 151.25.187.179, DL: 2, Dsts: 1, Pkts: 194, Unique sigs: 1
DST: 11.11.79.70
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208
SRC: 200.231.68.216, DL: 2, Dsts: 1, Pkts: 195, Unique sigs: 1
DST: 11.11.79.67
Scanned ports: FORWARD br0 udp 1434 (1 packets)
Signature match: "PSAD-CUSTOM Slammer communication attempt" (udp), Chain: FORWARD, Count: 1, DP: 1434, Sid: 100208