11/24/08-18:51:58.480858  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1583
11/24/08-18:54:16.858356  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (16 /24s) (# pkts S/M/O/I=133/0/7/0): 143:1, 443:6, 53u:28, 80:105 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-18:56:10.883007  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 29 IPs (17 /24s) (# pkts S/M/O/I=211/0/8/0): 143:2, 443:6, 53u:36, 80:175 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-18:56:46.783809  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=15/0/35/0): 61125:1, 80:15, 6771u:2, 50000:9, 27672u:1, 54493u:1, 52100:9, 5683u:1, 21588u:1, 52100u:1, 35055u:1, 20900u:1 [**] {UDP} 195.251.234.8:0 -> 94.66.170.184:0
11/24/08-18:58:03.664024  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 29 IPs (17 /24s) (# pkts S/M/O/I=222/0/10/0): 143:4, 443:6, 53u:36, 80:186 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-18:58:16.796260  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=15/0/473/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:00:13.663536  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 29 IPs (17 /24s) (# pkts S/M/O/I=246/0/16/0): 143:10, 443:6, 53u:36, 80:210 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:00:33.682386  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=19/0/477/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:02:02.296926  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (18 /24s) (# pkts S/M/O/I=278/0/22/0): 143:16, 443:6, 53u:38, 80:240 [**] {UDP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:02:12.980315  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=22/0/488/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:02:48.286580  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1522
11/24/08-19:04:02.800196  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=22/0/497/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:04:21.499374  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (20 /24s) (# pkts S/M/O/I=332/0/22/0): 143:16, 443:6, 53u:54, 80:278 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:05:34.534951  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1348
11/24/08-19:05:53.767368  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=22/0/519/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:06:07.552932  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (20 /24s) (# pkts S/M/O/I=340/0/24/0): 143:18, 443:6, 53u:56, 80:284 [**] {UDP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:06:08.034732  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1108
11/24/08-19:06:13.796637  [**] [1:2600338:9] E6[rb] SPYWARE-DNS  DNS lookup 3 chars (.net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.3:52161 -> 195.251.255.142:53
11/24/08-19:06:24.784459  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1604
11/24/08-19:07:23.289778  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=22/0/538/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:07:43.548880  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (20 /24s) (# pkts S/M/O/I=383/0/24/0): 143:18, 443:6, 53u:73, 80:310 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:09:00.790676  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=22/0/547/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:10:38.446427  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=394/0/25/0): 143:18, 443:7, 53u:73, 80:321 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:10:41.067325  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=22/0/561/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:11:07.500415  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1456
11/24/08-19:11:24.250236  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1952
11/24/08-19:11:57.750088  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1712
11/24/08-19:12:12.737003  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=22/0/585/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:12:46.904689  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=394/0/29/0): 143:19, 443:10, 53u:73, 80:321 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:13:35.890054  [**] [116:97:1] (snort_decoder): Short UDP packet, length field > payload length [**] [Priority: 3] {UDP} 89.31.50.171:0 -> 195.251.234.8:0
11/24/08-19:13:42.072565  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=22/0/868/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {ICMP} 195.251.234.8 -> 222.167.208.67
11/24/08-19:14:55.451928  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=405/0/32/0): 143:22, 443:10, 53u:76, 80:329 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:15:16.606684  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1107/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:16:30.593014  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (20 /24s) (# pkts S/M/O/I=412/0/38/0): 143:24, 443:14, 53u:79, 80:333 [**] {UDP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:16:49.702778  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1117/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:18:22.588656  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1132/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:18:40.088219  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=464/0/38/0): 143:24, 443:14, 53u:102, 80:362 [**] {UDP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:19:52.846446  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1145/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:20:52.427534  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=488/0/38/0): 143:24, 443:14, 53u:104, 80:384 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:21:27.482600  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1182/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:22:35.327795  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=490/0/38/0): 143:24, 443:14, 53u:105, 80:385 [**] {UDP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:22:57.683964  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1195/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:24:26.899770  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=532/0/42/0): 143:26, 443:16, 53u:116, 80:416 [**] {UDP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:24:29.665220  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1215/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:25:34.744589  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.25:1757
11/24/08-19:25:35.681786  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1038
11/24/08-19:25:35.838225  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1568
11/24/08-19:25:58.803838  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=567/0/44/0): 143:26, 443:18, 53u:129, 80:438 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:26:02.522910  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1227/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:27:16.334619  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1848
11/24/08-19:27:33.737135  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1251/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:27:55.328200  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=574/0/44/0): 143:26, 443:18, 53u:130, 80:444 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:29:04.765691  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1698/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:29:36.241160  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=603/0/44/0): 143:26, 443:18, 53u:140, 80:463 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:30:34.746658  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1732/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:30:40.004147  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 60.63.104.110 -> 195.251.234.3
11/24/08-19:30:40.291857  [**] [122:1:0] (portscan) TCP Portscan [**] [Priority: 3] {PROTO:255} 60.63.104.110 -> 195.251.234.4
11/24/08-19:30:40.913418  [**] [122:1:0] (portscan) TCP Portscan [**] [Priority: 3] {PROTO:255} 60.63.104.110 -> 195.251.234.3
11/24/08-19:32:08.178037  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1763/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:32:49.859612  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=613/0/46/0): 143:28, 443:18, 53u:143, 80:470 [**] {UDP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:33:42.725245  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1793/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:34:11.643023  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1235
11/24/08-19:34:23.425910  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=623/0/47/0): 143:28, 443:19, 53u:145, 80:478 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:34:45.142683  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1995
11/24/08-19:35:16.423082  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1824/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:35:58.893359  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=717/0/87/0): 143:28, 443:59, 53u:157, 80:560 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:36:46.081770  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1852/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:37:40.221026  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=757/0/106/0): 143:30, 443:76, 53u:178, 80:579 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:38:16.822068  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1882/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:39:12.830038  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.25:1614
11/24/08-19:39:39.280520  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=815/0/107/0): 143:31, 443:76, 53u:202, 80:613 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:39:46.328905  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.25:1374
11/24/08-19:39:59.881506  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1908/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:40:05.423069  [**] [122:1:0] (portscan) TCP Portscan [**] [Priority: 3] {PROTO:255} 195.251.234.29 -> 87.117.219.23
11/24/08-19:41:19.380004  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=834/0/107/0): 143:31, 443:76, 53u:206, 80:628 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:41:31.122361  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1936/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:42:35.595959  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (9 /24s) (# pkts S/M/O/I=112/0/477/0): 5242:2, 6282:3, 80:82, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2, 22:1 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-19:42:35.614168  [**] [1:2001219:16] E5[rb] ET SCAN Potential SSH Scan (20 in 60 secs) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 195.251.234.29:58036 -> 147.102.222.229:22
11/24/08-19:42:38.612424  [**] [1:2001219:16] E5[rb] ET SCAN Potential SSH Scan (20 in 60 secs) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 195.251.234.29:43291 -> 147.102.222.228:22
11/24/08-19:42:44.610409  [**] [1:2001219:16] E5[rb] ET SCAN Potential SSH Scan (20 in 60 secs) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 195.251.234.29:43627 -> 147.102.222.227:22
11/24/08-19:42:53.490791  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=872/0/107/0): 143:31, 443:76, 53u:206, 80:666 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:42:56.609405  [**] [1:2001219:16] E5[rb] ET SCAN Potential SSH Scan (20 in 60 secs) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 195.251.234.29:47310 -> 147.102.222.226:22
11/24/08-19:43:01.386308  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/1954/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:43:20.607417  [**] [1:2001219:16] E5[rb] ET SCAN Potential SSH Scan (20 in 60 secs) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 195.251.234.29:48512 -> 147.102.222.225:22
11/24/08-19:44:08.580469  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (8 /24s) (# pkts S/M/O/I=118/0/573/0): 5242:2, 6282:3, 80:88, 53725:1, 22:10, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-19:44:08.605423  [**] [1:2001219:16] E5[rb] ET SCAN Potential SSH Scan (20 in 60 secs) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 195.251.234.29:36738 -> 147.102.222.224:22
11/24/08-19:44:28.931519  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=878/0/112/0): 143:31, 443:81, 53u:207, 80:671 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:44:31.362096  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/2420/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:45:45.596431  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (8 /24s) (# pkts S/M/O/I=123/0/593/0): 5242:2, 6282:3, 80:93, 53725:1, 22:12, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-19:46:01.621485  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=25/0/2477/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:46:04.849951  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=935/0/120/0): 143:33, 443:87, 53u:224, 80:711 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:46:32.705423  [**] [1:2001219:16] E5[rb] ET SCAN Potential SSH Scan (20 in 60 secs) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 195.251.234.29:48227 -> 195.251.234.32:22
11/24/08-19:46:38.892417  [**] [1:2001219:16] E5[rb] ET SCAN Potential SSH Scan (20 in 60 secs) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 195.251.234.29:58059 -> 195.251.234.42:22
11/24/08-19:46:51.033416  [**] [1:2001219:16] E5[rb] ET SCAN Potential SSH Scan (20 in 60 secs) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 195.251.234.29:42245 -> 195.251.234.49:22
11/24/08-19:47:15.000428  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (5 /24s) (# pkts S/M/O/I=135/0/669/0): 5242:2, 6282:3, 22:52, 80:105, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-19:47:17.763601  [**] [1:2002400:14] E3[rb] ET MALWARE Suspicious User Agent (Microsoft Internet Explorer) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 195.251.234.8:1882 -> 194.177.211.102:80
11/24/08-19:47:18.157816  [**] [1:2002400:14] E3[rb] ET MALWARE Suspicious User Agent (Microsoft Internet Explorer) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 195.251.234.8:1886 -> 194.177.211.102:80
11/24/08-19:47:34.093045  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=943/0/121/0): 143:34, 443:87, 53u:226, 80:717 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:47:34.833375  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=50/0/2510/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:48:58.964435  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (5 /24s) (# pkts S/M/O/I=142/0/687/0): 5242:2, 6282:3, 22:61, 80:112, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-19:49:04.024718  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1079/0/121/0): 143:34, 443:87, 53u:269, 80:810 [**] {UDP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:49:04.659805  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=65/0/2535/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:50:29.141033  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (5 /24s) (# pkts S/M/O/I=150/0/687/0): 5242:2, 6282:3, 22:61, 80:120, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-19:50:34.420951  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1158/0/142/0): 143:35, 443:107, 53u:311, 80:847 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:50:34.572389  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=65/0/2573/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:52:05.337978  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (5 /24s) (# pkts S/M/O/I=158/0/687/0): 5242:2, 6282:3, 22:61, 80:128, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-19:52:06.754550  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=65/0/2647/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:52:17.238715  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1173/0/142/0): 143:35, 443:107, 53u:312, 80:861 [**] {UDP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:52:44.986196  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (17 /24s) (# pkts S/M/O/I=71/0/183/0): 80:59, 443:3, 123u:155, 53u:12, 110:24, 5353u:1 [**] {TCP} 195.251.234.21:0 -> 130.88.199.67:0
11/24/08-19:53:37.328484  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=65/0/2689/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:53:41.726482  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (5 /24s) (# pkts S/M/O/I=164/0/687/0): 5242:2, 6282:3, 22:61, 80:134, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-19:53:59.225063  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1199/0/168/0): 143:43, 443:125, 53u:312, 80:887 [**] {TCP} 195.251.234.10:0 -> 195.251.255.143:0
11/24/08-19:54:11.849961  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.8:1644
11/24/08-19:55:08.283597  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=78/0/2744/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:55:11.942110  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (5 /24s) (# pkts S/M/O/I=174/0/687/0): 5242:2, 6282:3, 22:61, 80:144, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-19:55:36.536994  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1941
11/24/08-19:56:39.684180  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=78/0/2808/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:57:56.617138  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (17 /24s) (# pkts S/M/O/I=73/0/185/0): 80:61, 443:3, 123u:155, 53u:12, 110:26, 5353u:1 [**] {TCP} 195.251.234.21:0 -> 130.88.199.67:0
11/24/08-19:57:57.599469  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (5 /24s) (# pkts S/M/O/I=176/0/687/0): 5242:2, 6282:3, 22:61, 80:146, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-19:58:09.124056  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=80/0/2869/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-19:59:13.034495  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1023
11/24/08-19:59:39.185421  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=80/0/3252/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-20:00:09.187191  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (5 /24s) (# pkts S/M/O/I=184/0/687/0): 5242:2, 6282:3, 22:61, 80:154, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-20:01:09.229536  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=80/0/3408/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-20:01:49.157992  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (6 /24s) (# pkts S/M/O/I=192/0/687/0): 5242:2, 6282:3, 22:61, 80:161, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-20:02:37.825202  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (17 /24s) (# pkts S/M/O/I=80/0/187/0): 80:68, 443:3, 123u:155, 53u:12, 110:28, 5353u:1 [**] {TCP} 195.251.234.21:0 -> 130.88.199.67:0
11/24/08-20:02:39.906301  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=80/0/3478/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-20:04:10.707439  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=80/0/3527/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-20:04:17.544094  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (7 /24s) (# pkts S/M/O/I=208/0/687/0): 5242:2, 6282:3, 22:61, 80:174, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-20:04:31.015759  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (17 /24s) (# pkts S/M/O/I=81/0/189/0): 80:69, 443:3, 123u:155, 53u:12, 110:30, 5353u:1 [**] {TCP} 195.251.234.21:0 -> 130.88.199.67:0
11/24/08-20:05:40.648301  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=80/0/3588/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {TCP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-20:05:48.007287  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (7 /24s) (# pkts S/M/O/I=234/0/687/0): 5242:2, 6282:3, 22:61, 80:200, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-20:07:11.769897  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=80/0/3660/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-20:08:22.344236  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1450
11/24/08-20:08:22.498336  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1980
11/24/08-20:08:41.274985  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=80/0/3750/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-20:09:10.170147  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (17 /24s) (# pkts S/M/O/I=82/0/192/0): 80:69, 443:3, 123u:155, 53u:13, 110:31, 5353u:1, 25:2 [**] {TCP} 195.251.234.21:0 -> 130.88.199.67:0
11/24/08-20:09:13.684974  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.8:1517
11/24/08-20:10:03.934371  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.8:1773
11/24/08-20:10:13.159289  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=82/0/3852/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-20:11:12.959862  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (17 /24s) (# pkts S/M/O/I=82/0/194/0): 80:69, 443:3, 123u:155, 53u:13, 110:32, 5353u:1, 25:3 [**] {TCP} 195.251.234.21:0 -> 130.88.199.67:0
11/24/08-20:11:43.244886  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=82/0/3967/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-20:13:13.053565  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=82/0/4079/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0
11/24/08-20:13:22.747638  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.10:1078
11/24/08-20:13:39.496598  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.10:1574
11/24/08-20:13:39.966201  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (8 /24s) (# pkts S/M/O/I=290/0/687/0): 5242:2, 6282:3, 22:61, 80:255, 53725:1, 33090:1, 33093:1, 33094:1, 33100:1, 33144:1, 20:2, 21:2 [**] {TCP} 195.251.234.29:0 -> 147.102.222.210:0
11/24/08-20:13:45.685523  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (17 /24s) (# pkts S/M/O/I=83/0/195/0): 80:70, 443:3, 123u:155, 53u:13, 110:32, 5353u:1, 25:4 [**] {TCP} 195.251.234.21:0 -> 130.88.199.67:0
11/24/08-20:14:43.601562  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=82/0/4181/0): 61125:1, 50301u:1, 22671u:1, 11964u:1, 24133u:1, 23711u:1, 10315u:1, 25060u:1, 57206u:1, 32991u:1, 16001u:2, 12181u:1 [**] {UDP} 195.251.234.8:0 -> 222.167.208.67:0