Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [TCP and 53]

From: Geoff <gpoer () arizona edu>
Date: Mon, 27 Oct 2003 19:10:48 -0700
Hey greg,
A little more info would really help. Looking at the logs you provided and the logs on your site only tells me that UDP traffic destined for your ips is hitting your firewall (not really an uncommon event). If you can send a snort log with the rule and packet we could give you more info! 

thanks,
geoff

Gregory D Hough wrote:

Greetings,
I hope someone finds this useful...
I have a small natwerk here with a misbehaving winbox. It has all the wonderful things you'd expect to find on a young persons PC. AOL IM, MSN, IE, YeeHaw and the Grand KaZoO. It's a REAL1 that needs constant attention and periodic quiet-times. The kids have their playground but quite nicely contained. I employ both DNS and Iptables as content filters. 
It has DNS access to the network and a route to the gateway.
I'll restrict myself to a few comments at this point. Snort has offered me another perspective not included here. It's clearer without the wordwrap.
The log below is complete until Oct 12 then condensed. Noteworthy IP's in the initial stages.
Sep 22 22:57:58 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.210.193.2 DST=AAA.ip.addr.88 LEN=72 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=4831 DPT=53 LEN=52 Sep 23 18:20:16 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=128.242.107.15 DST=AAA.ip.addr.88 LEN=86 TOS=0x00 PREC=0x00 TTL=236 ID=24401 PROTO=UDP SPT=55555 DPT=53 LEN=66 Sep 23 21:52:17 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.210.193.2 DST=AAA.ip.addr.88 LEN=72 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=33927 DPT=53 LEN=52 Sep 23 21:52:25 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.210.193.2 DST=AAA.ip.addr.88 LEN=72 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=33927 DPT=53 LEN=52 Sep 26 08:18:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=10401 PROTO=UDP SPT=9033 DPT=53 LEN=53 Sep 26 08:18:09 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=10402 PROTO=UDP SPT=9033 DPT=53 LEN=53 Sep 26 08:18:10 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=10403 PROTO=UDP SPT=9033 DPT=53 LEN=53 Sep 26 08:18:13 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=19080 PROTO=UDP SPT=9033 DPT=53 LEN=25 Sep 26 08:18:14 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=19081 PROTO=UDP SPT=9033 DPT=53 LEN=25 Sep 26 08:18:15 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=19082 PROTO=UDP SPT=9033 DPT=53 LEN=25 Sep 26 12:13:36 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.236.6 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=63024 PROTO=UDP SPT=39299 DPT=53 LEN=53 Sep 26 12:13:37 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.236.6 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=63025 PROTO=UDP SPT=39299 DPT=53 LEN=53 Sep 26 12:13:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.236.6 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=63026 PROTO=UDP SPT=39299 DPT=53 LEN=53 Sep 26 12:13:41 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.236.6 DST=BBB.ip.addr.190 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=64409 PROTO=UDP SPT=39299 DPT=53 LEN=25 Sep 26 12:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.236.6 DST=BBB.ip.addr.190 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=64410 PROTO=UDP SPT=39299 DPT=53 LEN=25 Sep 26 12:13:43 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.236.6 DST=BBB.ip.addr.190 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=64411 PROTO=UDP SPT=39299 DPT=53 LEN=25 Sep 26 12:31:54 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=14602 PROTO=UDP SPT=9033 DPT=53 LEN=53 Sep 26 12:31:55 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=14603 PROTO=UDP SPT=9033 DPT=53 LEN=53 Sep 26 12:31:56 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=14604 PROTO=UDP SPT=9033 DPT=53 LEN=53 Sep 26 12:31:59 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=23284 PROTO=UDP SPT=9033 DPT=53 LEN=25 Sep 26 12:32:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=23285 PROTO=UDP SPT=9033 DPT=53 LEN=25 Sep 26 12:32:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.143.237.251 DST=BBB.ip.addr.190 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=23286 PROTO=UDP SPT=9033 DPT=53 LEN=25 Sep 27 15:19:15 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9817 PROTO=UDP SPT=35470 DPT=53 LEN=53 Sep 27 15:19:15 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=1567 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 15:19:16 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9818 PROTO=UDP SPT=35470 DPT=53 LEN=53 Sep 27 15:19:16 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=1568 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 15:19:17 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9819 PROTO=UDP SPT=35470 DPT=53 LEN=53 Sep 27 15:19:17 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=1569 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 15:57:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=5905 PROTO=UDP SPT=56934 DPT=53 LEN=53 Sep 27 15:57:39 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=5906 PROTO=UDP SPT=56934 DPT=53 LEN=53 Sep 27 15:57:40 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=5907 PROTO=UDP SPT=56934 DPT=53 LEN=53 Sep 27 15:58:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=32410 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 15:58:02 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=32411 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 16:35:59 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9673 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 16:36:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9674 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 16:36:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9675 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 16:36:51 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=8848 PROTO=UDP SPT=58312 DPT=53 LEN=53 Sep 27 16:36:52 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=8849 PROTO=UDP SPT=58312 DPT=53 LEN=53 Sep 27 16:36:53 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=8850 PROTO=UDP SPT=58312 DPT=53 LEN=53 Sep 27 17:14:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9493 PROTO=UDP SPT=56934 DPT=53 LEN=53 Sep 27 17:14:33 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9494 PROTO=UDP SPT=56934 DPT=53 LEN=53 Sep 27 17:14:34 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9495 PROTO=UDP SPT=56934 DPT=53 LEN=53 Sep 27 17:15:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=48637 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 17:15:39 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=48638 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 17:15:40 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=48639 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 17:53:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.15 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=34921 PROTO=UDP SPT=15924 DPT=53 LEN=53 Sep 27 17:53:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.15 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=34922 PROTO=UDP SPT=15924 DPT=53 LEN=53 Sep 27 17:53:02 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.15 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=34923 PROTO=UDP SPT=15924 DPT=53 LEN=53 Sep 27 17:54:21 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=56270 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 17:54:22 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=56271 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 18:31:31 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=52582 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 18:31:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=52583 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 18:32:52 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=23185 PROTO=UDP SPT=35673 DPT=53 LEN=53 Sep 27 18:32:53 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=23186 PROTO=UDP SPT=35673 DPT=53 LEN=53 Sep 27 18:32:54 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=23187 PROTO=UDP SPT=35673 DPT=53 LEN=53 Sep 27 19:09:59 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=44932 PROTO=UDP SPT=56934 DPT=53 LEN=53 Sep 27 19:10:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=44933 PROTO=UDP SPT=56934 DPT=53 LEN=53 Sep 27 19:10:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=44934 PROTO=UDP SPT=56934 DPT=53 LEN=53 Sep 27 19:12:52 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=3197 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 19:12:53 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=3198 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 19:48:29 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=37729 PROTO=UDP SPT=62479 DPT=53 LEN=53 Sep 27 19:48:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=37730 PROTO=UDP SPT=62479 DPT=53 LEN=53 Sep 27 19:48:31 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=37731 PROTO=UDP SPT=62479 DPT=53 LEN=53 Sep 27 19:52:46 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=43037 PROTO=UDP SPT=35758 DPT=53 LEN=53 Sep 27 19:52:47 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=43038 PROTO=UDP SPT=35758 DPT=53 LEN=53 Sep 27 19:52:48 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=43039 PROTO=UDP SPT=35758 DPT=53 LEN=53 Sep 27 20:26:57 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=4396 PROTO=UDP SPT=62479 DPT=53 LEN=53 Sep 27 20:26:58 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=4397 PROTO=UDP SPT=62479 DPT=53 LEN=53 Sep 27 20:26:59 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=4398 PROTO=UDP SPT=62479 DPT=53 LEN=53 Sep 27 20:32:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=46054 PROTO=UDP SPT=58312 DPT=53 LEN=53 Sep 27 20:32:31 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=46055 PROTO=UDP SPT=58312 DPT=53 LEN=53 Sep 27 20:32:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=46056 PROTO=UDP SPT=58312 DPT=53 LEN=53 Sep 27 21:05:25 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.15 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=1924 PROTO=UDP SPT=16779 DPT=53 LEN=53 Sep 27 21:05:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.15 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=1925 PROTO=UDP SPT=16779 DPT=53 LEN=53 Sep 27 21:05:27 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.15 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=1926 PROTO=UDP SPT=16779 DPT=53 LEN=53 Sep 27 21:12:04 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.15 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9022 PROTO=UDP SPT=18001 DPT=53 LEN=53 Sep 27 21:12:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.15 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9023 PROTO=UDP SPT=18001 DPT=53 LEN=53 Sep 27 21:12:06 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.15 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=9024 PROTO=UDP SPT=18001 DPT=53 LEN=53 Sep 27 21:43:52 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=25405 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 21:43:53 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=25406 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 21:43:54 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.13 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=25407 PROTO=UDP SPT=9433 DPT=53 LEN=53 Sep 27 21:51:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=49090 PROTO=UDP SPT=42415 DPT=53 LEN=53 Sep 27 21:51:27 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=49091 PROTO=UDP SPT=42415 DPT=53 LEN=53 Sep 27 21:51:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=49092 PROTO=UDP SPT=42415 DPT=53 LEN=53 Sep 27 22:22:23 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=21760 PROTO=UDP SPT=45126 DPT=53 LEN=53 Sep 27 22:22:24 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=21761 PROTO=UDP SPT=45126 DPT=53 LEN=53 Sep 27 22:22:25 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=21762 PROTO=UDP SPT=45126 DPT=53 LEN=53 Sep 27 22:30:36 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=21085 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 22:30:37 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=21086 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 22:30:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.12 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=21087 PROTO=UDP SPT=29454 DPT=53 LEN=53 Sep 27 23:00:49 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=37016 PROTO=UDP SPT=57255 DPT=53 LEN=53 Sep 27 23:00:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.150.16 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=37017 PROTO=UDP SPT=57255 DPT=53 LEN=53 Sep 27 23:09:39 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=55885 PROTO=UDP SPT=42415 DPT=53 LEN=53 Sep 27 23:09:40 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=55886 PROTO=UDP SPT=42415 DPT=53 LEN=53 Sep 27 23:09:41 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=207.46.245.10 DST=BBB.ip.addr.190 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=55887 PROTO=UDP SPT=42415 DPT=53 LEN=53 Sep 29 16:17:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.135.34.143 DST=BBB.ip.addr.190 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=65417 DF PROTO=TCP SPT=1742 DPT=5308 WINDOW=16384 RES=0x00 SYN URGP=0 Sep 29 16:17:04 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.135.34.143 DST=BBB.ip.addr.190 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=448 DF PROTO=TCP SPT=1742 DPT=5308 WINDOW=16384 RES=0x00 SYN URGP=0 Sep 30 02:13:31 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.122.58.90 DST=BBB.ip.addr.190 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=34189 DF PROTO=TCP SPT=4129 DPT=5308 WINDOW=65535 RES=0x00 SYN URGP=0 Sep 30 02:13:34 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.122.58.90 DST=BBB.ip.addr.190 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=34785 DF PROTO=TCP SPT=4129 DPT=5308 WINDOW=65535 RES=0x00 SYN URGP=0 Oct 2 18:08:27 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=35126 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 18:08:27 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.35.210.61 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=51 ID=46057 PROTO=UDP SPT=16180 DPT=53 LEN=52 Oct 2 18:08:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=35127 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 18:08:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.35.210.61 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=51 ID=46058 PROTO=UDP SPT=16180 DPT=53 LEN=52 Oct 2 18:08:29 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=35128 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 18:08:29 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.35.210.61 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=51 ID=46059 PROTO=UDP SPT=16180 DPT=53 LEN=52 Oct 2 18:08:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=35297 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 18:08:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.35.210.61 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=46072 PROTO=UDP SPT=16180 DPT=53 LEN=25 Oct 2 18:08:33 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=35298 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 18:08:33 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.35.210.61 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=46073 PROTO=UDP SPT=16180 DPT=53 LEN=25 Oct 2 18:08:34 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=35299 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 18:08:34 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.35.210.61 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=46074 PROTO=UDP SPT=16180 DPT=53 LEN=25 Oct 2 18:20:21 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=128.242.120.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=54 ID=61665 PROTO=UDP SPT=45318 DPT=53 LEN=52 Oct 2 18:20:22 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=128.242.120.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=54 ID=61666 PROTO=UDP SPT=45318 DPT=53 LEN=52 Oct 2 18:20:23 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=128.242.120.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=54 ID=61667 PROTO=UDP SPT=45318 DPT=53 LEN=52 Oct 2 18:20:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=128.242.120.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=54 ID=63454 PROTO=UDP SPT=45318 DPT=53 LEN=25 Oct 2 18:20:27 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=128.242.120.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=54 ID=63455 PROTO=UDP SPT=45318 DPT=53 LEN=25 Oct 2 18:20:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=128.242.120.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=54 ID=63456 PROTO=UDP SPT=45318 DPT=53 LEN=25 Oct 2 18:45:56 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=35539 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 18:45:57 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=35540 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 18:45:58 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=35541 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 18:46:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=35648 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 18:46:02 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=35649 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 18:46:03 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=35650 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 19:23:39 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=20113 PROTO=UDP SPT=3842 DPT=53 LEN=52 Oct 2 19:23:40 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=20114 PROTO=UDP SPT=3842 DPT=53 LEN=52 Oct 2 19:23:41 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=20115 PROTO=UDP SPT=3842 DPT=53 LEN=52 Oct 2 19:23:44 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=20230 PROTO=UDP SPT=3842 DPT=53 LEN=25 Oct 2 19:23:45 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=20231 PROTO=UDP SPT=3842 DPT=53 LEN=25 Oct 2 19:23:46 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=20232 PROTO=UDP SPT=3842 DPT=53 LEN=25 Oct 2 20:01:25 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.31.197 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=31256 PROTO=UDP SPT=15959 DPT=53 LEN=52 Oct 2 20:01:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.31.197 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=31257 PROTO=UDP SPT=15959 DPT=53 LEN=52 Oct 2 20:01:27 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.31.197 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=31258 PROTO=UDP SPT=15959 DPT=53 LEN=52 Oct 2 20:01:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.31.197 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=31355 PROTO=UDP SPT=15959 DPT=53 LEN=25 Oct 2 20:01:31 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.31.197 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=31356 PROTO=UDP SPT=15959 DPT=53 LEN=25 Oct 2 20:01:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.31.197 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=31357 PROTO=UDP SPT=15959 DPT=53 LEN=25 Oct 2 20:39:09 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=22559 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 20:39:10 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=22560 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 20:39:11 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=22561 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 20:39:14 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=22676 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 20:39:15 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=22677 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 20:39:16 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=22678 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 21:17:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=14228 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 21:17:02 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=14229 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 21:17:03 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=14230 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 21:17:06 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=14364 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 21:17:07 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=14365 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 21:17:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=14366 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 21:54:49 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=3945 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 21:54:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=3946 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 21:54:51 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=3947 PROTO=UDP SPT=1301 DPT=53 LEN=52 Oct 2 21:54:54 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=4060 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 21:54:55 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=4061 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 21:54:56 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.4 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=4062 PROTO=UDP SPT=1301 DPT=53 LEN=25 Oct 2 22:32:43 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=32347 PROTO=UDP SPT=3842 DPT=53 LEN=52 Oct 2 22:32:44 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=32348 PROTO=UDP SPT=3842 DPT=53 LEN=52 Oct 2 22:32:45 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=32349 PROTO=UDP SPT=3842 DPT=53 LEN=52 Oct 2 22:32:48 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=32464 PROTO=UDP SPT=3842 DPT=53 LEN=25 Oct 2 22:32:49 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=32465 PROTO=UDP SPT=3842 DPT=53 LEN=25 Oct 2 22:32:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.225.14.6 DST=CCC.ip.addr.42 LEN=45 TOS=0x00 PREC=0x00 TTL=52 ID=32466 PROTO=UDP SPT=3842 DPT=53 LEN=25 Oct 6 05:02:29 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.239.27.195 DST=DDD.ip.addr.208 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=8660 DF PROTO=TCP SPT=3551 DPT=53 WINDOW=32120 RES=0x00 SYN URGP=0 Oct 8 11:46:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=65.216.72.15 DST=DDD.ip.addr.208 LEN=79 TOS=0x00 PREC=0x00 TTL=238 ID=2496 PROTO=UDP SPT=55555 DPT=53 LEN=59 Oct 8 12:18:27 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=128.242.107.15 DST=DDD.ip.addr.208 LEN=79 TOS=0x00 PREC=0x00 TTL=244 ID=58263 PROTO=UDP SPT=55555 DPT=53 LEN=59 Oct 8 22:32:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=30281 PROTO=UDP SPT=4637 DPT=53 LEN=53 Oct 8 22:32:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=40703 PROTO=UDP SPT=42684 DPT=53 LEN=53 Oct 8 22:32:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=49752 PROTO=UDP SPT=4134 DPT=53 LEN=53 Oct 8 22:32:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.62.17.145 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=23089 PROTO=UDP SPT=46276 DPT=53 LEN=53 Oct 8 22:32:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.162.1.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=50354 DPT=53 LEN=53 Oct 8 22:32:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=211.13.227.66 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=46 ID=13287 PROTO=UDP SPT=49840 DPT=53 LEN=53 Oct 8 22:32:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.160.241.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=36487 PROTO=UDP SPT=40183 DPT=53 LEN=53 Oct 8 22:32:50 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=210.224.186.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=58654 DPT=53 LEN=53 Oct 8 22:32:51 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=48763 PROTO=UDP SPT=54993 DPT=53 LEN=53 Oct 8 22:32:51 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=62183 PROTO=UDP SPT=36781 DPT=53 LEN=53 Oct 8 22:32:51 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=205.252.48.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=56 ID=49677 PROTO=UDP SPT=44810 DPT=53 LEN=53 Oct 8 22:32:51 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=60804 PROTO=UDP SPT=64030 DPT=53 LEN=53 Oct 8 22:32:51 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=213.61.6.2 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=41 ID=59870 PROTO=UDP SPT=47207 DPT=53 LEN=53 Oct 8 22:32:51 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.184.139.82 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=35580 PROTO=UDP SPT=27859 DPT=53 LEN=53 Oct 8 22:32:51 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.210.193.2 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=17495 DPT=53 LEN=53 Oct 8 22:32:51 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=221.111.1.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=64981 DPT=53 LEN=53 Oct 8 22:33:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=32233 PROTO=UDP SPT=4637 DPT=53 LEN=53 Oct 8 22:33:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=42904 PROTO=UDP SPT=42684 DPT=53 LEN=53 Oct 8 22:33:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=51924 PROTO=UDP SPT=4134 DPT=53 LEN=53 Oct 8 22:33:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.62.17.145 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=24958 PROTO=UDP SPT=46276 DPT=53 LEN=53 Oct 8 22:33:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.162.1.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=50354 DPT=53 LEN=53 Oct 8 22:33:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=211.13.227.66 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=46 ID=13887 PROTO=UDP SPT=49840 DPT=53 LEN=53 Oct 8 22:33:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.160.241.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=38327 PROTO=UDP SPT=40183 DPT=53 LEN=53 Oct 8 22:33:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=210.224.186.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=58654 DPT=53 LEN=53 Oct 8 22:33:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=50761 PROTO=UDP SPT=54993 DPT=53 LEN=53 Oct 8 22:33:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=64340 PROTO=UDP SPT=36781 DPT=53 LEN=53 Oct 8 22:33:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=205.252.48.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=56 ID=59016 PROTO=UDP SPT=44810 DPT=53 LEN=53 Oct 8 22:33:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=213.61.6.2 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=41 ID=60399 PROTO=UDP SPT=47207 DPT=53 LEN=53 Oct 8 22:33:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=62964 PROTO=UDP SPT=64030 DPT=53 LEN=53 Oct 8 22:33:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.184.139.82 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=36911 PROTO=UDP SPT=27859 DPT=53 LEN=53 Oct 8 22:33:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.210.193.2 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=17495 DPT=53 LEN=53 Oct 8 22:33:01 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=221.111.1.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=64981 DPT=53 LEN=53 Oct 9 12:42:27 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.120.213.226 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=51031 DPT=53 LEN=53 Oct 9 12:42:27 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.162.1.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=58628 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=221.111.1.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=3219 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=19988 PROTO=UDP SPT=3751 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.7.159.162 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=47292 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=680 PROTO=UDP SPT=38988 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.35.7.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=47 ID=22176 PROTO=UDP SPT=18063 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.120.155.226 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=11309 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=203.129.66.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=14316 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=50795 PROTO=UDP SPT=6779 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.62.17.145 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=30080 PROTO=UDP SPT=23964 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=60011 PROTO=UDP SPT=51816 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=52340 PROTO=UDP SPT=9178 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=13137 PROTO=UDP SPT=6347 DPT=53 LEN=53 Oct 9 12:42:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=210.224.186.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=61785 DPT=53 LEN=53 Oct 9 12:42:37 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.120.213.226 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=51031 DPT=53 LEN=53 Oct 9 12:42:37 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.162.1.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=58628 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=221.111.1.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=3219 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=23003 PROTO=UDP SPT=3751 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=66.7.159.162 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=47292 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.35.7.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=47 ID=23633 PROTO=UDP SPT=18063 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=4756 PROTO=UDP SPT=38988 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=209.120.155.226 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=11309 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=203.129.66.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=14316 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=54585 PROTO=UDP SPT=6779 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.62.17.145 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=33319 PROTO=UDP SPT=23964 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=56278 PROTO=UDP SPT=9178 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=17089 PROTO=UDP SPT=6347 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=210.224.186.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=61785 DPT=53 LEN=53 Oct 9 12:42:38 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=64011 PROTO=UDP SPT=51816 DPT=53 LEN=53 Oct 12 23:13:31 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=80.15.238.99 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=42136 DPT=53 LEN=53 Oct 12 23:13:31 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=216.73.84.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=58 ID=4629 PROTO=UDP SPT=57744 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.219.166 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=25882 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=216.74.133.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=6936 PROTO=UDP SPT=49092 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=48211 PROTO=UDP SPT=14047 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=5992 PROTO=UDP SPT=14364 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=58124 PROTO=UDP SPT=13410 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=23511 PROTO=UDP SPT=38357 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=14460 PROTO=UDP SPT=4199 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=57751 PROTO=UDP SPT=34660 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.41.192.103 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=27990 PROTO=UDP SPT=6033 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.162.1.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=20428 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=210.224.186.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=6715 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=203.89.210.82 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=16910 PROTO=UDP SPT=42194 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=221.111.1.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=12920 DPT=53 LEN=53 Oct 12 23:13:32 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.160.241.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=33919 PROTO=UDP SPT=29323 DPT=53 LEN=53 Oct 12 23:13:41 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=80.15.238.99 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=42136 DPT=53 LEN=53 Oct 12 23:13:41 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=216.73.84.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=58 ID=7416 PROTO=UDP SPT=57744 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=49745 PROTO=UDP SPT=14047 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=216.74.133.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=7696 PROTO=UDP SPT=49092 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.219.166 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=25882 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=9597 PROTO=UDP SPT=14364 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=59276 PROTO=UDP SPT=34660 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=59899 PROTO=UDP SPT=13410 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=26270 PROTO=UDP SPT=38357 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=17126 PROTO=UDP SPT=4199 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.41.192.103 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=30081 PROTO=UDP SPT=6033 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.162.1.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=20428 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=210.224.186.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=6715 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=203.89.210.82 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=17386 PROTO=UDP SPT=42194 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=221.111.1.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=12920 DPT=53 LEN=53 Oct 12 23:13:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.160.241.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=35949 PROTO=UDP SPT=29323 DPT=53 LEN=53 Oct 12 23:19:24 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=65.216.72.15 DST=DDD.ip.addr.208 LEN=79 TOS=0x00 PREC=0x00 TTL=239 ID=45862 PROTO=UDP SPT=55555 DPT=53 LEN=59 Oct 13 22:12:41 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=213.61.6.2 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=41 ID=7535 PROTO=UDP SPT=40763 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=6397 PROTO=UDP SPT=17200 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=28746 PROTO=UDP SPT=23577 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=63804 PROTO=UDP SPT=63943 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.184.139.82 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=61532 PROTO=UDP SPT=32976 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=9804 PROTO=UDP SPT=43440 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=205.252.48.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=56 ID=47005 PROTO=UDP SPT=63738 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=36754 PROTO=UDP SPT=22863 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=51771 PROTO=UDP SPT=13317 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=65.169.170.131 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=10107 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.210.193.2 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=33458 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.41.192.103 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=49870 PROTO=UDP SPT=38185 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.219.166 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=37849 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=216.73.84.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=58 ID=3512 PROTO=UDP SPT=6866 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.62.17.145 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=22026 PROTO=UDP SPT=55602 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.166.13.66 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=43793 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.162.1.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=47934 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=221.111.1.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=21948 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=205.158.108.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=48241 PROTO=UDP SPT=53588 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=211.13.227.66 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=46 ID=60148 PROTO=UDP SPT=49989 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.160.241.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=25386 PROTO=UDP SPT=62558 DPT=53 LEN=53 Oct 13 22:12:42 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=210.224.186.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=20815 DPT=53 LEN=53 Oct 14 20:40:07 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.184.139.82 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=59904 PROTO=UDP SPT=52322 DPT=53 LEN=53 Oct 14 20:40:07 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=205.158.108.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=19463 PROTO=UDP SPT=57916 DPT=53 LEN=53 Oct 14 20:40:07 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.124.186.66 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=22910 PROTO=UDP SPT=10027 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=47495 PROTO=UDP SPT=62362 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=23475 PROTO=UDP SPT=43014 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=43654 PROTO=UDP SPT=18418 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.219.166 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=42261 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=29938 PROTO=UDP SPT=28266 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=20153 PROTO=UDP SPT=19149 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.41.192.103 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=17320 PROTO=UDP SPT=55723 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.166.13.66 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=47876 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=12759 PROTO=UDP SPT=27685 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=211.13.227.66 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=46 ID=56763 PROTO=UDP SPT=5148 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.162.1.194 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=3189 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.62.17.145 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=61585 PROTO=UDP SPT=5724 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.222.25.4 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=43496 DPT=53 LEN=53 Oct 14 20:40:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.160.241.130 DST=DDD.ip.addr.208 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=31267 PROTO=UDP SPT=15712 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=216.73.84.10 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=58 ID=29632 PROTO=UDP SPT=3188 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=7388 PROTO=UDP SPT=31863 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=198.5.148.6 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=32270 PROTO=UDP SPT=34070 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=50 ID=53050 PROTO=UDP SPT=64985 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=21567 PROTO=UDP SPT=14867 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=61069 PROTO=UDP SPT=32564 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=57989 PROTO=UDP SPT=22813 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.41.192.103 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=37797 PROTO=UDP SPT=6379 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=65.169.170.131 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=18228 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.62.17.145 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=47505 PROTO=UDP SPT=9098 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.219.166 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=46728 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=205.158.108.194 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=47 ID=13693 PROTO=UDP SPT=61829 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.162.1.194 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=19559 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=37307 PROTO=UDP SPT=35655 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=211.13.227.66 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=46 ID=21645 PROTO=UDP SPT=22265 DPT=53 LEN=53 Oct 15 21:06:05 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.160.241.130 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=61414 PROTO=UDP SPT=30202 DPT=53 LEN=53 Oct 15 21:06:07 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.184.139.82 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=5436 PROTO=UDP SPT=4933 DPT=53 LEN=53 Oct 15 21:06:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.210.193.2 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=40298 DPT=53 LEN=53 Oct 15 21:06:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=205.252.48.130 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=56 ID=27376 PROTO=UDP SPT=6619 DPT=53 LEN=53 Oct 15 21:06:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=210.224.186.4 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=32732 DPT=53 LEN=53 Oct 15 21:06:08 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=221.111.1.4 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=32362 DPT=53 LEN=53 Oct 18 22:22:29 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=221.111.1.4 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=44328 DPT=53 LEN=53 Oct 18 22:22:29 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=206.65.191.194 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=46 ID=17295 PROTO=UDP SPT=29325 DPT=53 LEN=53 Oct 18 22:22:29 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.156.240.34 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=16792 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=52912 PROTO=UDP SPT=51950 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=18869 PROTO=UDP SPT=52998 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=51051 PROTO=UDP SPT=9118 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=15836 PROTO=UDP SPT=32795 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=59798 PROTO=UDP SPT=43338 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=65.169.170.131 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=27378 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=216.73.84.10 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=58 ID=42111 PROTO=UDP SPT=17559 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.166.13.66 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=63328 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=46882 PROTO=UDP SPT=41508 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=198.5.148.6 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=6517 PROTO=UDP SPT=31501 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=210.224.186.4 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=44732 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.219.166 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=58566 DPT=53 LEN=53 Oct 18 22:22:30 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.160.241.130 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=45046 PROTO=UDP SPT=64637 DPT=53 LEN=53 Oct 19 00:09:25 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.219.179.130 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=56 ID=12526 PROTO=UDP SPT=58879 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.124.186.66 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=35656 PROTO=UDP SPT=33688 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=216.73.84.10 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=58 ID=64311 PROTO=UDP SPT=17559 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.218.7.130 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=44712 PROTO=UDP SPT=43338 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.41.192.103 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=36860 PROTO=UDP SPT=36327 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.184.39.130 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=50 ID=52093 PROTO=UDP SPT=58002 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.14.117.10 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=46638 PROTO=UDP SPT=41508 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.219.166 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=58566 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.184.139.82 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=49 ID=45102 PROTO=UDP SPT=44126 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=204.176.88.5 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=45 ID=63280 PROTO=UDP SPT=9118 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=9256 PROTO=UDP SPT=51950 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.185.54.14 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=11409 PROTO=UDP SPT=32795 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.0.96.12 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=51 ID=3317 PROTO=UDP SPT=52998 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=212.162.1.194 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=55421 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=65.169.170.131 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=27378 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.160.241.130 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=53 ID=51483 PROTO=UDP SPT=64637 DPT=53 LEN=53 Oct 19 00:09:26 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=221.111.1.4 DST=EEE.ip.addr.155 LEN=73 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=44328 DPT=53 LEN=53 Here is where I begin to drop all TCP>port 53 to the nameserver from the bad box.
Oct 19 15:13:20 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=14421 DF PROTO=TCP SPT=3313 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 19 15:13:23 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=14677 DF PROTO=TCP SPT=3313 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 <BIG SNIP> Oct 19 21:16:00 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63840 DF PROTO=TCP SPT=3756 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 19 21:16:13 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=64608 DF PROTO=TCP SPT=3756 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 
What of this oddball at the tail end of this ip address?
Oct 19 22:48:33 farmer6re9 kernel: IN= OUT=ppp0 SRC=FFF.ip.addr.152 DST=192.42.93.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32769 DPT=53 LEN=40 Oct 19 23:16:11 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=21601 DF PROTO=TCP SPT=3789 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 19 23:16:14 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=22113 DF PROTO=TCP SPT=3789 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 
<BIG SNIP> Note 11min 2 sec
Oct 20 23:27:16 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=64.15.251.198 DST=GGG.ip.addr.24 LEN=72 TOS=0x00 PREC=0x00 TTL=52 ID=42055 PROTO=UDP SPT=31361 DPT=53 LEN=52 Oct 20 23:27:16 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=198.5.148.6 DST=GGG.ip.addr.24 LEN=72 TOS=0x00 PREC=0x00 TTL=48 ID=22345 PROTO=UDP SPT=27980 DPT=53 LEN=52 <SNIP> Oct 20 23:27:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=208.184.139.82 DST=GGG.ip.addr.24 LEN=72 TOS=0x00 PREC=0x00 TTL=49 ID=17223 PROTO=UDP SPT=21446 DPT=53 LEN=52 Oct 20 23:27:28 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=63.210.193.2 DST=GGG.ip.addr.24 LEN=72 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=56043 DPT=53 LEN=52 Please note the time and transition 0 min 30 sec. Is the winbox getting out of sync?
Oct 20 23:27:58 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=32882 DF PROTO=TCP SPT=4478 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 20 23:28:01 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=33138 DF PROTO=TCP SPT=4478 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 <HUGE SNIP> Oct 21 23:23:55 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49808 DF PROTO=TCP SPT=1383 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 21 23:24:08 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=52880 DF PROTO=TCP SPT=1383 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 
Is this supposed to latch together somewhere? 1 min 41 sec
Oct 21 23:25:49 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=203.89.210.82 DST=HHH.ip.addr.59 LEN=72 TOS=0x00 PREC=0x00 TTL=48 ID=32481 PROTO=UDP SPT=11935 DPT=53 LEN=52 Oct 21 23:25:49 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=80.15.238.66 DST=HHH.ip.addr.59 LEN=72 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=45467 DPT=53 LEN=52 <SNIP> Oct 21 23:26:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=80.15.238.99 DST=HHH.ip.addr.59 LEN=72 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=12243 DPT=53 LEN=52 Oct 21 23:26:00 farmer6re9 kernel: IN=ppp0 OUT= MAC= SRC=202.160.241.130 DST=HHH.ip.addr.59 LEN=72 TOS=0x00 PREC=0x00 TTL=53 ID=45436 PROTO=UDP SPT=50718 DPT=53 LEN=52 
Misalignment, coincidence? 12 min 29 sec
Oct 21 23:38:29 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=3733 DF PROTO=TCP SPT=1508 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 21 23:38:32 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=4245 DF PROTO=TCP SPT=1508 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 <SNIP> Oct 22 00:15:27 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=38808 DF PROTO=TCP SPT=1574 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 22 00:15:39 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=41112 DF PROTO=TCP SPT=1574 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 22 12:02:07 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=33948 DF PROTO=TCP SPT=1835 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 22 12:07:58 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=3229 DF PROTO=TCP SPT=1863 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0 <SNIP> Oct 22 12:08:01 farmer6re9 kernel: IN=eth0 OUT= MAC=00:wi:nd:ow:s9:8m:ac:ad:dr:es:00 SRC=WIN.98.80.x DST=MY.DNS.8.0x LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=3485 DF PROTO=TCP SPT=1863 DPT=53 WINDOW=8192 RES=0x00 SYN URGP=0
The winbox is not in use but still connected to the network. It awaits a logon...
My complete log is at http://farmer6re9.isa-geek.org/annals/ (488,513). Please contact me from there. 

farmer6re9





-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: