Anyone seen this?

From: Gary R. Porter (gary.porterat_private)
Date: Mon Aug 26 2002 - 14:45:59 PDT

  • Next message: Janusat_private: "Trojan? DDOS Bot?" 

    A co-worker in the office loaded what he thought was a standard download of
Apache and soon thereafter his machine started trying to reach a wide
assortment of addresses on seemingly random ports that our firewall is not
configured to let out, resulting in internal netprobes.  Many of the
addresses look suspicious.  Has anyone seen this type of thing before?

Aug 26 15:54:51  tcp  (source IPADD)  2774      209.61.184.227    6346
Aug 26 15:54:51  tcp  XX.XXX.XXX.XX   2766 CPE-144-137-30-210.    5605
Aug 26 15:54:51  tcp  XX.XXX.XXX.XX   2767 usr1271-udd.blueyon    9613
Aug 26 15:54:52  tcp  XX.XXX.XXX.XX   2768      161.45.178.190    7867
Aug 26 15:54:52  tcp  XX.XXX.XXX.XX   2769 12-249-40-71.client    8386
Aug 26 15:54:53  tcp  XX.XXX.XXX.XX   2770 N890P015.adsl.highw    6226
Aug 26 15:54:53  tcp  XX.XXX.XXX.XX   2771 209-124-131-186.pep    4396
Aug 26 15:54:54  tcp  XX.XXX.XXX.XX   2774      209.61.184.227    6346
Aug 26 15:54:54  tcp  XX.XXX.XXX.XX   2772 0x503e2304.arcnxx12    8740
Aug 26 15:54:54  tcp  XX.XXX.XXX.XX   2773 dyn-168-11.paonline    8922
Aug 26 15:54:56  tcp  XX.XXX.XXX.XX   2775 209-124-131-186.pep    4396
Aug 26 15:54:57  tcp  XX.XXX.XXX.XX   2776 226-232-234-66.tran    6840
Aug 26 15:54:58  tcp  XX.XXX.XXX.XX   2775 209-124-131-186.pep    4396
Aug 26 15:54:59  tcp  XX.XXX.XXX.XX   2776 226-232-234-66.tran    6840
Aug 26 15:55:00  tcp  XX.XXX.XXX.XX   2774      209.61.184.227    6346
Aug 26 15:55:01  tcp  XX.XXX.XXX.XX   2777      209.61.184.225    6346
Aug 26 15:55:02  tcp  XX.XXX.XXX.XX   2778 0x503e2304.arcnxx12    8740
Aug 26 15:55:04  tcp  XX.XXX.XXX.XX   2777      209.61.184.225    6346
Aug 26 15:55:04  tcp  XX.XXX.XXX.XX   2775 209-124-131-186.pep    4396
Aug 26 15:55:05  tcp  XX.XXX.XXX.XX   2778 0x503e2304.arcnxx12    8740
Aug 26 15:55:05  tcp  XX.XXX.XXX.XX   2776 226-232-234-66.tran    6840
Aug 26 15:55:08  tcp  XX.XXX.XXX.XX   2779 209-124-131-186.pep    4396
Aug 26 15:55:10  tcp  XX.XXX.XXX.XX   2777      209.61.184.225    6346
Aug 26 15:55:10  tcp  XX.XXX.XXX.XX   2780 226-232-234-66.tran    6840
Aug 26 15:55:11  tcp  XX.XXX.XXX.XX   2779 209-124-131-186.pep    4396

Gary R. Porter
Program Manager, CITS Mobile Training
MATCOM Corporation
757-838-0212 (w)
757-897-5830 (m)
gary.porterat_private


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Tue Aug 27 2002 - 10:48:21 PDT