Anyone seen this?
From: Gary R. Porter (gary.porter@matcomcorp.com)Date: 08/26/02
- Previous message: Russell Fulton: "RE: What's going on here?"
- Next in thread: Bryan D. Payne: "Re: Anyone seen this?"
- Reply: Bryan D. Payne: "Re: Anyone seen this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Gary R. Porter" <gary.porter@matcomcorp.com> To: <incidents@securityfocus.com> Date: Mon, 26 Aug 2002 17:45:59 -0400
A co-worker in the office loaded what he thought was a standard download of
Apache and soon thereafter his machine started trying to reach a wide
assortment of addresses on seemingly random ports that our firewall is not
configured to let out, resulting in internal netprobes. Many of the
addresses look suspicious. Has anyone seen this type of thing before?
Aug 26 15:54:51 tcp (source IPADD) 2774 209.61.184.227 6346
Aug 26 15:54:51 tcp XX.XXX.XXX.XX 2766 CPE-144-137-30-210. 5605
Aug 26 15:54:51 tcp XX.XXX.XXX.XX 2767 usr1271-udd.blueyon 9613
Aug 26 15:54:52 tcp XX.XXX.XXX.XX 2768 161.45.178.190 7867
Aug 26 15:54:52 tcp XX.XXX.XXX.XX 2769 12-249-40-71.client 8386
Aug 26 15:54:53 tcp XX.XXX.XXX.XX 2770 N890P015.adsl.highw 6226
Aug 26 15:54:53 tcp XX.XXX.XXX.XX 2771 209-124-131-186.pep 4396
Aug 26 15:54:54 tcp XX.XXX.XXX.XX 2774 209.61.184.227 6346
Aug 26 15:54:54 tcp XX.XXX.XXX.XX 2772 0x503e2304.arcnxx12 8740
Aug 26 15:54:54 tcp XX.XXX.XXX.XX 2773 dyn-168-11.paonline 8922
Aug 26 15:54:56 tcp XX.XXX.XXX.XX 2775 209-124-131-186.pep 4396
Aug 26 15:54:57 tcp XX.XXX.XXX.XX 2776 226-232-234-66.tran 6840
Aug 26 15:54:58 tcp XX.XXX.XXX.XX 2775 209-124-131-186.pep 4396
Aug 26 15:54:59 tcp XX.XXX.XXX.XX 2776 226-232-234-66.tran 6840
Aug 26 15:55:00 tcp XX.XXX.XXX.XX 2774 209.61.184.227 6346
Aug 26 15:55:01 tcp XX.XXX.XXX.XX 2777 209.61.184.225 6346
Aug 26 15:55:02 tcp XX.XXX.XXX.XX 2778 0x503e2304.arcnxx12 8740
Aug 26 15:55:04 tcp XX.XXX.XXX.XX 2777 209.61.184.225 6346
Aug 26 15:55:04 tcp XX.XXX.XXX.XX 2775 209-124-131-186.pep 4396
Aug 26 15:55:05 tcp XX.XXX.XXX.XX 2778 0x503e2304.arcnxx12 8740
Aug 26 15:55:05 tcp XX.XXX.XXX.XX 2776 226-232-234-66.tran 6840
Aug 26 15:55:08 tcp XX.XXX.XXX.XX 2779 209-124-131-186.pep 4396
Aug 26 15:55:10 tcp XX.XXX.XXX.XX 2777 209.61.184.225 6346
Aug 26 15:55:10 tcp XX.XXX.XXX.XX 2780 226-232-234-66.tran 6840
Aug 26 15:55:11 tcp XX.XXX.XXX.XX 2779 209-124-131-186.pep 4396
Gary R. Porter
Program Manager, CITS Mobile Training
MATCOM Corporation
757-838-0212 (w)
757-897-5830 (m)
gary.porter@matcomcorp.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Russell Fulton: "RE: What's going on here?"
- Next in thread: Bryan D. Payne: "Re: Anyone seen this?"
- Reply: Bryan D. Payne: "Re: Anyone seen this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
