Educause Security Discussion mailing list archives
torpig in holt DELL INC 172.17.72.96 00:12:3F:63:E0:95 HLT-CM-2 Fa0/10 { 239D2 }
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Mon, 11 Jan 2010 12:36:17 -0500
DELL INC 172.17.72.96 00:12:3F:63:E0:95 HLT-CM-2 Fa0/10 { 239D2 } < <https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9¤t_view=0&sort_order=sig_a> Signature > <https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9¤t_view=0&sort_order=sig_d> < <https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9¤t_view=0&sort_order=time_a> Timestamp > <https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9¤t_view=0&sort_order=time_d> < <https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9¤t_view=0&sort_order=sip_a> Source Address
<https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9¤t_view=0&sort_order=sip_d> < <https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9¤t_view=0&sort_order=dip_a> Dest. Address > <https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9¤t_view=0&sort_order=dip_d> UTCSIG DNS request from non-DNS server 2010-01-08 14:31:34 172.17.72.96 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:52839 85.12.43.103 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=85.12.43.103&netmask32>:53 UTCSIG DNS request from non-DNS server 2010-01-09 02:37:44 172.17.72.96 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:52762 85.12.43.103 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=85.12.43.103&netmask32>:53 REN-ISAC TROJAN possible Torpig Infection 2010-01-11 15:57:17 172.17.72.96 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40167 72.51.43.97 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=72.51.43.97&netmask32>:80 ET TROJAN Torpig Infection Reporting 2010-01-11 15:57:17 172.17.72.96 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40167 72.51.43.97 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=72.51.43.97&netmask32>:80 REN-ISAC TROJAN possible Torpig Infection 2010-01-11 15:57:18 172.17.72.96 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40168 115.124.108.153 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=115.124.108.153&netmask32>:80 ET TROJAN Torpig Infection Reporting 2010-01-11 15:57:18 172.17.72.96 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40168 115.124.108.153 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=115.124.108.153&netmask32>:80 REN-ISAC TROJAN possible Torpig Infection 2010-01-11 16:03:54 172.17.72.96 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40170 74.125.45.103 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=74.125.45.103&netmask32>:80 ET TROJAN Torpig Infection Reporting 2010-01-11 16:03:54 172.17.72.96 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40170 74.125.45.103 <https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=74.125.45.103&netmask32>:80 Disabling Jeff
Current thread:
- torpig in holt DELL INC 172.17.72.96 00:12:3F:63:E0:95 HLT-CM-2 Fa0/10 { 239D2 } Jeff Kell (Jan 11)