Security Basics mailing list archives
Possible virus?
From: "Jennifer Fountain" <jfountain () rbinc com>
Date: Mon, 15 Dec 2003 09:46:41 -0500
Hi all, I have been seeing a lot of strange traffic hitting my firewall and cannot get a definite as to what it actually is. Dec 15 01:42:35 fw.domain.com Dec 15 2003 01:37:38: %PIX-3-106011: Deny inbound (No xlate) tcp src outside:69.50.163.130/6667 dst outside:x.x.x.x/2363 Dec 14 10:56:43 fw.domain.com Dec 14 2003 10:51:55: %PIX-3-106011: Deny inbound (No xlate) tcp src outside:69.50.163.130/6667 dst outside:x.x.x.x/4001 Dec 13 23:00:15 fw.domain.com Dec 13 2003 22:55:34: %PIX-3-106011: Deny inbound (No xlate) tcp src outside:69.50.163.130/6667 dst outside:x.x.x.x/2423 Dec 13 23:50:51 fw.domain.com Dec 13 2003 23:46:09: %PIX-4-106023: Deny tcp src outside:68.34.60.101/6667 dst inside:x.x.x.x/1726 by access-group "outside_access_in"
From what I am seeing, it is from the same ip and src port - 6667 but
going to different ip and dest ports. I have seen this activity from numerous hosts and a dig cannot find anything about them. I have seen an massive increase of this traffic over the last couple of days and can't find any conclusive evidence that it may be a virus in the wild. Has anyone else seen this type of traffic? Any information is greatly appreciated. Jenn --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Possible virus? Jennifer Fountain (Dec 15)
- Re: Possible virus? DRW Customer Service (Dec 15)
- RE: Possible virus? Mike (Dec 16)
- Re: Possible virus? Melvin Foong (Dec 15)
- Re: Possible virus? Devilscrow Sr (Dec 15)
- RE: Possible virus? Joey Peloquin (Dec 15)
- <Possible follow-ups>
- Re: Possible virus? Dinesh (Dec 15)
- RE: Possible virus? Srecko Jovancevic (Dec 16)
- RE: Possible virus? Spencer D'oro (Dec 18)
- RE: Possible virus? Srecko Jovancevic (Dec 16)
- RE: Possible virus? Melvin Foong (Dec 16)
- Re: Possible virus? DRW Customer Service (Dec 15)