Possible virus?

["Jennifer Fountain" <jfountain () rbinc com>]

Hi all,

I have been seeing a lot of strange traffic hitting my firewall and
cannot get a definite as to what it actually is.

Dec 15 01:42:35 fw.domain.com Dec 15 2003 01:37:38: %PIX-3-106011: Deny
inbound (No xlate) tcp src outside:69.50.163.130/6667 dst
outside:x.x.x.x/2363
Dec 14 10:56:43 fw.domain.com Dec 14 2003 10:51:55: %PIX-3-106011: Deny
inbound (No xlate) tcp src outside:69.50.163.130/6667 dst
outside:x.x.x.x/4001
Dec 13 23:00:15 fw.domain.com Dec 13 2003 22:55:34: %PIX-3-106011: Deny
inbound (No xlate) tcp src outside:69.50.163.130/6667 dst
outside:x.x.x.x/2423
Dec 13 23:50:51 fw.domain.com Dec 13 2003 23:46:09: %PIX-4-106023: Deny
tcp src outside:68.34.60.101/6667 dst inside:x.x.x.x/1726 by
access-group "outside_access_in"

> From what I am seeing, it is from the same ip and src port - 6667 but
going to different ip and dest ports.  I have seen this activity from
numerous hosts and a dig cannot find anything about them.

I have seen an massive increase of this traffic over the last couple of
days and can't find any conclusive evidence that it may be a virus in
the wild.  Has anyone else seen this type of traffic?

Any information is greatly appreciated.
Jenn

---------------------------------------------------------------------------
----------------------------------------------------------------------------