Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

torpig in holt DELL INC 172.17.72.96 00:12:3F:63:E0:95 HLT-CM-2 Fa0/10 { 239D2 }

From: Jeff Kell <jeff-kell () UTC EDU>
Date: Mon, 11 Jan 2010 12:36:17 -0500
DELL INC 172.17.72.96 00:12:3F:63:E0:95  HLT-CM-2 Fa0/10 { 239D2 }

 <
<https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9&current_view=0&sort_order=sig_a> Signature >
<https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9&current_view=0&sort_order=sig_d>
         <
<https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9&current_view=0&sort_order=time_a> Timestamp >
<https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9&current_view=0&sort_order=time_d>
         <
<https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9&current_view=0&sort_order=sip_a> Source Address 



<https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9&current_view=0&sort_order=sip_d>
         <
<https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9&current_view=0&sort_order=dip_a> Dest. Address >
<https://taran.utc.edu/BASE/base_qry_main.php?caller=&num_result_rows=9&current_view=0&sort_order=dip_d>

UTCSIG DNS request from non-DNS server  2010-01-08 14:31:34
172.17.72.96
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:52839
        85.12.43.103
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=85.12.43.103&netmask32>:53

UTCSIG DNS request from non-DNS server  2010-01-09 02:37:44
172.17.72.96
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:52762
        85.12.43.103
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=85.12.43.103&netmask32>:53

REN-ISAC TROJAN possible Torpig Infection       2010-01-11 15:57:17
172.17.72.96
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40167
        72.51.43.97
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=72.51.43.97&netmask32>:80

ET TROJAN Torpig Infection Reporting    2010-01-11 15:57:17     172.17.72.96
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40167
        72.51.43.97
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=72.51.43.97&netmask32>:80

REN-ISAC TROJAN possible Torpig Infection       2010-01-11 15:57:18
172.17.72.96
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40168
        115.124.108.153
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=115.124.108.153&netmask32>:80

ET TROJAN Torpig Infection Reporting    2010-01-11 15:57:18     172.17.72.96
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40168
        115.124.108.153
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=115.124.108.153&netmask32>:80

REN-ISAC TROJAN possible Torpig Infection       2010-01-11 16:03:54
172.17.72.96
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40170
        74.125.45.103
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=74.125.45.103&netmask32>:80

ET TROJAN Torpig Infection Reporting    2010-01-11 16:03:54     172.17.72.96
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=172.17.72.96&netmask=32>:40170
        74.125.45.103
<https://taran.utc.edu/BASE/base_stat_ipaddr.php?ip=74.125.45.103&netmask32>:80



Disabling

Jeff
Previous By Date Next
Previous By Thread Next

Current thread: