Security Basics mailing list archives
Re: Possible virus?
From: Devilscrow Sr <devilscrow () gawab com>
Date: Tue, 16 Dec 2003 01:55:03 +0530
Hi,As it stands it looks like someone is accessing an IRC (internet relay chat) server. But since this is incoming traffic, you need to check your self for possible irc bots that may have been deployed on your network.
Secondly, if you are using a Win2K box then port 6667 is used to comunicate with the UPS.
-dev Jennifer Fountain wrote:
Dec 13 23:50:51 fw.domain.com Dec 13 2003 23:46:09: %PIX-4-106023: Deny tcp src outside:68.34.60.101/6667 dst inside:x.x.x.x/1726 by access-group "outside_access_in"From what I am seeing, it is from the same ip and src port - 6667 butgoing to different ip and dest ports. I have seen this activity from numerous hosts and a dig cannot find anything about them.
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Possible virus? Jennifer Fountain (Dec 15)
- Re: Possible virus? DRW Customer Service (Dec 15)
- RE: Possible virus? Mike (Dec 16)
- Re: Possible virus? Melvin Foong (Dec 15)
- Re: Possible virus? Devilscrow Sr (Dec 15)
- RE: Possible virus? Joey Peloquin (Dec 15)
- <Possible follow-ups>
- Re: Possible virus? Dinesh (Dec 15)
- RE: Possible virus? Srecko Jovancevic (Dec 16)
- RE: Possible virus? Spencer D'oro (Dec 18)
- RE: Possible virus? Srecko Jovancevic (Dec 16)
- RE: Possible virus? Melvin Foong (Dec 16)
- Re: Possible virus? DRW Customer Service (Dec 15)