Re: mysterious complaints from my ISP - could it be Beagle?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/17/07, Claude Jones <claude_jones@xxxxxxxxxxxxxx> wrote:

For several months now, a box I have up on the net at the office has been
generating the occasional complaint from my ISP. They generally a few lines
from a report they've received which are largely uninformative except for the
fact that they contain the word SPAM in them. I've run port scans,
chrootkits, monitored my logs, and several other things, and have never found
anything. Every time I call them, they tell me it's probably someone
masquerating as me. Just now, I've gotten a fresh complaint which contains
the following lines reported to my ISP reported to them by whoever their
upstream provider is (I think it may be Global Crossing)

7784 | 207.188.230.120 | 2007-01-16 14:53:27 cbl SPAM | ATLANTECH -
Atlantech Online, Inc.
7784 | 209.183.239.194 | 2007-01-16 17:46:43 cbl SPAM | ATLANTECH -
Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 01:57:58 w.php srcport 2875 BEAGLE |
ATLANTECH - Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 06:30:47 w.php srcport 4544 BEAGLE |
ATLANTECH - Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 15:44:26 w.php srcport 3805 BEAGLE |
ATLANTECH - Atlantech Online, Inc.

The third through fifth entries are the first time Beagle has ever appeared in
these reports. Does anyone have an insight to what this could be about? By
the way, the first line IP address is my box - the other IP's are unknown to
me - maybe they don't even apply. It's funny because when I call tech support
and try to ask them about it, they're always apologetic, and don't really
know what these reports mean either...
--
Claude Jones
Brunswick, MD, USA


Claude;

Looks like Atlantech is your ISP, and the three last IPs are infected
with a Beagle trojan variant:

http://www.symantec.com/security_response/writeup.jsp?docid=2005-122421-0146-99&tabid=2

It also looks like your IP and the second IP are being flagged as spam
sources. Your IP is in the CBL, you can see it here:

http://cbl.abuseat.org/lookup.cgi?ip=207.188.230.120&.submit=Lookup

There are directions on the pagge referenced to delist your IP.

-P
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux