P Jones wrote:
On 1/17/07, Claude Jones <claude_jones@xxxxxxxxxxxxxx> wrote:
For several months now, a box I have up on the net at the office has been
generating the occasional complaint from my ISP. They generally a few
lines
from a report they've received which are largely uninformative except
for the
fact that they contain the word SPAM in them. I've run port scans,
chrootkits, monitored my logs, and several other things, and have
never found
anything. Every time I call them, they tell me it's probably someone
masquerating as me. Just now, I've gotten a fresh complaint which
contains
the following lines reported to my ISP reported to them by whoever their
upstream provider is (I think it may be Global Crossing)
7784 | 207.188.230.120 | 2007-01-16 14:53:27 cbl SPAM | ATLANTECH -
Atlantech Online, Inc.
7784 | 209.183.239.194 | 2007-01-16 17:46:43 cbl SPAM | ATLANTECH -
Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 01:57:58 w.php srcport 2875 BEAGLE |
ATLANTECH - Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 06:30:47 w.php srcport 4544 BEAGLE |
ATLANTECH - Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 15:44:26 w.php srcport 3805 BEAGLE |
ATLANTECH - Atlantech Online, Inc.
The third through fifth entries are the first time Beagle has ever
appeared in
these reports. Does anyone have an insight to what this could be
about? By
the way, the first line IP address is my box - the other IP's are
unknown to
me - maybe they don't even apply. It's funny because when I call tech
support
and try to ask them about it, they're always apologetic, and don't really
know what these reports mean either...
--
Claude Jones
Brunswick, MD, USA
Claude;
Looks like Atlantech is your ISP, and the three last IPs are infected
with a Beagle trojan variant:
http://www.symantec.com/security_response/writeup.jsp?docid=2005-122421-0146-99&tabid=2
It also looks like your IP and the second IP are being flagged as spam
sources. Your IP is in the CBL, you can see it here:
http://cbl.abuseat.org/lookup.cgi?ip=207.188.230.120&.submit=Lookup
There are directions on the pagge referenced to delist your IP.
-P
I'm surprised that it is a beagle giving trouble on the winnt side of
the fence.
I guess our beagle is let out of the pound for this episode.
Jim
--
One nice thing about egotists: they don't talk about other people.