[Dshield] Curious outbound firewall log entry

Dale Sampson dalejsampson at ameritech.net
Sat Mar 15 01:12:34 GMT 2003


Linksys firewall log showed the following outbound entry today:

3/14/2003 11:10:16.936
Source: 192.168.1.2:2502
Dest: 211.167.7.22:1001 

Simovits ID's this  port usage as a number of worm / Trojan.

Doing a search for the .exe & .dll associated (based on simovits list)
doesn't find anything, nor does norton AV or ad-aware.

I was using Outlook XP around this time - I was clearing my "Spam" email
account (long story - don't ask!).

Question: Could this outbound have been initiated by a html email link?

Thanks - curious in cleveland :~)

Dale Sampson, RN
http://www.dalesplace.net/dalesplace.htm
 




More information about the list mailing list