Sobig.F - UDP Port 8998 Communication

Heath, Carter wcheath at email.uncc.edu
Fri Aug 22 21:11:59 GMT 2003


We noticed an attempted UDP connection on port 8998 to multiple hosts on the
following list:

 

> 67.73.21.6

> 68.38.159.161

> 67.9.241.67

> 66.131.207.81

> 65.177.240.194

> 65.93.81.59

> 65.95.193.138

> 65.92.186.145

> 63.250.82.87

> 65.92.80.218

> 61.38.187.59

> 24.210.182.156

> 24.202.91.43

> 24.206.75.137

> 24.197.143.132

> 12.158.102.205

> 24.33.66.38

> 218.147.164.29

> 12.232.104.221

> 68.50.208.96

 

The UDP 8998 connection was preceded by a NTP connection.

 

This event started around 4:30pm EST.   We are quarantining the machine for
analysis.

 

 

Carter Heath, CISSP
IT Security Officer

Information and Technology Services (ITS)
The University of North Carolina at Charlotte
9201 University City Boulevard
Charlotte, NC 28223-0001
PHONE (704)687-8927
FAX (704) 687-3134
wcheath <mailto:wcheath at email.uncc.edu> @email.uncc.edu
<mailto:k at email.uncc.edu> 

 



More information about the unisog mailing list