[unisog] 10.10.10.10:36278

Phillip G Deneault deneault at WPI.EDU
Mon Feb 23 19:01:57 GMT 2004


Over the weekend there was about 2 dozen machines trying to connect to
that address, all of them student dorm computers.  The 2 I looked at are
not infected with anything I can find(Both hand-checking and scanning with
latest McAfee dats).  However both of them are running Ares P2P client and
the Ares P2P client on one kept trying to send SYN packets to that
address.

Maybe its something within Ares thats broken?  Maybe once a bad host IP is
injected into the network, it keeps trying until it chokes?

Phil

On Mon, 23 Feb 2004, Phillip G Deneault wrote:

> > It's interesting to note that today, we noticed traffic going to 10.0.1.128
> > also.  That IP seems to be triggered by a version of Gaobot that attempts to
> > reach lar.ath.cx, which resolves to 10.0.1.128.
> > 
> > Paul
> > -- 
> > Paul Dokas                                            dokas at cs.umn.edu
> > ======================================================================
> > Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."
> > 
> 
> I've noticed this traffic also.  Today I'll generate a list of machine 
> with this traffic and see if I can tie it down to something in 
> particular.
> 
> Phil
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Phil Deneault     "We work in the dark, We do what we can,
> deneault at wpi.edu   We give what we have. Our doubt is our passion,
> WPI NetOps         and our passion is our task. The rest is the
> InfoSec            madness of art." - Henry James
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> 
> 
> 
> 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Phil Deneault     "We work in the dark, We do what we can,
deneault at wpi.edu   We give what we have. Our doubt is our passion,
WPI NetOps         and our passion is our task. The rest is the
InfoSec            madness of art." - Henry James
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-





More information about the unisog mailing list