[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: mysterious complaints from my ISP - could it be Beagle?



P Jones wrote:
On 1/17/07, Claude Jones <claude_jones levitjames com> wrote:
For several months now, a box I have up on the net at the office has been
generating the occasional complaint from my ISP. They generally a few lines from a report they've received which are largely uninformative except for the
fact that they contain the word SPAM in them. I've run port scans,
chrootkits, monitored my logs, and several other things, and have never found
anything. Every time I call them, they tell me it's probably someone
masquerating as me. Just now, I've gotten a fresh complaint which contains
the following lines reported to my ISP reported to them by whoever their
upstream provider is (I think it may be Global Crossing)

7784 | 207.188.230.120 | 2007-01-16 14:53:27 cbl SPAM | ATLANTECH -
Atlantech Online, Inc.
7784 | 209.183.239.194 | 2007-01-16 17:46:43 cbl SPAM | ATLANTECH -
Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 01:57:58 w.php srcport 2875 BEAGLE |
ATLANTECH - Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 06:30:47 w.php srcport 4544 BEAGLE |
ATLANTECH - Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 15:44:26 w.php srcport 3805 BEAGLE |
ATLANTECH - Atlantech Online, Inc.

The third through fifth entries are the first time Beagle has ever appeared in these reports. Does anyone have an insight to what this could be about? By the way, the first line IP address is my box - the other IP's are unknown to me - maybe they don't even apply. It's funny because when I call tech support
and try to ask them about it, they're always apologetic, and don't really
know what these reports mean either...
--
Claude Jones
Brunswick, MD, USA

Claude;

Looks like Atlantech is your ISP, and the three last IPs are infected
with a Beagle trojan variant:

http://www.symantec.com/security_response/writeup.jsp?docid=2005-122421-0146-99&tabid=2

It also looks like your IP and the second IP are being flagged as spam
sources. Your IP is in the CBL, you can see it here:

http://cbl.abuseat.org/lookup.cgi?ip=207.188.230.120&.submit=Lookup

There are directions on the pagge referenced to delist your IP.

-P


I'm surprised that it is a beagle giving trouble on the winnt side of the fence.

I guess our beagle is let out of the pound for this episode.

Jim

--
One nice thing about egotists: they don't talk about other people.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]