Infected Target:  192.168.71.2
Score:            1.8 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       <unobserved>
Peer Coord. List: <unobserved>
Resource List:    192.168.71.176 (2)
Observed Start:   07/13/2008 22:24:07.562 PDT
Gen. Time:        07/13/2008 22:28:37.002 PDT

INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT (slade)
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
OUTBOUND SCAN
    192.168.71.177 (22:24:07.562 PDT)
       event=777:7777005 {icmp} E5[bh] Detected moderate malware port scanning of 9 IPs (2 /24s) (# pkts S/M/O/I=2/19/3/10): 137u:18, 138u:1
          (22:24:07.562 PDT)
       
ATTACK PREP
    192.168.71.176 (2) (22:24:14.814 PDT)
       event=1:2600110 {udp} E6[rb] SPYWARE-DNS  DNS lookup 14 chars (.com)
          53<-1026 (22:27:30.582 PDT)
       -------------------------
       event=1:2600333 {udp} E6[rb] SPYWARE-DNS  DNS lookup 8 chars (.net)
          53<-1026 (22:24:14.814 PDT)
       
DECLARE BOT
    192.168.71.177 (22:24:07.951 PDT)
       event=777:7777008 {icmp} E8[bh] Detected intense malware port scanning of 21 IPs (2 /24s) (# pkts S/M/O/I=2/19/3/22): 137u:18, 138u:1
          (22:24:07.951 PDT)
       
tcpslice 1216013047.562 1216013047.563 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.71.2'