Infected Target:  192.168.184.132
Score:            1.3 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       <unobserved>
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   06/23/2008 21:45:37.613 PDT
Gen. Time:        06/23/2008 21:49:45.082 PDT

INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT (slade)
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
OUTBOUND SCAN
    47.10.140.69 (21:49:45.082 PDT)
       event=1:2002973 {tcp} E5[rb] BLEEDING-EDGE Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor
          1295->3127 (21:49:45.082 PDT)
       
    193.72.142.80 (21:45:37.621 PDT)
       event=1:2002973 {tcp} E5[rb] BLEEDING-EDGE Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor
          1049->3127 (21:45:37.621 PDT)
       
    202.104.70.59 (21:48:47.774 PDT)
       event=1:2002973 {tcp} E5[rb] BLEEDING-EDGE Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor
          1233->3127 (21:48:47.774 PDT)
       
    118.241.176.90 (21:46:40.241 PDT)
       event=1:2002973 {tcp} E5[rb] BLEEDING-EDGE Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor
          1099->3127 (21:46:40.241 PDT)
       
    192.168.184.2 (21:45:37.613 PDT)
       event=777:7777005 {tcp} E5[bh] Detected moderate malware port scanning of 9 IPs (7 /24s) (# pkts S/M/O/I=1/45/8/4): 137u:35, 138u:10
          0->0 (21:45:37.613 PDT)
       
    200.86.71.78 (21:47:43.034 PDT)
       event=1:2002973 {tcp} E5[rb] BLEEDING-EDGE Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor
          1168->3127 (21:47:43.034 PDT)
       
ATTACK PREP
    <unobserved>
    
DECLARE BOT
    180.134.98.84 (21:47:07.245 PDT)
       event=777:7777008 {tcp} E8[bh] Detected intense malware port scanning of 30 IPs (29 /24s) (# pkts S/M/O/I=1/345/122/4): 3127:183, 445:86, 137u:61, 138u:15
          0->0 (21:47:07.245 PDT)
       
    131.39.34.100 (21:48:37.164 PDT)
       event=777:7777008 {tcp} E8[bh] Detected intense malware port scanning of 30 IPs (29 /24s) (# pkts S/M/O/I=1/613/226/4): 3127:354, 445:168, 137u:72, 138u:19
          0->0 (21:48:37.164 PDT)
       
    192.168.184.2 (21:45:37.619 PDT)
       event=777:7777008 {tcp} E8[bh] Detected intense malware port scanning of 21 IPs (19 /24s) (# pkts S/M/O/I=1/52/13/4): 137u:35, 138u:10, 3127:7
          0->0 (21:45:37.619 PDT)
       
tcpslice 1214282737.613 1214282737.614 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.184.132'