Infected Target:  192.168.71.2
Score:            1.5 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       <unobserved>
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   07/02/2008 05:20:45.067 PDT
Gen. Time:        07/02/2008 05:24:58.665 PDT

INBOUND SCAN
    192.168.71.148 (05:23:45.956 PDT)
       event=777:7777001 {udp} E1[bh] Detected moderate malware scan by 192.168.71.148 (# pkts S/M/O/I=0/811/31/129) of 5 IPs:  192.168.71.2.{137,53} 192.168.71.255.{137,138} 192.168.71.149.137 192.168.71.254.67
          0<-0 (05:23:45.956 PDT)
       
EXPLOIT
    <unobserved>
    
EXPLOIT (slade)
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
OUTBOUND SCAN
    192.168.71.148 (3) (05:20:45.067 PDT)
       event=777:7777005 (3) {udp} E5[bh] Detected intense non-malware port scanning of 22 IPs (16 /24s) (# pkts S/M/O/I=64675/805/70/36): 53u:65535, 123u:1, 1900u:3, 25:36, 67u:30
          0<-0 (05:20:45.067 PDT)
          0<-0 (05:22:15.073 PDT)
          0<-0 (05:24:58.665 PDT)
       
ATTACK PREP
    <unobserved>
    
DECLARE BOT
    192.168.71.148 (2) (05:22:35.104 PDT)
       event=777:7777008 (2) {udp} E8[bh] Detected intense malware port scanning of 22 IPs (16 /24s) (# pkts S/M/O/I=0/808/71/37): 137u:767, 138u:41
          0<-0 (05:22:35.104 PDT)
          0<-0 (05:24:05.069 PDT)
       
tcpslice 1215001245.067 1215001245.068 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.71.2'