Infected Target:  192.168.71.2
Score:            1.0 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       <unobserved>
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   08/30/2008 00:54:11.369 PDT
Gen. Time:        08/30/2008 00:58:47.099 PDT

INBOUND SCAN
    192.168.71.179 (3) (00:52:48.930 PDT)
       event=777:7777001 (3) {udp} E1[bh] Detected moderate malware scan by 192.168.71.179 (# pkts S/M/O/I=746/35488/13/53) of 5 IPs:  192.168.71.2.{137,53,53} 192.168.71.255.{137,138} 192.168.71.254.67
          0<-0 (00:52:48.930 PDT)
          0<-0 (00:54:49.348 PDT)
          0<-0 (00:56:49.404 PDT)
       
    192.168.71.181 (3) (00:53:29.925 PDT)
       event=777:7777001 (3) {udp} E1[bh] Detected moderate malware scan by 192.168.71.181 (# pkts S/M/O/I=57/7211/13/23) of 5 IPs:  192.168.71.2.{137,53} 192.168.71.255.{137,138} 192.168.71.179.137 192.168.71.254.67
          0<-0 (00:53:29.925 PDT)
          0<-0 (00:55:29.919 PDT)
          0<-0 (00:57:30.194 PDT)
       
EXPLOIT
    <unobserved>
    
EXPLOIT (slade)
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
OUTBOUND SCAN
    <unobserved>
    
ATTACK PREP
    <unobserved>
    
DECLARE BOT
    192.168.71.179 (4) (00:54:11.369 PDT)
       event=777:7777008 (4) {udp} E8[bh] Detected intense malware port scanning of 30 IPs (13 /24s) (# pkts S/M/O/I=2902/35779/17/20): 137u:35750, 138u:29
          0<-0 (00:54:11.369 PDT)
          0<-0 (00:55:41.216 PDT)
          0<-0 (00:57:11.172 PDT)
          0<-0 (00:58:47.099 PDT)
       
tcpslice 1220082851.369 1220082851.370 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.71.2'