Infected Target:  192.168.184.1
Score:            1.5 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       <unobserved>
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   06/14/2008 23:42:01.854 PDT
Gen. Time:        06/14/2008 23:46:07.452 PDT

INBOUND SCAN
    192.168.184.132 (23:46:07.452 PDT)
       event=777:7777001 {hopopt} E1[bh] Detected moderate malware scan by 192.168.184.132 (# pkts S/M/O/I=1/118/13/8) of 5 IPs:  192.168.184.2.{137,53} 192.168.184.255.{137,138} 192.168.184.1.{138,137,3419}
          (23:46:07.452 PDT)
       
EXPLOIT
    <unobserved>
    
EXPLOIT (slade)
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
OUTBOUND SCAN
    192.168.184.132 (23:45:32.284 PDT)
       event=777:7777005 {udp} E5[bh] Detected intense non-malware port scanning of 30 IPs (28 /24s) (# pkts S/M/O/I=153/118/5/4): 53u:153, 123u:2, 1900u:3
          0<-0 (23:45:32.284 PDT)
       
ATTACK PREP
    <unobserved>
    
DECLARE BOT
    192.168.184.132 (3) (23:42:01.854 PDT)
       event=777:7777008 (3) {udp} E8[bh] Detected intense malware port scanning of 30 IPs (28 /24s) (# pkts S/M/O/I=109/104/5/4): 137u:84, 138u:20
          0<-0 (23:42:01.854 PDT)
          0<-0 (23:43:32.102 PDT)
          0<-0 (23:45:02.225 PDT)
       
tcpslice 1213512121.854 1213512121.855 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.184.1'