Re: mysterious complaints from my ISP - could it be Beagle?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/17/07, Claude Jones <claude_jones@xxxxxxxxxxxxxx> wrote:

For several months now, a box I have up on the net at the office has been
generating the occasional complaint from my ISP. They generally a few lines
from a report they've received which are largely uninformative except for the
fact that they contain the word SPAM in them. I've run port scans,
chrootkits, monitored my logs, and several other things, and have never found
anything. Every time I call them, they tell me it's probably someone
masquerating as me. Just now, I've gotten a fresh complaint which contains
the following lines reported to my ISP reported to them by whoever their
upstream provider is (I think it may be Global Crossing)

7784 | 207.188.230.120 | 2007-01-16 14:53:27 cbl SPAM | ATLANTECH -
Atlantech Online, Inc.
7784 | 209.183.239.194 | 2007-01-16 17:46:43 cbl SPAM | ATLANTECH -
Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 01:57:58 w.php srcport 2875 BEAGLE |
ATLANTECH - Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 06:30:47 w.php srcport 4544 BEAGLE |
ATLANTECH - Atlantech Online, Inc.
7784 | 65.79.236.162 | 2007-01-16 15:44:26 w.php srcport 3805 BEAGLE |
ATLANTECH - Atlantech Online, Inc.

The third through fifth entries are the first time Beagle has ever appeared in
these reports. Does anyone have an insight to what this could be about? By
the way, the first line IP address is my box - the other IP's are unknown to
me - maybe they don't even apply. It's funny because when I call tech support
and try to ask them about it, they're always apologetic, and don't really
know what these reports mean either...
--
Claude Jones
Brunswick, MD, USA


Claude;

Looks like Atlantech is your ISP, and the three last IPs are infected
with a Beagle trojan variant:

http://www.symantec.com/security_response/writeup.jsp?docid=2005-122421-0146-99&tabid=2

It also looks like your IP and the second IP are being flagged as spam
sources. Your IP is in the CBL, you can see it here:

http://cbl.abuseat.org/lookup.cgi?ip=207.188.230.120&.submit=Lookup

There are directions on the pagge referenced to delist your IP.

-P
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux