• Start: Sat Sep 12 16:07:32 2009
  • End:  Sat Sep 12 16:28:08 2009
  • Duration: 20 min or 1236 secs
  • Packets: 198818
  • NetFlows: 56512
  • Size: 27M
  • IRC Strings: Yes
  • SPAM Strings: Yes
  • Amount of SPAM connections: 4206

Quick description:
The capture does not show the start of the connection. It is already started and infected. The bots are sending SPAM. The connections to the port 139/TCP are normal of the windows in the network. At the end the bot performs an internal port scan.

In this capture we have changed some domain names to protect the privacy of some institutions. Therefore, some check-sums can be wrong.
Unknown user,
May 28, 2012, 5:27 PM