Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Botnet and port 10110

  • Please log in to reply
No replies to this topic

#1 Jacob_


  • Members
  • 4 posts
  • Local time:07:54 PM

Posted 03 August 2010 - 11:21 AM


I've been getting emails from my ISP (AT&T) recently about suspected botnet IRC activity on July 27th and 29th (another email came today but it was blank). It happened around midnight UTC on both days.

I have AVG installed and ran a scan with MalwareBytes, and nothing was found.

Using netstat I discovered some unusual open ports: 10110 and 27015. Searching for port 10110 on Google produced this graph from SANS:


There was a huge spike in sources of that port on the 29th.

Google suggested port 27015 as a related search term. This is the Half Life 2 server port, but I don't have HL2 (I have the Valve games Portal and Alien Swarm, but I don't run a server for either.)

It might be related to Steam, but I'm not sure (even with the spike there were only 200 sources for port 10110).

I couldn't find any bad processes or startup entries.

I have been using IRC a lot recently, so maybe it was just a false positive?

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users