Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Botnet and port 10110


  • Please log in to reply
No replies to this topic

#1 Jacob_

Jacob_

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 03 August 2010 - 11:21 AM

Hi,

I've been getting emails from my ISP (AT&T) recently about suspected botnet IRC activity on July 27th and 29th (another email came today but it was blank). It happened around midnight UTC on both days.

I have AVG installed and ran a scan with MalwareBytes, and nothing was found.

Using netstat I discovered some unusual open ports: 10110 and 27015. Searching for port 10110 on Google produced this graph from SANS:

http://isc.sans.edu/portgraph.html?_jpg_cs...p;submit=Update

There was a huge spike in sources of that port on the 29th.

Google suggested port 27015 as a related search term. This is the Half Life 2 server port, but I don't have HL2 (I have the Valve games Portal and Alien Swarm, but I don't run a server for either.)

It might be related to Steam, but I'm not sure (even with the spike there were only 200 sources for port 10110).

I couldn't find any bad processes or startup entries.

I have been using IRC a lot recently, so maybe it was just a false positive?

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users