- INDICATOR-COMPROMISE Suspicious .su dns query
- INDICATOR-COMPROMISE Suspicious .cc dns query
Here are the complete log entries:
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-18.log.gz:2013:11:18-17:04:16 wahine snort[13776]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .su dns query" group="241" srcip="10.1.0.8" dstip="10.1.1.2" proto="17" srcport="62707" dstport="53" sid="27721" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-20.log.gz:2013:11:20-18:13:36 wahine snort[13776]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .cc dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="13712" dstport="53" sid="28190" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-20.log.gz:2013:11:20-18:13:36 wahine snort[13776]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .cc dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="50733" dstport="53" sid="28190" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-21.log.gz:2013:11:21-00:22:16 wahine snort[13776]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .su dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="27493" dstport="53" sid="27721" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-21.log.gz:2013:11:21-00:22:16 wahine snort[13776]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .su dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="24973" dstport="53" sid="27721" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-21.log.gz:2013:11:21-00:22:43 wahine snort[13776]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .su dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="10976" dstport="53" sid="27721" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-21.log.gz:2013:11:21-00:22:43 wahine snort[13776]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .su dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="9384" dstport="53" sid="27721" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-21.log.gz:2013:11:21-00:22:43 wahine snort[13776]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .su dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="8039" dstport="53" sid="27721" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-21.log.gz:2013:11:21-00:22:43 wahine snort[13776]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .su dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="40262" dstport="53" sid="27721" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-21.log.gz:2013:11:21-22:05:02 wahine snort[22918]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .cc dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="5717" dstport="53" sid="28190" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/11/ips-2013-11-21.log.gz:2013:11:21-22:05:02 wahine snort[22918]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .cc dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="48089" dstport="53" sid="28190" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/12/ips-2013-12-01.log.gz:2013:12:01-12:57:35 wahine snort[22918]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .cc dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="46138" dstport="53" sid="28190" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
[FONT=monospace]/var/log/ips/2013/12/ips-2013-12-01.log.gz:2013:12:01-12:57:35 wahine snort[22918]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="INDICATOR-COMPROMISE Suspicious .cc dns query" group="241" srcip="10.1.2.11" dstip="10.1.1.2" proto="17" srcport="19862" dstport="53" sid="28190" class="A Network Trojan was detected" priority="1" generator="1" msgid="0" [/FONT]
This machine is my primary desktop and a vulnerability/infection is a major concern.
How can I confirm this.
I checked with clamscan and found nothing.
The system in question is a new install of Ubuntu 13.10_x64.
This thread was automatically locked due to age.
