[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Latest virus kills m0n0wall
 Date:  Sun, 12 Aug 2007 01:32:12 -0500 
Replying to myself again...  Updates to all, and this seems the best way 
to thread it.

Scope...  I have about 40 hotels.  They generally have from 10-30 users 
each a night.  I have no control and damn little contact with the users. 
  The business critical application is porn.  Seriously.  I can block 
https with less trouble than blocking porn.  The p2p traffic is limited 
by the lack of inbound ports and NAT, so even limewire is not an issue. 
  Gaming, however, is quite common.  A lot of my clients are extended 
stay hotels.  These guys do not have laptops.  One room had a Alianware 
PC and a 42inch monitor / TV.  Oh, and a virus.  So limiting to known 
ports will create a game babysitting issue, and a complex ruleset over 
40 hotels.  (If I fix one, I have to fix them all for the next guy) 
Version management becomes a nightmare fast.  It is already!

Impact...  I have seen 8 systems infects with this worm.  I believe it 
is the cause of these articles.
http://www.theregister.co.uk/2007/08/07/storm_worm_spike/
http://www.theregister.co.uk/2007/08/09/pdf_spam_blitz/
http://www.theregister.co.uk/2007/08/09/norton_security_bugs/
I think all of the infected were on Symantic, but various versions. 
While a small number, they have had a very serious impact.  With one 
sight, m0n0wall was holding it's own, but the T1 with voice lines and 
dynamic bandwidth had a problem.  Like the hotel had no incoming calls. 
  Additionally, I had one user with enough knowledge to be dangerous.  I 
blocked his IP, and gave him a static DHCP assignment in a blocked IP as 
well.  So he changed nics.  3 times.  Then tried setting his own IP 5 
times.  I felt like the corperate guys in Hackers!  Of course, now when 
I go to check his logs, he has checked out.  (Or at least standard 
traffic has scrolled his logs off the screen.)

Symptoms... To start the traffic graph has about 500 Kbps outbound, and 
little or know inbound traffic.  You will also have people bitching at 
you about the internet being slow / down.  If you look at your state 
table, take a snapshot and view delta after about 15 seconds.  Sort by 
source IP, and you will have 300 entries from one IP outbound to about 
200 addresses what looks like random high ports.  Just look at your own 
firewall logs to see what is hitting you for a sample.  I just spot 
checked about 5 sights, and they all have similar stuff.  (Along with 
the usual por 80, 443, 22 scans)

A short (a few seconds) log...

Source	Port	Destination	Port	Protocol	Packets	Bytes	TTL
192.168.42.116	2147	85.141.135.115	24787	tcp	0	0	36:41:00
192.168.42.116	5000	69.63.14.7	80	tcp	0	0	09:21:00 PM
192.168.42.116	2002	70.131.218.83	4110	tcp	0	0	02:24:31 AM
192.168.42.116	1029	192.168.42.1	53	udp	96	10367	03:06:00 AM
192.168.42.116	1063	192.168.42.1	53	udp	44	4979	03:38:00 AM
192.168.42.116	1040	192.168.42.1	53	udp	181	17887	03:38:00 AM
192.168.42.116	1068	192.168.42.1	53	udp	207	22388	03:57:00 AM
192.168.42.116	1202	216.39.53.2	25	tcp	118	85586	02:30:00 AM
192.168.42.116	4762	66.60.130.146	25	tcp	2	80	12:39:00 AM
192.168.42.116	1146	81.103.221.10	25	tcp	116	79740	12:22:00 AM
192.168.42.116	1206	204.57.119.194	25	tcp	104	76526	02:29:54 AM
192.168.42.116	1064	192.168.42.1	53	udp	165	17812	02:34:00 AM
192.168.42.116	4111	195.50.106.7	25	tcp	0	0	38:55:00
192.168.42.116	1176	216.39.53.2	25	tcp	112	63812	02:29:56 AM
192.168.42.116	1785	216.246.93.19	80	tcp	0	0	02:00:26 AM
192.168.42.116	1125	192.168.42.1	53	udp	60	6622	03:42:00 AM
192.168.42.116	1128	192.168.42.1	53	udp	202	19852	02:54:00 AM
192.168.42.116	1213	195.50.106.135	25	tcp	90	56746	02:29:59 AM
192.168.42.116	1214	204.57.119.194	25	tcp	70	47404	02:30:00 AM
192.168.42.116	1138	66.207.7.172	7082	udp	100	6228	03:56:00 AM
192.168.42.116	1138	69.208.136.102	18002	udp	96	4908	03:49:00 AM
192.168.42.116	1138	85.49.213.183	162	udp	98	6168	03:53:00 AM
192.168.42.116	1138	75.72.35.3	21420	udp	96	4908	03:52:00 AM
192.168.42.116	1138	74.131.219.24	3694	udp	90	4682	03:52:00 AM
192.168.42.116	1138	68.11.111.225	26704	udp	94	4848	02:00:00 AM
192.168.42.116	1138	216.220.13.106	10342	udp	94	4848	03:53:00 AM
192.168.42.116	1138	76.196.13.216	2888	udp	92	4788	02:00:00 AM
192.168.42.116	1138	68.108.21.157	23286	udp	94	4480	03:49:00 AM
192.168.42.116	1138	66.207.2.210	31632	udp	92	4788	02:00:00 AM
192.168.42.116	1138	68.45.107.38	32327	udp	92	4788	02:00:00 AM
192.168.42.116	1138	83.227.171.56	14511	udp	60	2444	02:31:00 AM
192.168.42.116	1138	75.24.36.163	17281	udp	100	5400	03:53:00 AM
192.168.42.116	1138	70.119.123.117	18804	udp	96	4448	03:49:00 AM
192.168.42.116	1138	12.207.157.50	3647	udp	90	3758	02:00:00 AM
192.168.42.116	1138	75.35.238.87	29020	udp	94	4618	02:00:00 AM
192.168.42.116	1138	74.13.175.135	22591	udp	96	4678	03:49:00 AM
192.168.42.116	1138	68.104.122.7	2236	udp	92	4788	03:53:00 AM
192.168.42.116	1138	76.187.205.62	24135	udp	92	4420	03:52:00 AM
192.168.42.116	1138	69.180.30.150	9501	udp	96	4908	03:49:00 AM
192.168.42.116	1138	24.149.22.95	19074	udp	96	4770	03:50:00 AM
192.168.42.116	1138	71.7.127.71	24847	udp	98	5014	02:00:00 AM
192.168.42.116	1138	69.139.93.10	1168	udp	94	4618	02:00:00 AM
192.168.42.116	1138	70.128.84.148	20837	udp	92	4788	02:00:00 AM
192.168.42.116	1138	76.31.57.52	10020	udp	92	4374	02:00:00 AM
192.168.42.116	1138	130.160.60.36	29140	udp	92	4558	02:00:00 AM
192.168.42.116	1138	76.17.116.150	25709	udp	92	4788	03:56:00 AM
192.168.42.116	1138	74.192.61.28	32404	udp	96	4632	03:49:00 AM
192.168.42.116	1138	24.159.249.26	33682	udp	96	4402	03:49:00 AM
192.168.42.116	1138	67.188.109.147	23453	udp	96	4586	03:52:00 AM
192.168.42.116	1138	68.225.164.4	31104	udp	96	4540	03:49:00 AM
192.168.42.116	1138	24.155.212.207	27390	udp	94	4894	02:00:00 AM
192.168.42.116	1138	200.114.215.21	11976	udp	796	39648	03:53:00 AM
192.168.42.116	1138	69.247.254.6	10020	udp	94	4710	02:00:00 AM
192.168.42.116	1138	76.109.150.97	26395	udp	96	4908	03:49:00 AM
192.168.42.116	1138	24.99.191.41	18105	udp	96	4402	03:52:00 AM
192.168.42.116	1138	68.34.107.131	23050	udp	96	4770	03:52:00 AM
192.168.42.116	1138	24.93.191.149	28655	udp	94	4388	02:00:00 AM
192.168.42.116	1138	66.74.26.146	6109	udp	92	4374	02:00:00 AM
192.168.42.116	1138	69.109.156.55	11684	udp	96	4908	03:56:00 AM
192.168.42.116	1138	65.33.18.179	17320	udp	96	4494	03:52:00 AM
192.168.42.116	1138	24.239.126.60	16308	udp	92	3864	02:00:00 AM
192.168.42.116	1138	70.178.131.62	11873	udp	98	4876	02:00:00 AM
192.168.42.116	1138	65.185.26.46	4003	udp	96	4770	03:48:00 AM
192.168.42.116	1138	24.192.214.103	9939	udp	64	3580	04:00:00 AM
192.168.42.116	1138	218.53.2.249	15604	udp	94	4618	03:53:00 AM
192.168.42.116	1138	70.117.30.138	7880	udp	94	4526	03:49:00 AM
192.168.42.116	1138	68.110.123.57	20138	udp	94	4342	02:00:00 AM
192.168.42.116	1138	24.242.7.145	8815	udp	94	4664	02:00:00 AM
192.168.42.116	1138	66.61.134.13	14198	udp	94	4618	02:00:00 AM
192.168.42.116	1138	74.56.221.109	28883	udp	94	4342	03:53:00 AM
192.168.42.116	1138	98.198.81.25	10921	udp	96	4586	03:49:00 AM
192.168.42.116	1138	71.201.137.173	6915	udp	94	4342	02:00:00 AM
192.168.42.116	1138	68.104.121.151	16891	udp	90	3758	03:56:00 AM
192.168.42.116	1098	66.77.76.81	80	tcp	60	38916	12:47:00 AM
192.168.42.116	1138	68.201.121.195	29646	udp	92	4374	02:00:00 AM
192.168.42.116	1138	69.205.143.82	21450	udp	94	4434	03:52:00 AM
192.168.42.116	1138	75.84.5.47	11401	udp	90	3758	02:00:00 AM
192.168.42.116	1138	76.180.145.49	3291	udp	94	4572	02:00:00 AM
192.168.42.116	1138	83.20.147.224	30813	udp	94	4664	02:00:00 AM
192.168.42.116	1138	190.84.127.130	15231	udp	810	38684	02:00:00 AM
192.168.42.116	1138	76.116.38.204	13391	udp	808	38670	02:00:00 AM
192.168.42.116	1138	75.36.64.168	22771	udp	94	4296	03:52:00 AM
192.168.42.116	1138	24.136.51.214	21467	udp	90	4268	02:00:00 AM
192.168.42.116	1138	76.170.74.208	3081	udp	822	38500	03:48:00 AM
192.168.42.116	1138	75.65.83.117	28986	udp	804	38462	02:00:00 AM
192.168.42.116	1138	24.185.86.29	14395	udp	716	38444	03:53:00 AM
192.168.42.116	1138	75.138.34.4	24804	udp	824	38418	02:00:00 AM
192.168.42.116	1138	71.223.158.116	24259	udp	94	3924	02:00:00 AM
192.168.42.116	1138	81.5.1.39	6465	udp	820	38386	02:00:00 AM
192.168.42.116	1138	67.71.55.125	29616	udp	826	38382	03:49:00 AM
192.168.42.116	1138	201.249.123.169	11950	udp	782	38358	03:58:00 AM
192.168.42.116	1138	216.154.25.142	33056	udp	88	3698	03:52:00 AM
192.168.42.116	1138	97.81.97.47	23796	udp	808	38306	03:52:00 AM
192.168.42.116	1138	24.162.215.224	18752	udp	838	38294	03:48:00 AM
192.168.42.116	1138	66.229.32.240	33742	udp	94	3924	02:00:00 AM
192.168.42.116	1138	154.5.93.59	24881	udp	88	3698	02:00:00 AM
192.168.42.116	1138	72.135.58.101	33283	udp	90	3758	02:00:00 AM
192.168.42.116	1138	64.253.70.64	3497	udp	808	38126	03:52:00 AM
192.168.42.116	1138	24.18.102.130	28758	udp	792	38106	03:53:00 AM
192.168.42.116	1218	209.191.118.103	25	tcp	60	38070	02:29:59 AM
192.168.42.116	1138	75.18.226.152	14446	udp	806	38058	03:52:00 AM
192.168.42.116	1138	65.73.150.224	31276	udp	794	38020	03:52:00 AM
192.168.42.116	1138	209.89.164.162	28758	udp	88	3698	02:00:00 AM
192.168.42.116	1138	69.114.175.34	33137	udp	780	38006	03:56:00 AM
192.168.42.116	1138	24.30.131.100	15360	udp	806	37970	03:52:00 AM
192.168.42.116	1138	190.75.214.142	31276	udp	784	37962	03:53:00 AM
192.168.42.116	1138	68.3.232.100	21150	udp	818	37958	02:00:00 AM
192.168.42.116	1138	65.60.219.228	32897	udp	796	37942	03:56:00 AM
192.168.42.116	1138	68.199.145.250	16445	udp	86	3638	02:00:00 AM
192.168.42.116	1138	65.31.163.136	26417	udp	812	37870	02:00:00 AM
192.168.42.116	1138	71.206.207.124	18714	udp	810	37860	02:00:00 AM
192.168.42.116	1138	68.45.13.200	2969	udp	822	37856	02:00:00 AM
192.168.42.116	1138	76.23.88.209	8579	udp	808	37838	02:00:00 AM
192.168.42.116	1138	69.249.202.30	9917	udp	810	37810	02:00:00 AM
192.168.42.116	1138	124.61.134.72	10908	udp	802	37804	03:53:00 AM
192.168.42.116	1138	60.56.86.68	8356	udp	66	2808	12:54:00 AM
192.168.42.116	1138	63.246.189.32	25143	udp	806	37778	02:00:00 AM
192.168.42.116	1138	68.225.250.177	14588	udp	816	37722	02:00:00 AM
192.168.42.116	1138	24.253.245.8	31679	udp	812	37632	02:00:00 AM
192.168.42.116	1138	24.24.85.208	4415	udp	808	37608	02:00:00 AM
192.168.42.116	1138	98.197.104.190	19666	udp	808	37578	02:00:00 AM
192.168.42.116	1138	98.200.99.50	10072	udp	808	37482	02:00:00 AM
192.168.42.116	1138	67.191.10.104	19413	udp	776	37442	03:54:00 AM
192.168.42.116	1138	69.247.215.226	4050	udp	804	37438	02:00:00 AM
192.168.42.116	1138	80.217.111.168	20052	udp	794	37418	03:49:00 AM
192.168.42.116	1138	98.192.112.254	2811	udp	812	37410	02:00:00 AM
192.168.42.116	1138	206.255.114.78	1541	udp	798	37404	03:52:00 AM
192.168.42.116	1138	75.66.38.137	26039	udp	820	37336	02:00:00 AM
192.168.42.116	1138	222.237.6.219	29140	udp	758	37266	03:52:00 AM
192.168.42.116	1138	70.176.110.234	25842	udp	810	37250	02:00:00 AM
192.168.42.116	1138	69.134.50.22	20202	udp	812	37226	02:00:00 AM
192.168.42.116	1138	124.254.246.17	7507	udp	822	37204	02:00:00 AM
192.168.42.116	1138	66.66.188.142	31692	udp	808	37198	02:00:00 AM
192.168.42.116	1138	69.230.185.200	10003	udp	804	37174	03:51:00 AM
192.168.42.116	1138	81.192.183.151	1318	udp	786	37174	03:51:00 AM
192.168.42.116	1138	76.210.3.192	33746	udp	792	37132	03:53:00 AM
192.168.42.116	1138	125.135.202.135	12675	udp	812	37046	02:00:00 AM
192.168.42.116	1138	67.84.29.180	30903	udp	806	37046	02:00:00 AM
192.168.42.116	1138	59.33.200.146	19430	udp	756	37022	03:53:00 AM
192.168.42.116	1138	124.62.155.27	20837	udp	812	37004	03:52:00 AM
192.168.42.116	1138	201.74.89.116	33575	udp	806	36992	02:00:00 AM
192.168.42.116	1138	71.209.127.122	7271	udp	804	36894	02:00:00 AM
192.168.42.116	1138	86.156.32.188	5757	udp	794	36874	03:52:00 AM
192.168.42.116	1138	67.160.43.241	16535	udp	806	36870	02:00:00 AM
192.168.42.116	1138	201.243.245.245	5830	udp	796	36838	02:00:00 AM
192.168.42.116	1138	67.53.12.175	5860	udp	814	36830	02:00:00 AM
192.168.42.116	1138	98.198.65.28	29140	udp	812	36804	02:00:00 AM
192.168.42.116	1138	218.103.238.140	1095	udp	744	36800	03:56:00 AM
192.168.42.116	1138	221.160.70.106	3724	udp	810	36752	02:00:00 AM
192.168.42.116	1138	24.174.232.226	14082	udp	772	36750	03:56:00 AM
192.168.42.116	1138	66.223.136.149	28883	udp	810	36748	02:00:00 AM
192.168.42.116	1138	65.60.136.169	3853	udp	808	36700	02:00:00 AM
192.168.42.116	1138	24.129.47.135	29818	udp	700	36672	02:00:00 AM
192.168.42.116	1138	24.24.207.61	33219	udp	810	36656	02:00:00 AM
192.168.42.116	1138	68.46.76.14	10908	udp	794	36586	03:52:00 AM
192.168.42.116	1138	24.253.95.122	7623	udp	806	36574	02:00:00 AM
192.168.42.116	1138	66.130.158.99	25143	udp	808	36554	02:00:00 AM
192.168.42.116	1138	76.18.76.238	6769	udp	722	36546	04:00:00 AM
192.168.42.116	1138	71.218.230.4	10651	udp	806	36540	02:00:00 AM
192.168.42.116	1138	70.160.197.245	27905	udp	804	36384	02:00:00 AM
192.168.42.116	1138	67.49.211.97	28960	udp	736	36376	03:52:00 AM
192.168.42.116	1138	68.60.27.170	11916	udp	752	36212	03:56:00 AM
192.168.42.116	1138	83.21.41.198	16282	udp	732	36172	03:52:00 AM
192.168.42.116	1138	24.22.175.118	25709	udp	814	36124	03:49:00 AM
192.168.42.116	1138	137.186.171.99	6212	udp	746	36078	03:56:00 AM
192.168.42.116	1138	190.44.108.6	16711	udp	752	36070	03:55:00 AM
192.168.42.116	1138	66.31.229.63	15257	udp	768	36032	03:56:00 AM
192.168.42.116	1138	72.197.172.182	22715	udp	686	36022	02:00:00 AM
192.168.42.116	1138	128.163.57.25	12100	udp	780	35994	03:53:00 AM
192.168.42.116	1138	201.216.212.9	26095	udp	794	35896	04:00:00 AM
192.168.42.116	1138	210.7.24.121	18611	udp	786	35790	02:00:00 AM
192.168.42.116	1138	71.199.103.96	28415	udp	744	35692	03:54:00 AM
192.168.42.116	1138	208.107.76.144	1108	udp	786	35614	03:56:00 AM
192.168.42.116	1138	172.163.185.28	12675	udp	756	35534	03:54:00 AM
192.168.42.116	1138	67.176.172.216	18439	udp	774	35534	03:54:00 AM
192.168.42.116	1138	58.105.33.223	28638	udp	742	35494	03:55:00 AM
192.168.42.116	1138	12.219.87.82	18984	udp	762	35458	12:19:00 AM
192.168.42.116	1138	81.104.48.137	24791	udp	758	35426	03:20:00 AM
192.168.42.116	1138	24.239.94.81	19666	udp	722	35400	02:00:00 AM
192.168.42.116	1138	76.18.85.235	13108	udp	788	35394	01:15:00 AM
192.168.42.116	1138	67.168.103.65	31692	udp	722	35354	02:00:00 AM
192.168.42.116	1138	68.55.85.165	8815	udp	776	35352	03:56:00 AM
192.168.42.116	1138	209.169.196.46	16338	udp	720	35328	03:58:00 AM
192.168.42.116	1138	24.13.245.201	18594	udp	726	35244	03:54:00 AM
192.168.42.116	1138	99.243.240.40	2969	udp	734	35204	02:00:00 AM
192.168.42.116	1138	67.186.199.9	5757	udp	730	35176	02:00:00 AM
192.168.42.116	1138	65.175.168.249	19769	udp	720	35114	01:01:00 AM
192.168.42.116	1138	82.134.164.125	15394	udp	722	35032	12:52:00 AM
192.168.42.116	1138	72.200.32.32	2742	udp	786	35012	03:56:00 AM
192.168.42.116	1138	201.215.10.23	32657	udp	742	34938	01:50:00 AM
192.168.42.116	1138	66.74.22.25	16072	udp	722	34802	02:00:00 AM
192.168.42.116	1138	70.113.222.217	16275	udp	818	34774	02:00:00 AM
192.168.42.116	1138	189.4.246.163	19284	udp	718	34628	03:56:00 AM
192.168.42.116	1138	64.229.41.140	10072	udp	760	34604	03:55:00 AM
192.168.42.116	1138	68.11.225.214	23710	udp	770	34578	04:00:00 AM
192.168.42.116	1138	24.160.243.35	13297	udp	698	34496	02:00:00 AM
192.168.42.116	1138	65.26.201.141	7237	udp	772	34450	03:56:00 AM
192.168.42.116	1138	72.23.131.212	14618	udp	644	34440	03:53:00 AM
192.168.42.116	1138	71.75.100.146	23543	udp	706	34414	02:00:00 AM
192.168.42.116	1138	200.82.171.43	16951	udp	780	34406	03:49:00 AM
192.168.42.116	1138	142.177.56.68	16338	udp	738	34392	03:54:00 AM
192.168.42.116	1138	72.193.228.190	25181	udp	694	34376	02:00:00 AM
192.168.42.116	1138	222.251.150.210	20837	udp	766	34312	03:51:00 AM
192.168.42.116	1138	68.73.193.39	11517	udp	692	34308	02:00:00 AM
192.168.42.116	1138	68.43.174.117	11710	udp	748	34282	03:54:00 AM
192.168.42.116	1138	71.230.77.49	9720	udp	734	34250	03:56:00 AM
192.168.42.116	1138	205.251.27.152	3643	udp	752	34226	03:50:00 AM
192.168.42.116	1138	69.242.139.224	12186	udp	672	34216	04:00:00 AM
192.168.42.116	1138	76.206.24.129	3218	udp	724	34168	03:56:00 AM
192.168.42.116	1138	172.129.53.22	7443	udp	750	34104	02:00:00 AM
192.168.42.116	1138	24.179.144.3	8116	udp	694	34104	03:52:00 AM
192.168.42.116	1138	85.196.222.208	12741	udp	594	34048	02:00:00 AM
192.168.42.116	1138	74.35.238.223	2845	udp	706	33954	04:00:00 AM
192.168.42.116	1138	72.174.135.182	27948	udp	714	33918	02:00:00 AM
192.168.42.116	1138	69.228.200.136	32807	udp	658	33890	03:53:00 AM
192.168.42.116	1138	24.192.106.73	25932	udp	718	33658	01:54:00 AM
192.168.42.116	1138	204.169.61.128	24289	udp	718	33612	03:57:00 AM
192.168.42.116	1138	85.195.51.102	32078	udp	710	33568	03:52:00 AM
192.168.42.116	1138	201.58.12.83	31713	udp	748	33542	03:53:00 AM
192.168.42.116	1138	69.110.16.167	11275	udp	798	33508	02:00:00 AM
192.168.42.116	1138	24.143.166.207	10655	udp	708	33454	02:00:00 AM
192.168.42.116	1138	98.200.162.137	4539	udp	718	33440	03:56:00 AM
192.168.42.116	1138	72.224.69.207	18924	udp	722	33134	03:54:00 AM
192.168.42.116	1138	86.97.126.129	16275	udp	792	33098	03:52:00 AM
192.168.42.116	1138	190.74.72.121	24731	udp	736	33094	03:55:00 AM
192.168.42.116	1138	209.83.33.162	25143	udp	700	33084	02:00:00 AM
192.168.42.116	1138	70.188.10.231	4093	udp	728	33030	03:51:00 AM
192.168.42.116	1138	76.211.1.194	31692	udp	712	33026	01:53:00 AM
192.168.42.116	1138	189.144.173.172	16275	udp	788	33024	03:52:00 AM
192.168.42.116	1138	72.196.147.60	7897	udp	722	33004	02:00:00 AM
192.168.42.116	1138	24.176.160.149	15780	udp	722	32908	03:52:00 AM
192.168.42.116	1138	68.158.37.12	27605	udp	672	32888	03:53:00 AM
192.168.42.116	1138	24.30.68.87	1610	udp	700	32846	02:00:00 AM
192.168.42.116	1138	70.59.23.159	13580	udp	680	32806	12:03:00 AM
192.168.42.116	1138	75.179.160.13	1756	udp	692	32790	02:00:00 AM
192.168.42.116	1138	69.122.148.100	33575	udp	690	32734	02:00:00 AM
192.168.42.116	1138	12.181.31.124	5637	udp	688	32724	04:00:00 AM
192.168.42.116	1138	68.13.32.215	29170	udp	670	32686	03:53:00 AM
192.168.42.116	1138	24.243.122.49	5221	udp	658	32610	03:53:00 AM
192.168.42.116	1138	66.27.105.245	22604	udp	648	32482	03:54:00 AM
192.168.42.116	1138	84.95.86.220	22522	udp	724	32408	01:56:00 AM
192.168.42.116	1138	201.170.52.61	20142	udp	680	32342	02:00:00 AM
192.168.42.116	1138	24.122.180.16	14768	udp	688	32340	03:52:00 AM
192.168.42.116	1138	24.125.103.32	5607	udp	706	32240	02:00:00 AM
192.168.42.116	1138	200.82.63.182	6469	udp	716	32226	01:52:00 AM
192.168.42.116	1138	24.151.195.132	17286	udp	548	32074	04:00:00 AM
192.168.42.116	1138	75.72.178.162	11680	udp	546	31968	04:00:00 AM
192.168.42.116	1138	59.24.48.195	15823	udp	674	31924	02:00:00 AM
192.168.42.116	1138	70.92.175.108	20511	udp	688	31796	02:00:00 AM
192.168.42.116	1138	59.186.150.140	30358	udp	710	31666	02:00:00 AM
192.168.42.116	1138	24.82.244.48	15004	udp	682	31658	02:00:00 AM
192.168.42.116	1138	76.181.20.197	11275	udp	756	31604	03:54:00 AM
192.168.42.116	1138	65.182.250.182	31074	udp	688	31566	02:00:00 AM
192.168.42.116	1138	24.151.143.188	16275	udp	754	31544	04:00:00 AM
192.168.42.116	1138	67.87.202.199	30813	udp	662	31530	03:53:00 AM
192.168.42.116	1138	69.149.149.158	14446	udp	660	31420	03:53:00 AM
192.168.42.116	1138	72.187.243.79	22780	udp	620	31366	02:00:00 AM
192.168.42.116	1138	98.192.90.36	22595	udp	692	31360	02:00:00 AM
192.168.42.116	1138	76.178.18.228	16275	udp	744	31152	03:43:00 AM
192.168.42.116	1138	71.199.202.186	28655	udp	634	31146	02:00:00 AM
192.168.42.116	1138	68.90.237.236	20138	udp	548	31104	04:00:00 AM
192.168.42.116	1138	24.242.0.246	3081	udp	648	31014	03:53:00 AM
192.168.42.116	1138	84.193.148.217	17041	udp	686	30992	02:00:00 AM
192.168.42.116	1138	71.237.36.191	6109	udp	610	30928	04:00:00 AM
192.168.42.116	1138	76.184.164.19	16295	udp	648	30922	01:22:00 AM
192.168.42.116	1138	69.88.233.68	28145	udp	652	30896	02:00:00 AM
192.168.42.116	1138	76.195.76.156	8815	udp	686	30896	02:00:00 AM
192.168.42.116	1138	75.209.74.60	9879	udp	656	30886	03:53:00 AM
192.168.42.116	1138	210.214.19.41	16275	udp	732	30792	12:37:00 AM
192.168.42.116	1138	58.65.96.74	24135	udp	640	30732	03:52:00 AM
192.168.42.116	1138	24.184.227.100	16475	udp	598	30522	04:00:00 AM
192.168.42.116	1138	59.93.77.236	11873	udp	688	30496	03:51:00 AM
192.168.42.116	1138	64.83.232.151	18169	udp	628	30460	02:00:00 AM
192.168.42.116	1138	71.74.245.17	16275	udp	722	30216	03:43:00 AM
192.168.42.116	1138	199.126.26.16	16275	udp	720	30206	12:08:00 AM
192.168.42.116	1138	72.129.194.33	19151	udp	530	30196	04:00:00 AM
192.168.42.116	1138	24.242.26.104	21780	udp	634	30180	02:00:00 AM
192.168.42.116	1138	222.237.124.173	16275	udp	722	30170	03:54:00 AM
192.168.42.116	1138	190.51.70.172	13344	udp	642	29906	03:51:00 AM
192.168.42.116	1138	70.44.17.169	25709	udp	622	29816	02:00:00 AM
192.168.42.116	1138	70.161.80.172	18092	udp	560	29800	03:54:00 AM
192.168.42.116	1138	68.100.239.56	14858	udp	604	29740	04:00:00 AM
192.168.42.116	1138	24.12.215.5	22724	udp	618	29558	02:00:00 AM
192.168.42.116	1138	24.10.107.10	31276	udp	582	29548	03:52:00 AM
192.168.42.116	1138	75.36.138.36	28900	udp	598	29518	03:52:00 AM
192.168.42.116	1138	68.41.21.26	28870	udp	548	29498	04:00:00 AM
192.168.42.116	1138	75.71.161.6	25739	udp	628	29486	02:00:00 AM
192.168.42.116	1138	24.1.213.54	2343	udp	592	29418	04:00:00 AM
192.168.42.116	1138	67.171.220.235	9926	udp	606	29386	04:00:00 AM
192.168.42.116	1138	76.86.66.16	12984	udp	584	29324	03:52:00 AM
192.168.42.116	1138	67.187.111.56	6396	udp	574	29308	03:54:00 AM
192.168.42.116	1138	211.193.41.18	11489	udp	528	29254	02:00:00 AM
192.168.42.116	1138	72.226.95.184	29410	udp	610	29226	04:00:00 AM
192.168.42.116	1138	208.107.202.196	8296	udp	612	29102	02:00:00 AM
192.168.42.116	1138	75.110.102.100	13563	udp	624	29094	02:00:00 AM
192.168.42.116	1138	66.190.51.177	14519	udp	598	28958	04:00:00 AM
192.168.42.116	1138	72.234.210.216	16338	udp	564	28920	03:57:00 AM
192.168.42.116	1138	72.131.45.35	28587	udp	608	28894	04:00:00 AM
192.168.42.116	1138	216.49.158.44	20837	udp	604	28862	04:00:00 AM
192.168.42.116	1138	68.11.98.15	4046	udp	590	28818	03:52:00 AM