Hi.

   A user of DShield.org, the Distributed Intrusion Detection System,
 submitted a log excerpt which indicates a probe from one of your users.
 Please notify the user and take appropriate actions to avoid further problems.

   Details:

   Source IP: 192.6.19.202 (port: 1917)
   Target IP: 151.159.212.136(port: 80)
   Protocol: 6 (Flags:  )
   Time: 2003-09-05 19:37:38 (GMT)


NOTE: Port 80 is used by web servers. The logs we are using are not
      collected from public web servers, and the chances of a user
      hitting 3 or more of our sensors on port 80 by mistake is low.

      Most likely, port 80 hits are due to the Nimda and Code Red
      worm. Please verify that the source of the attack is virus
      free. If it is a proxy server, it is possible that one of the
      machines on your network protected by the proxy is infected.

   Original Log as submitted:

     2003-09-05 19:37:38 GMT 192.006.019.202 1917 -151.159.212.136 80 6

   Need more logs/evidence? See: http://www.dshield.org/ipdetails.php?ip=192.006.019.202&v=10000929190

   A total of 6 records in dshield's database implicate
   this IP address. These records show attacks against 6 unique
   targets. This report includes one sample of these records.

   This report was submitted to Dshield.org by STEVE.BAUER@SDSMT.EDU

   For more information about DShield see http://www.dshield.org
   Please let us know if you would not like any further notices from DShield.org
   or if you would prefer a different format.

   You have permission to share this information to facilitate a solution
   of this problem.

    Thanks.

        fightback@dshield.org
        http://www.dshield.org/fightback.html

IMPORTANT: If you require further assistance, please reply and add the word
'URGENT' to the subject. Please include this full email in your reply.