Virus or Not?

[Jeremy Fowler]

My firewall keeps getting scanned on port 80 from one of the machines on my
network. I thought it was a virus/worm similar to SirCam or CodeRed looking for
an IIS server, but I scanned the PC with two different virus scanners and it
turned up nothing. The firewall is the default gateway for our network so I was
wondering if it's just Internet Explorer scanning for a proxy server. I caught
some of the packets with tcpdump but I can't make heads or tails of it. It's the
exact same packets every time and only this PC is doing it, which makes me very
suspicious. Anyone care to shine some light on this for me? Thanks, -Jeremy

PS> Anyone get hit from Goner.A today?

Dec  4 14:17:03 fireball portsentry[14873]: attackalert: TCP SYN/Normal scan
from host: 192.168.100.183/192.168.100.183 to TCP port: 80

tcpdump:
14:26:28.590942 eth1 < 192.168.100.183.1201 > fireball.westrope.com.http: S
67909477:67909477(0) win 8192 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 45040)
                         4500 0030 aff0 4000 8006 ffd0 c0a8 64b7
                         c0a8 64fe 04b1 0050 040c 3765 0000 0000
                         7002 2000 d7a6 0000 0204 05b4 0101 0402

                          E^@ ^@ 0 ....  @^@ ..^F .... ....  d..
                         ....  d.. ^D.. ^@ P ^D^L  7 e ^@^@ ^@^@
                          p^B   ^@ .... ^@^@ ^B^D ^E.. ^A^A ^D^B