Worm Probes

• Previous message (by thread): Worm Probes
• Next message (by thread): Worm probes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> I had 482 infected hosts scanning my server.  Anyone want to see a
>> list so they can look for their hosts send me an email and I will
>> be happy to forward you my infected file

Based on a sample of two, I'm guessing that there might be a
small intersection between lists from different sites...
at least at this early stage.

I took a list I generated from traffic coming into a web server
on my net and applied an ACL which then lit up as expected with
many "hits".

Then, I applied the same list to a circuit at a site I manage, off my
net, and got very few hits.  This site has a 10Mb/s jump in traffic
today, so they are seeing this new virus, but it's not by the
same set of 600+ IP addresses that I've seen.

-mark

• Previous message (by thread): Worm Probes
• Next message (by thread): Worm probes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]