Fw: Detecting worm infection by remote

• Previous message (by thread): ftp.gnu.org compromised
• Next message (by thread): Genuity/Verizon Online filtering port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well the lame moderator at intrusions at incidents.org will not let this message pass.
Anyone have any ideas ? Sorry as this is off topic, too bad a security list has problems
with questions like this ! I would like start having support call infected users, once the storm
passes. 

james

: ----- Original Message ----- 
: From: "james" <jamesh at cybermesa.com>
: To: <intrusions at incidents.org>
: Sent: Wednesday, August 13, 2003 2:46 PM
: Subject: Detecting worm infection by remote
: 
: 
: : I am trying to build a list of infected users, is it possible to just nmap 
: : tcp port 4444 ? Does anyone know of a scanner I could use ? We had
: : to lock ports 135-139 down all over the state to bring this under control
: : as the users were scanning local users & causing slowdowns. So I cannot detect infections via
: : port 135-139 tcpdumps or Snort.
: : 
: : James Edwards
: : Routing and Security Administrator
: : jamesh at cybermesa.com
: : At the Santa Fe Office: Internet at Cyber Mesa
: : Store hours: 9-6 Monday through Friday
: : 
: :

• Previous message (by thread): ftp.gnu.org compromised
• Next message (by thread): Genuity/Verizon Online filtering port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]