Sobig.f surprise attack today
Jay Hennigan
jay at west.net
Fri Aug 22 19:40:35 UTC 2003
On Fri, 22 Aug 2003, Andrew Kerr wrote:
> Its been posted here, and f-secure has it, but I wrote a quick script to
> keep an eye on the 20 servers and dump the output to a simple page:
>
> http://207.195.54.37/sobig.html
>
> (Updates about every 5 mins)
You're probing the list of NTP servers the worm uses to get the date, not
the list of hosts to which it "phones home".
--
Jay Hennigan - CCIE #7880 - Network Administration - jay at west.net
WestNet: Connecting you to the planet. 805 884-6323 WB6RDV
NetLojix Communications, Inc. - http://www.netlojix.com/
More information about the NANOG
mailing list