UDP port 4000 traffic: likely a new worm

• Previous message (by thread): UDP port 4000 traffic: likely a new worm
• Next message (by thread): AW: UDP port 4000 traffic: likely a new worm
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The number of immediately vulnerable hosts was rapidly depleted by the
worm, given the launch was AFTER most business had shut down for the
weekend. I'll venture that Black Ice, a commercial security product, is
deployed much more widely on the corporate laptop than the home machine.

I expect to see more than a slight bump in those numbers come Monday AM.

g

On Sat, 20 Mar 2004 13:50:30 -0800
Josh Richards <jrichard at digitalwest.net> wrote:

> The good news is that "witty" appears to not be a very witty propagator.
> Our flow data shows attempts to connect to 4000/udp on hosts in our 
> network having a downward trend over the last few hours:
> 
> Time   Unique Source IPs
> 08:00	350 
> 09:00	332
> 10:00	297
> 11:00	298
> 12:00	265 


-- 
George Bakos
Institute for Security Technology Studies
Dartmouth College
gbakos at ists.dartmouth.edu
603.646.0665 -voice
603.646.0666 -fax

pub  1024D/081ECB85 1999-04-09 George Bakos <gbakos at ists.dartmouth.edu>
     Key fingerprint = D646 8F91 F795 27EC FF8B  8C95 B102 9EB2 081E CB85

• Previous message (by thread): UDP port 4000 traffic: likely a new worm
• Next message (by thread): AW: UDP port 4000 traffic: likely a new worm
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]