AW: UDP port 4000 traffic: likely a new worm
Florian Frotzler
florian.frotzler at gmx.at
Mon Mar 22 19:02:47 UTC 2004
I can acknowledge that we see the worm also in Europe/Austria. Today we
had a customer with a Black Ice firewall flooding us with random
4000/udp traffic before we shut him down.
Kind Regards,
--
DI (FH) Florian Frotzler
IT Planning
e W ) a ) v ) e
eWave Telekommunikation GmbH
A-1210 Wien, Ignaz-Koeck-Strasse 1
> Von: George Bakos
>
> The number of immediately vulnerable hosts was rapidly
> depleted by the worm, given the launch was AFTER most
> business had shut down for the weekend. I'll venture that
> Black Ice, a commercial security product, is deployed much
> more widely on the corporate laptop than the home machine.
>
> I expect to see more than a slight bump in those numbers come
> Monday AM.
>
> g
>
> On Sat, 20 Mar 2004 13:50:30 -0800
> Josh Richards <jrichard at digitalwest.net> wrote:
>
> > The good news is that "witty" appears to not be a very witty
> > propagator. Our flow data shows attempts to connect to 4000/udp on
> > hosts in our network having a downward trend over the last
> few hours:
> >
> > Time Unique Source IPs
> > 08:00 350
> > 09:00 332
> > 10:00 297
> > 11:00 298
> > 12:00 265
>
>
> --
> George Bakos
> Institute for Security Technology Studies
> Dartmouth College
> gbakos at ists.dartmouth.edu
> 603.646.0665 -voice
> 603.646.0666 -fax
>
> pub 1024D/081ECB85 1999-04-09 George Bakos
> <gbakos at ists.dartmouth.edu>
> Key fingerprint = D646 8F91 F795 27EC FF8B 8C95 B102
> 9EB2 081E CB85
>
>
More information about the NANOG
mailing list