The Confiker Virus.

Steven Fischer sfischer1967 at
Tue Mar 31 20:37:48 UTC 2009

Is anyone aware of any network-based signatures that could be used to
identify and tag IP traffic, for dropping at the ingress/egress points?

On Tue, Mar 31, 2009 at 9:41 AM, JoeSox <joesox at> wrote:

> I am uncertain also. I scan a subnet on my network with Axence
> NetTools looking for 445 port and I receive some hits. I perform a
> netstat -a some of those results but don't really see any 445
> activity.  The SCS script doesn't find anything either.  The PCs are
> patched and virusscan updated. One PC when I connected to it did not
> navigate to Windowsupdate website. I scheduled a Full McAfee scan as
> their documentation suggests
> (
> ),
> and sometime through the scan I was able to reach windowsupdate. I
> don't know if it was a coincidence or not that I was not able to reach
> the website.  I haven't looked into the registry and any other places
> for evidence of conficker. I will probably today but I am afraid it
> maybe a waste of time since they are already patched and updated.
> --
> Joe
> On Tue, Mar 31, 2009 at 5:48 AM, Eric Tykwinski <eric-list at>
> wrote:
>  > Joe,
> >
> > Here's the link for the Python Crypto toolkit:
> >
> >
> > I scanned our internal network and didn't find anything, so I can't
> really
> > vouch for it's reliablity though.

To him who is able to keep you from falling and to present you before his
glorious presence without fault and with great joy

More information about the NANOG mailing list