Re: What's on udp/2002 ?

From: Nick FitzGerald (nick@virus-l.demon.co.uk)
Date: Wed Sep 18 2002 - 12:36:27 PDT

Next message: Matthew S Barnes: "Thank you all for your responses to "Huge Autoexec.bat""

Previous message: Russell Harding: "Re: What's on udp/2002 ?"
In reply to: Guido Van De Velde: "What's on udp/2002 ?"
Next in thread: Kurt Seifried: "Re: What's on udp/2002 ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Guido Van De Velde <Guido.VanDeVeldeat_private> wrote:

> At least something very interesting, according to our fw logs.
> Anyone any idea ?

Where have you been for the last week??

The Slapper (aka Modap) worm spreads via an exploitable SSL overflow 
and sets up a DDoS agent which communicates with the rest of its 
network on UDP port 2002.

-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Matthew S Barnes: "Thank you all for your responses to "Huge Autoexec.bat""
Previous message: Russell Harding: "Re: What's on udp/2002 ?"
In reply to: Guido Van De Velde: "What's on udp/2002 ?"
Next in thread: Kurt Seifried: "Re: What's on udp/2002 ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 15:39:20 PDT