I have a client, who is an ISP, that is having real trouble with large amounts of traffic, at times causing a DoS, on the "control channel" ports 2002 and 4156. He has a Linux box that was infected and now is clean. However the internet seems to know about his address and still sends him lots of traffic. I am dropping the known worm ports for him on our edge routers. I was thinking of asking him to change the IP of the box, does anyone know if the worm knows the addresses of infected hosts by IP or name ? James Edwards jameshat_private At the Santa Fe Office: Internet at Cyber Mesa Store hours: 9-6 Monday through Friday Phone support 365 days till 10 pm via the Santa Fe office: 505-988-9200 or Toll Free: 888-988-2700 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 10:47:13 PDT