> my second octect is 144, above the 127 rule. but, unless you are reading > backwards (and the second being the third and the fourth being the first) > then the 216 is still above the 127 rule... Then again, i may have missed > part of the posts and spt could be originating from 445 as well, which in > that case this could be just regular network rejects as usual. Your logs were almost certainly not from this worm: the code is quite clear that the second and fourth octets (1.*2*.3.*4*) won't be above 127, and I do not believe this worm was even around back on the 9th - myNetWatchman first saw this activity on the 14th. Looks like yer usual internet riff-raff to me :-) Steve --- Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561 www.unixwiz.net | I speak for me only | KA8CMY | steveat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 11:33:23 PST