> Anyone seen this before? typical 'botnet'. Not sure which code they are using, but this basic setup is very common. The fact that the machine got eventually infected with Nimda just shows that it was vulnerable all along. Finding multiple backdoors on machines like this is common. -- -------------------------------------------------------------------- jullrichat_private Collaborative Intrusion Detection join http://www.dshield.org ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Thu Mar 20 2003 - 09:24:12 PST