RE: Increasing ICMP Echo Requests

From: Richard.Grantat_private
Date: Tue Aug 19 2003 - 10:18:38 PDT

Next message: Alon Tirosh: "RE: document_all.pif"

Previous message: wirepair: "lots of sobig virus emails."
Maybe in reply to: Ken Eichman: "Increasing ICMP Echo Requests"
Next in thread: Bruce Martins: "RE: Increasing ICMP Echo Requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is the w32.Nachi worm. The worm that is supposed to find machines
infected with MS.blaster, remove blaster and patch the system. The big
problem is that it causes a DOS condition looking for infected machines. It
also infects machines that never had the blaster worm. It causes more harm
than good. McAffee's latest dat file will remove it. It is much more
infectious than MS.Blaster. 

-----Original Message-----
From: Jeff Kell [mailto:jeff-kellat_private] 
Sent: Tuesday, August 19, 2003 2:39 AM
To: dunhamkat_private
Cc: Dan Hanson; Ken Eichman; incidentsat_private
Subject: Re: Increasing ICMP Echo Requests


Ken Dunham wrote:

> It opens TCP port 707.  doesn't sound nice to me.

This is the bothersome part.  If it keeps a shell bound to 707 then it 
is definitely malicious, despite the sugar coating.

Jeff


---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
 - Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us
at: 
http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
 - Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
----------------------------------------------------------------------------

Next message: Alon Tirosh: "RE: document_all.pif"
Previous message: wirepair: "lots of sobig virus emails."
Maybe in reply to: Ken Eichman: "Increasing ICMP Echo Requests"
Next in thread: Bruce Martins: "RE: Increasing ICMP Echo Requests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 19 2003 - 20:36:29 PDT