Hello, Well, first off I am not sure if this is the right place to ask this question. If it's not, please accept my apologies. If it is, here is my question: I have been trying to detect if any of the computers on our lan still have the blaster.a/ lovsan virus strain. I am currently doing data analysis on our aggregated firewall logs. However, differing accounts have been reported regarding the exact packets that were produced by the virus.: 1) http://cert.uni-stuttgart.de/archive/focus-ms/2003/08/msg00099.html 2) http://securityresponse.symantec.com/avcenter/venc/data/ detecting.traffic.due.to.rpc.worms.html Was wondering if any of you have experience with this and can comment. Thanks in advance. Rishi _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Jan 12 2004 - 18:07:19 PST