Re: [FW1] port 10008

Thu, 17 May 2001 01:14:18 -0700 


It a worm. Lion worm.
See : http://www.whitehats.com/library/worms/lion/

Someone checking for livegate.
http://www.live.com/liveGate/stats.html

Someone checking for an Eris Server. (catalog runs on 10008)
http://filebox.vt.edu/cc/cst/documentation/

Thanks to Steve and Jeff.

Bye,
David.

Ivan More wrote:

> Hi all you Gurus,
>
> I have seen quite a number of drop packets using port
> 10008 in the FW-1 log. Some of these packets are
> coming from unknown IPs when I do NSlookup.
>
> The logs look like this
>
> service    source            Destination
> 10008      211.168.167.199   255.255.255.255
> 10008      193.233.83.66     255.255.255.255
>
> Anyone got an explaination?
>
> Cheers,
> I. More
>
>
> _______________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.ca address at http://mail.yahoo.ca
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

--
David LEFEVRE
CARDIF - Architecture et S�curit� Op�rationnelle
[EMAIL PROTECTED] - T�l : 01 41 42 76 63


**********************************************************************
L'int�grit� de ce message n'�tant pas assur�e sur Internet,
CARDIF ne peut �tre tenu responsable de son contenu.
Si vous n'�tes pas destinataire de ce message confidentiel,
Merci de le d�truire et  d'avertir imm�diatement l'expediteur.

The integrity of this message cannot be guaranteed on the
Internet. CARDIF can not therefore be considered responsible 
for the contents. 
If you are not the intended recipient of this confidential message,
then please delete it and notify immediately the sender.

**********************************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to