Looks like there may be a worm going around hitting systems that run
BlackIce. Common characteristics of the packets: Source port 4000 (but
random target port) and the string
insert witty message here.
details will be posted here:
http://isc.sans.org/diary.html
as I get them together.
--
CTO
Thanks everyone here on this list who helped track down this!
We just published a (hopefully more or less final) Diary on
this topic at http://isc.sans.org/diary.html (see below for text).
As it turns out, at least one particular version of the software
distributed by PopAdStop.com did include a
Well, for the last week there has been an odd increase in port
1026-1031 traffic. While everything points to popup spam, there
are a few issues that are 'odd':
- increase in sources that cause this traffic.
- natural source ports vs. crafted source port which is typical
for popup spam
- 2-byte
I setup a 'real time' report by AS to assist networks
in finding infected systems. The URL:
http://www.dshield.org/asreport.php
This report is intended for automated parsing, so it comes as a simple
tab delimited table with brief 'usage' header. You can filter by target
port, protocol and AS.
sorry. getting confused by my own tricky url schemes:
http://feeds.dshield.org/block.txt
On Wed, 2002-05-15 at 17:13, Dan Hollis wrote:
On 15 May 2002, Johannes B. Ullrich wrote:
See http://www.dshield.org/block.txt ;-). We are about 24hrs away from
getting a BGP test feed up.
Error
I have seen 6 portscans looking for SubSeven on a /24 in the past 24 hours.
It'd been a while since I had seen *any*, now I'm seeing all these. Is
this a new outbreak/vulnerability, or have I just been lucky? Has anybody
else seen an increase in scans on tcp port 27374?
There are a
no spam. But I just took apart an IRC controlled botnet
that used their service.
(The trojan was a basic 'floodnet' binary and was distributed
via email... )
--
---
[EMAIL PROTECTED]Join http://www.DShield.org
Distributed Intrusion Detection
First of all: Does it matter if the Chinese Govt' is launching the attack
or the kid next door?
Personally, I would think if the Chinese Govt' has any sense at all, they
surely look into cyberwar. Which respectable government doesn't ?
In my opinion the real problem/story is the uphauling