Educause Security Discussion mailing list archives
Re: Any ideas?
From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Mon, 19 Jan 2004 15:50:59 -0600
Oops, ma foi.. I did intend TCP 6777 & 39999, not 6667. ugh.. ~cam.
-----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Piscitello, Frank Sent: Monday, January 19, 2004 3:40 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Any ideas? I don't think it's bagle, because this started up on Friday morning. Also, my computers are looking for the the 68.202 address via port 6667, they are not listening on the port. ------------------------------------------------------------------ Frank J. Piscitello, Jr. Information Security Manager Office of Information Security West Chester University of PA http://www.wcupa.edu/infoservices/security/ Security is everyone's responsibility. -----Original Message----- From: Cam Beasley, ISO [mailto:cam () AUSTIN UTEXAS EDU] Sent: Monday, January 19, 2004 4:32 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Any ideas? This is linked to the new Beagle/Bagle worm.. Also possibly TCP 39999. ~cam. Cam Beasley ITS/Information Security Office The University of Texas at Austin cam () mail utexas edu --------------------------- Report Abuse To: - abuse () utexas edu - 512.475.9242 --------------------------------Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf OfPiscitello, FrankSent: Monday, January 19, 2004 3:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Any ideas? I have what I'm assuming is a worm/scanner that is attempting to connect to 68.202.199.235 on port 6667. The mystery is thatthe sourceIP seems to be every address on my one student subnet. The IP packet is 60bytes and the Frame is 74 bytes. There is no actual data. Any ideas? -Frank ------------------------------------------------------------------ Frank J. Piscitello, Jr. Information Security Manager Office of Information Security West Chester University of PA West Chester, PA 19383 Phone: 610-436-3192 Fax: 610-436-3110 http://www.wcupa.edu/infoservices/security/ Security is everyone's responsibility. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found athttp://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at
http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Any ideas? Piscitello, Frank (Jan 19)
- <Possible follow-ups>
- Re: Any ideas? Cam Beasley, ISO (Jan 19)
- Re: Any ideas? Christopher Condie (Jan 19)
- Re: Any ideas? Piscitello, Frank (Jan 19)
- Re: Any ideas? Matthew Keller (Jan 19)
- Re: Any ideas? Clyde Hoadley (Jan 19)
- Re: Any ideas? Piscitello, Frank (Jan 19)
- Re: Any ideas? Cam Beasley, ISO (Jan 19)
- Re: Any ideas? Paul Dokas (Jan 19)
- Re: Any ideas? Paul Dokas (Jan 19)