Firewall Wizards mailing list archives
Re: worm?
From: "Julian M. Dragut" <julianmd () gmail com>
Date: Thu, 1 Feb 2007 16:59:01 -0500
Phel http://www.symantec.com/security_response/writeup.jsp?docid=2004-122717-5050-99&tabid=2 downloads and executes Coreflood http://www.symantec.com/security_response/writeup.jsp?docid=2002-112912-2439-99 which doesn't sound like your problem. On 2/1/07, Paul D. Robertson <paul () compuwar net> wrote:
On Thu, 1 Feb 2007, Brian Loe wrote:One of our support technician's machines is attempting to connect to random IP addresses on port 25 - in a pretty needy fashion. He says he's scanned the box with the latest updates from McAffee and it hasn't found anything. We discovered it because one of my basic (meaning I got it off the 'Net) rules for SEC flagged it as a possible PHEL trojan. Any thoughts?See what process keeps opening sockets? Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-- Best regards, Julian Dragut www.networkmanager.org If you knew that you wouldn't fall, how far would you have gone? _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards