Full Disclosure mailing list archives
RE: Sobig has a surprise...
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 22 Aug 2003 20:46:13 -0500
--On Friday, August 22, 2003 1:27 PM -0600 Jonathan Grotegut <jgrotegut () directpointe com> wrote:
I can verify this. I wrote a snort rule that looks for outgoing packets to 8998/UDP and I saw machines hitting 20 unique IPs on that port. So I can confirm that it is true.Anyone able to verify this with another site (eeye, any other antivirus firm)?
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Sobig has a surprise... Steve Postma (Aug 22)
- Re: Sobig has a surprise... Florian Weimer (Aug 22)
- Re: Sobig has a surprise... Jamie L Thompson (Aug 22)
- Re: Sobig has a surprise... Michael Scheidell (Aug 22)
- Re: Sobig has a surprise... Paul Schmehl (Aug 22)
- Re: Sobig has a surprise... Florian Weimer (Aug 23)
- Re: Sobig has a surprise... Paul Schmehl (Aug 23)
- Re: Sobig has a surprise... Florian Weimer (Aug 22)
- <Possible follow-ups>
- RE: Sobig has a surprise... Jonathan Grotegut (Aug 22)
- Re: Sobig has a surprise... Michael Scheidell (Aug 22)
- Re: Sobig has a surprise... Paul Schmehl (Aug 22)
- RE: Sobig has a surprise... Paul Schmehl (Aug 22)
- RE: Sobig has a surprise... Ron DuFresne (Aug 23)
- RE: Sobig has a surprise... Paul Schmehl (Aug 23)
- RE: Sobig has a surprise... Ron DuFresne (Aug 23)
- Re: Sobig has a surprise... Michael Scheidell (Aug 22)