Full Disclosure mailing list archives
Re: Is this caused by Sobig?
From: "Peter E. Johnson" <rottz () securityflaw com>
Date: Fri, 22 Aug 2003 23:48:20 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greg, The ICMP pings are NOT SoBig.F, its the Nachi/Welchia "good worm", it agressively scans local subnets and causes high bandwidth usage obviously. My ISP Cox cable, have filter/blocked it now because I haven't seen any ICMP packets in the last 24hrs. For more info, checkout my post here: http://www.security-forums.com/forum/viewtopic.php?t=7631 As far as your nmap output, obviously all those ports are NOT open, its prolly a switch or another network device that is showing the port is open. I didn't see anything informative in the nmap log. For more information on SoBig.F checkout my post, I keep it fairly updated. http://www.security-forums.com/forum/viewtopic.php?t=7662 If you have anymore questions, let me know. - ---- Peter E. Johnson Founder of Securityflaw - www.securityflaw.com Creator of Information Security Bible - www.securityflaw.com/bible/ On Sat, 23 Aug 2003, gregh wrote:
See attached text file. As many of you are, so am I being pinged quite a lot. So, I checked out a few of the pings and I am getting this same thing each time. Is this an effect of Sobig? I hadn't noticed anything quite like this before a few weeks ago. Greg.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/RuQHX3lbyIti9jYRAtCcAJ9fNfrxVcqzS6obvjL+/TSZbw7S7ACgvMz2 3W3+/0CNtnIwPX+IfdYz0+s= =7qi/ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Is this caused by Sobig? gregh (Aug 22)
- Re: Is this caused by Sobig? Irwan Hadi (Aug 22)
- Re: Is this caused by Sobig? Peter E. Johnson (Aug 22)