Full Disclosure mailing list archives
Re: New worm on port 445 ?
From: Jeff_Lopes () groove net
Date: Tue, 16 Sep 2003 12:20:36 -0400
Look here --> http://www.sophos.com/virusinfo/analyses/w32slanpera.html |---------+--------------------------------------> | | Torge Szczepanek | | | <full-disclosure@szczepanek| | | .de> | | | Sent by: | | | full-disclosure-admin@lists| | | .netsys.com | | | | | | | | | 09/16/2003 03:55 AM | | | | |---------+-------------------------------------->
---------------------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: full-disclosure () lists netsys com
|
| cc:
|
| Subject: [Full-disclosure] New worm on port 445 ?
|
---------------------------------------------------------------------------------------------------------------------------------------------|
Hi! I am receiving some amount of traffic on Port 445. Is this a new worm using the new discovered RPC-DCOM 039 issue or some other rather old stuff?!? Anybody seen this too? 09:42:21.663609 x.y.21.z.1825 > 142.160.144.11.445: S 821570346:821570346(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:21.965317 x.y.21.z.1827 > 142.160.144.12.445: S 821737415:821737415(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:22.770055 x.y.21.z.1829 > 142.160.144.13.445: S 822039122:822039122(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:23.277790 x.y.21.z.1831 > 142.160.144.14.445: S 822992385:822992385(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:23.768451 x.y.34.z.3313 > 61.1.233.234.445: S 2522939543:2522939543(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 09:42:23.868584 x.y.34.z.3311 > 61.1.233.233.445: S 2521375962:2521375962(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 09:42:24.123001 x.y.34.z.3315 > 61.1.233.235.445: S 2523847096:2523847096(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 09:42:24.242447 x.y.34.z.3317 > 61.1.233.236.445: S 2523956316:2523956316(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 09:42:24.687108 x.y.21.z.1833 > 142.160.144.15.445: S 823437284:823437284(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:25.316677 x.y.34.z.3319 > 61.1.233.237.445: S 2524334266:2524334266(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 09:42:25.686965 x.y.21.z.1819 > 142.160.144.8.445: S 820773285:820773285(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:25.878556 x.y.34.z.3321 > 61.1.233.238.445: S 2524583492:2524583492(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 09:42:26.290585 x.y.21.z.1831 > 142.160.144.14.445: S 822992385:822992385(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:26.491632 x.y.21.z.1821 > 142.160.144.9.445: S 821065804:821065804(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:26.592166 x.y.21.z.1823 > 142.160.144.10.445: S 821179393:821179393(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:26.707247 x.y.34.z.3323 > 61.1.233.239.445: S 2524895980:2524895980(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 09:42:27.074483 x.y.34.z.3315 > 61.1.233.235.445: S 2523847096:2523847096(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 09:42:27.174529 x.y.34.z.3317 > 61.1.233.236.445: S 2523956316:2523956316(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 09:42:27.698642 x.y.21.z.1833 > 142.160.144.15.445: S 823437284:823437284(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:27.698669 x.y.21.z.1825 > 142.160.144.11.445: S 821570346:821570346(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 09:42:28.000360 x.y.21.z.1827 > 142.160.144.12.445: S 821737415:821737415(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) -- Torge Szczepanek <full-disclosure () szczepanek de> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New worm on port 445 ? Torge Szczepanek (Sep 16)
- <Possible follow-ups>
- Re: New worm on port 445 ? Jeff_Lopes (Sep 16)