Snort mailing list archives

Possible scr worm

From: john.ruff () us abb com
Date: Mon, 20 Aug 2001 10:06:03 -0400



Any idea what might be causing this aler tot be generated?  I realize it's POP3
traffic (probably someone's internet mail acct.), but is there something new out
there generating these alerts?  I've actually got about 3600 of these alerts
which just started Saturday(8/18/01).  Need more info let me know.

[**] [1:729:1] Virus - Possible scr Worm [**]
08/20-10:04:45.515817 216.136.173.10:110 -> xxx.xxx.xx.xx:4062
TCP TTL:49 TOS:0x0 ID:2259 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x878CAF66  Ack: 0x2AE6A993  Win: 0x4470  TcpLen: 20



Regards,
John Ruff

"Shortcuts make for long delays." - J.R.R. Tolken



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Possible scr worm john . ruff (Aug 20)
- Re: Possible scr worm Erek Adams (Aug 20)
- Re: Possible scr worm rottz (Aug 20)
- <Possible follow-ups>
- Possible scr worm john . ruff (Aug 20)
- Re: Possible scr worm Matthew Collins (Aug 21)
- Re: Possible scr worm john . ruff (Aug 21)
- Re: Possible scr worm Matthew Collins (Aug 21)
  - Re: Possible scr worm John Sage (Aug 21)