Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Any ideas?

From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Mon, 19 Jan 2004 15:32:00 -0600
This is linked to the new Beagle/Bagle
worm.. Also possibly TCP 39999.

~cam.

Cam Beasley
ITS/Information Security Office
The University of Texas at Austin
cam () mail utexas edu
---------------------------
Report Abuse To:
- abuse () utexas edu
- 512.475.9242
---------------------------




-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Piscitello, Frank
Sent: Monday, January 19, 2004 3:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Any ideas?


I have what I'm assuming is a worm/scanner that is attempting 
to connect to 68.202.199.235 on port 6667. The mystery is 
that the source IP seems to be every address on my one 
student subnet. The IP packet is 60bytes and the Frame is 74 
bytes. There is no actual data.

Any ideas? 
-Frank 


------------------------------------------------------------------
Frank J. Piscitello, Jr. 
Information Security Manager  
Office of Information Security
West Chester University of PA
West Chester, PA 19383
Phone: 610-436-3192
Fax: 610-436-3110
http://www.wcupa.edu/infoservices/security/

Security is everyone's responsibility.

**********
Participation and subscription information for this EDUCAUSE 
Discussion Group discussion list can be found at 

http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: