Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Any ideas?

From: Christopher Condie <condie () OAKLAND EDU>
Date: Mon, 19 Jan 2004 16:38:30 -0500
I think you may be experiencing the W32.Beagle worm.  If you go to
http://www.symantec.com you can get information on how to get rid of the
worm.  It should destroy itself also as of the 28th of January according to
Symantec.

Just a thought,

Christopher R. Condie
Oakland University
Security and Helpdesk Manager
condie () oakland edu
----- Original Message -----
From: "Piscitello, Frank" <frank () WCUPA EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Monday, January 19, 2004 4:27 PM
Subject: [SECURITY] Any ideas?


I have what I'm assuming is a worm/scanner that is attempting to connect
to 68.202.199.235 on port 6667. The mystery is that the source IP seems
to be every address on my one student subnet. The IP packet is 60bytes
and the Frame is 74 bytes. There is no actual data.

Any ideas?
-Frank


------------------------------------------------------------------
Frank J. Piscitello, Jr.
Information Security Manager
Office of Information Security
West Chester University of PA
West Chester, PA 19383
Phone: 610-436-3192
Fax: 610-436-3110
http://www.wcupa.edu/infoservices/security/

Security is everyone's responsibility.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: