Honeypots mailing list archives
Re: track worm virus on NT/W2K machines
From: "Jack Whitsitt (jofny)" <seclists () violating us>
Date: Fri, 22 Aug 2003 11:41:21 -0500
As far as Blast.d goes, we've had excellent success using nmap or <fill in any port scanner> to scan ports 666-765 across our address ranges. In a primarily windows network, we've had no false positives... Doing the same for port 4444 for the original should work fine as well. -jofny
I would like some suggestion on what software to use / be good if itsfree,so that I can install on one of my NT or W2K servers to track down worms like the current WELCHIA, BLASTER and DUMARU. My organization networksarecurrently badly hit by these worms. Please help.
Current thread:
- track worm virus on NT/W2K machines Mohd Adam Baharun (Aug 22)
- Re: track worm virus on NT/W2K machines Valdis . Kletnieks (Aug 22)
- RE: track worm virus on NT/W2K machines Luis Miguel Silva (Aug 22)
- Re: track worm virus on NT/W2K machines oudot (Aug 22)
- Re: track worm virus on NT/W2K machines oudot (Aug 23)
- RE: track worm virus on NT/W2K machines Luis Miguel Silva (Aug 22)
- <Possible follow-ups>
- Re: track worm virus on NT/W2K machines Andrew . Patrick (Aug 22)
- Re: track worm virus on NT/W2K machines Jack Whitsitt (jofny) (Aug 22)
- Re: track worm virus on NT/W2K machines Steve Alameda (Aug 22)
- MODERATOR: Re: track worm virus on NT/W2K machines Lance Spitzner (Aug 22)
- Re: track worm virus on NT/W2K machines Valdis . Kletnieks (Aug 22)