Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: exact signature for mydoom / novarg

From: Glenn Forbes Fleming Larratt <glratt () rice edu>
Date: Fri, 30 Jan 2004 13:02:05 -0600 (CST)
Not a signature per se, but an analysis which includes the packet
stream necessary to use the backdoor:

http://www.math.org.il/newworm-digest1.txt


On Thu, 29 Jan 2004, David M Dennis wrote:


Dear List,

Was wondering if there exists in public domain an IP signature
that includes packet size, port, tcp/udp, and anything else that
might narrow it further than "port 3127 / port 3198" .



                                Glenn Forbes Fleming Larratt
                                Rice University Networking
                                glratt () rice edu

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: