Security Incidents mailing list archives
Re: exact signature for mydoom / novarg
From: Glenn Forbes Fleming Larratt <glratt () rice edu>
Date: Fri, 30 Jan 2004 13:02:05 -0600 (CST)
Not a signature per se, but an analysis which includes the packet stream necessary to use the backdoor: http://www.math.org.il/newworm-digest1.txt On Thu, 29 Jan 2004, David M Dennis wrote:
Dear List, Was wondering if there exists in public domain an IP signature that includes packet size, port, tcp/udp, and anything else that might narrow it further than "port 3127 / port 3198" .
Glenn Forbes Fleming Larratt Rice University Networking glratt () rice edu --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: exact signature for mydoom / novarg Glenn Forbes Fleming Larratt (Feb 02)