[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Is this caused by Sobig?
- To: gregh <chows@ozemail.com.au>
- Subject: Re: [Full-Disclosure] Is this caused by Sobig?
- From: "Peter E. Johnson" <rottz@securityflaw.com>
- Date: Fri, 22 Aug 2003 23:48:20 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greg,
The ICMP pings are NOT SoBig.F, its the Nachi/Welchia "good worm", it
agressively scans local subnets and causes high bandwidth usage
obviously. My ISP Cox cable, have filter/blocked it now because I haven't
seen any ICMP packets in the last 24hrs.
For more info, checkout my post here:
http://www.security-forums.com/forum/viewtopic.php?t=7631
As far as your nmap output, obviously all those ports are NOT open, its
prolly a switch or another network device that is showing the port is
open. I didn't see anything informative in the nmap log.
For more information on SoBig.F checkout my post, I keep it fairly updated.
http://www.security-forums.com/forum/viewtopic.php?t=7662
If you have anymore questions, let me know.
- ----
Peter E. Johnson
Founder of Securityflaw - www.securityflaw.com
Creator of Information Security Bible - www.securityflaw.com/bible/
On Sat, 23 Aug 2003, gregh wrote:
>
> See attached text file.
>
> As many of you are, so am I being pinged quite a lot. So, I checked out a few of the pings and I am getting this same thing each time.
>
> Is this an effect of Sobig? I hadn't noticed anything quite like this before a few weeks ago.
>
> Greg.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/RuQHX3lbyIti9jYRAtCcAJ9fNfrxVcqzS6obvjL+/TSZbw7S7ACgvMz2
3W3+/0CNtnIwPX+IfdYz0+s=
=7qi/
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html