[Intrusions] odd worm (?) activity?
Axel Pettinger
api at epost.de
Sun Sep 12 14:40:54 GMT 2004
Chris Norton wrote:
>
> Just wondering if anyone has noticed any activity like this? This is
> all from the same IP address:
>
<snip>
>
> I would have just thought regular worm activity if the ports 80, 1433,
> and 6129 wasn't tossed in the mix. But this isn't a port scan either I
> don't believe as the box continues to check port 135 on my computer. I
> haven't seen a scan like this from any other IP except this one.
> Anyone have any clues they might can add to this?
Probably something like Phat-/Ago-/Gaobot (or Rbot):
http://www.lurhq.com/phatbot.html
Regards,
Axel Pettinger
More information about the Intrusions
mailing list