[Dshield] infocon: yellow

Blake McNeill mcneillb at linklogger.com
Mon Aug 11 22:26:09 GMT 2003


Are you sure this is the worm as its the same as my capture from last night,
but there are some people saying that this is just the xfocus/metasploit
scan (which I disagree with), as I have gotten far too many of these since
then to be anything other then the worm.

Blake

----- Original Message ----- 
From: "Jonathan Rickman" <jonathan at xcorps.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Monday, August 11, 2003 3:38 PM
Subject: Re: [Dshield] infocon: yellow


> On Monday 11 August 2003 17:01, Chris Ream wrote:
> > Has anyone captured the packet stream? I've got some sensors listening
> > but have not yet seen it. I would like to reconstruct it and disassemble
> > it to find out exactly what it's doing.
> >
> > If anyone has captured it and is willing to share it I would greatly
> > appreciate it.
>
> Hex dump from netcat attached.
>
> -- 
> Jonathan Rickman
> X Corps Security
> http://www.xcorps.net
>
>


----------------------------------------------------------------------------
----


> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list