[Dshield] infocon: yellow
jonathan at xcorps.net
Mon Aug 11 22:40:22 GMT 2003
On Monday 11 August 2003 18:26, Blake McNeill wrote:
> Are you sure this is the worm as its the same as my capture from last
> night, but there are some people saying that this is just the
> xfocus/metasploit scan (which I disagree with), as I have gotten far too
> many of these since then to be anything other then the worm.
I confirmed (well, as best I could) that the source was infected immediately
after capture by scanning 4444 with an nmap tcp connect scan.
X Corps Security
More information about the list