[Dshield] New Worm
rohitd at tippingpoint.com
Tue Aug 19 17:49:43 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Has anyone seen the webDAV attack in action by the new Nachi worm ?
- -----Original Message-----
From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
Sent: Tuesday, August 19, 2003 9:14 AM
To: General DShield Discussion List
Subject: Re: [Dshield] New Worm
> I'm not really sure about that. Symantec's page says that it sends ICMP
> pings first. So, if your firewall blocks ICMP pings, you shouldn't get a
> 135 from it. Am I reading too much into it?
We block pings (and just about everything else) at the firewall, but we
still get the 135/TCP probes from the same IP as well.
In fact the pattern appears to be:
But not always.
Jon R. Kibler
Charleston, SC USA
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
-----END PGP SIGNATURE-----
More information about the list