[Dshield] Sobig watch

Porter, Richard USA rwporter at nps.navy.mil
Sat Aug 23 02:48:36 GMT 2003

I am not tracking any either.. Stood up a Snort-Box for just this. If I get anything interesting Ill post on Monday...

	-----Original Message----- 
	From: John Sage [mailto:jsage at finchhaven.com] 
	Sent: Fri 8/22/2003 4:30 PM 
	To: General DShield Discussion List 
	Subject: Re: [Dshield] Sobig watch

	On Fri, Aug 22, 2003 at 06:21:48PM -0400, Johannes B. Ullrich wrote:
	> Well, the original update servers are no longer reachable. However,
	> Sobig has the ability to receive a new list. It is possible that the
	> author is attempting to do just that.
	> If everyone could take a quick look for UDP packets to port 995-999, in
	> particular if you can get full packet dumps.
	Seen none so far today; I'll set up a specific LOG statement so
	they'll stick out if any come by...
	- John
	"Warning: time of day goes back, taking countermeasures."
	list mailing list
	list at dshield.org
	To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list