[Dshield] Sobig watch
Porter, Richard USA
rwporter at nps.navy.mil
Sat Aug 23 02:48:36 GMT 2003
I am not tracking any either.. Stood up a Snort-Box for just this. If I get anything interesting Ill post on Monday...
From: John Sage [mailto:jsage at finchhaven.com]
Sent: Fri 8/22/2003 4:30 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Sobig watch
On Fri, Aug 22, 2003 at 06:21:48PM -0400, Johannes B. Ullrich wrote:
> Well, the original update servers are no longer reachable. However,
> Sobig has the ability to receive a new list. It is possible that the
> author is attempting to do just that.
> If everyone could take a quick look for UDP packets to port 995-999, in
> particular if you can get full packet dumps.
Seen none so far today; I'll set up a specific LOG statement so
they'll stick out if any come by...
"Warning: time of day goes back, taking countermeasures."
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list