[Dshield] Sobig.F and Telnet Server
jsage at finchhaven.com
Sun Aug 24 16:30:36 GMT 2003
I'm confused about what it is you're describing, here, but I'm not
convinced that it's without some possible interest...
On Sat, Aug 23, 2003 at 10:31:32PM -0600, Daniel Otis-Vigil wrote:
> On my test machine I noticed this behavior:
> TCP 192.168.1.34:11797 0.0.0.0:0 LISTENING
So netstat -an shows this listening?
> and when I connected it showed:
And you connected to 192.168.1.34 port 11797 by what means?
And when you did, you received this response:
> Welcome to Microsoft Telnet Client
> Escape Character is 'CTRL+]'
> Microsoft Telnet>
> and then opened this port:
And then *what* opened this port?
You did? With what? Did netstat -an show this now being open?
What? You're losing me..
> UDP 192.168.1.34:9995 *:*
UDP:995 is a port SoBig supposedly opens a listener on...
> So far other than this I have only seen a few attempts to connect to NTP
NTP? Network Time Protocol?
ntp 123/udp # Network Time Protocol
What relationship does this have to what you posted, above?
At this point, you've lost me completely...
"Warning: time of day goes back, taking countermeasures."
More information about the list