tkroeger at comcast.net
Wed Sep 10 01:37:06 GMT 2003
The logs were generated by Dragon. I couldn't get any header or payload
data for some reason. I will continue to try. Any info blitznet or what
the heck port 3609 is would be appreciated.
----- Original Message -----
From: "Jeff Godin" <jeff at tcnet.org>
To: "Tim Kroeger" <tkroeger at comcast.net>
Cc: <list at dshield.org>
Sent: Tuesday, September 09, 2003 7:09 PM
Subject: Re: [Dshield] Blitznet?
> On Tue, 9 Sep 2003, Tim Kroeger wrote:
> > 14:36 03Sep09 from 123.456.9.178:23 123.456.13.185:3609 tcp BLITZNET
> > 14:36 03Sep09 from 123.456.9.178:23 123.456.13.150:3609 tcp BLITZNET
> > This is a dial-up user who was also infected with Nachi. We were
> > logging this at the same time we were seeing Nachi from the same user.
> It would help if you could specify what program/script/etc generated the
> above output. There are quite a few interesting tools out there, and it is
> difficult to recognize the output of each and every one without some
> additional hints. :)
> > I have found very little on Blitznet. Is this Blitznet?
> Google turns up quite a bit of information on at least one, possibly two
> candidates... impossible to tell how relevant they are without more
> information in the way of context... see above.
> Jeff Godin
> Network Specialist
> Traverse Area District Library / Traverse Community Network
> jeff at tcnet.org
More information about the list