[Dshield] Blitznet?

Tim Kroeger tkroeger at comcast.net
Wed Sep 10 01:37:06 GMT 2003


The logs were generated by Dragon.  I couldn't get any header or payload
data for some reason.  I will continue to try.  Any info blitznet or what
the heck port 3609 is would be appreciated.

Tim
----- Original Message ----- 
From: "Jeff Godin" <jeff at tcnet.org>
To: "Tim Kroeger" <tkroeger at comcast.net>
Cc: <list at dshield.org>
Sent: Tuesday, September 09, 2003 7:09 PM
Subject: Re: [Dshield] Blitznet?


>
> On Tue, 9 Sep 2003, Tim Kroeger wrote:
>
> > 14:36 03Sep09 from 123.456.9.178:23 123.456.13.185:3609 tcp BLITZNET
> > 14:36 03Sep09 from 123.456.9.178:23 123.456.13.150:3609 tcp BLITZNET
> [snip]
> >
> > This is a dial-up user who was also infected with Nachi.  We were
> > logging this at the same time we were seeing Nachi from the same user.
>
> It would help if you could specify what program/script/etc generated the
> above output. There are quite a few interesting tools out there, and it is
> difficult to recognize the output of each and every one without some
> additional hints. :)
>
> >
> > I have found very little on Blitznet.  Is this Blitznet?
>
> Google turns up quite a bit of information on at least one, possibly two
> candidates... impossible to tell how relevant they are without more
> information in the way of context... see above.
>
> -jeff
>
> -- 
> Jeff Godin
> Network Specialist
> Traverse Area District Library / Traverse Community Network
> jeff at tcnet.org
>
>





More information about the list mailing list