Fwd: Re: [Dshield] Mydoom, Navarg, Sco what ever
mtombaugh at alliedcc.com
Tue Jan 27 14:36:40 GMT 2004
I think the snort sigs triggered some AV...
---------- Forwarded Message ----------
Subject: Re: [Dshield] Mydoom, Navarg, Sco what ever
Date: Tuesday 27 January 2004 9:27 am
From: Mark Tombaugh <mtombaugh at alliedcc.com>
To: General DShield Discussion List <list at dshield.org>
On Monday 26 January 2004 10:09 pm, Johannes B. Ullrich wrote:
> BTW: I have it running in a honeypot, and I don't see the SCO.com attack
> so far. Has anybody on the list here seen this?
Any interesting results when you set the clock forward? If so, does it use
DNS to find sco.com? Also, I'm curious if the infected host responds to nmap
probes (tcp 3127 - 3198).
Mark Tombaugh <mtombaugh at alliedcc.com>
Allied Computer Corporation <http://www.alliedcc.com>
USiHOST, iNC. <http://www.usihost.com>
More information about the list