[Dshield] Mydoom, Navarg, Sco what ever

David Hart DavidHart at TQMcube.com
Tue Jan 27 15:06:53 GMT 2004


On Tue, 2004-01-27 at 09:56, Johannes B. Ullrich wrote:

> Yes, the infected host will show an open port 3127 with nmap.

This rr host is clearly infected. No 3127

PORT    STATE    SERVICE         VERSION
135/tcp filtered msrpc 
136/tcp filtered profile 
137/tcp filtered netbios-ns 
138/tcp filtered netbios-dgm 
139/tcp filtered netbios-ssn 
445/tcp filtered microsoft-ds 
593/tcp filtered http-rpc-epmap 

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
              VERIZON has verified Einstein's observation:
            "Only two things are infinite, the universe and 
          human stupidity, and I'm not sure about the former."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040127/8e7503b1/attachment.bin


More information about the list mailing list