[Dshield] New variant of Blaster?

Security Guy securityguy at dslextreme.com
Wed Jun 16 22:00:19 GMT 2004


We're getting a lot of what looks like Blaster (spoofs 127.0.0.1, attack
port is always 80, random high number victim port) but it's not setting off
the Blaster signatures already loaded into the IDS.  The problem is that our
lame IDS doesn't give us a MAC address - just the loopback adaptor address.

Any suggestions?

- SG




More information about the list mailing list