[Dshield] New Variant of Linkbot
Paul F Dixon
pdixon at rwsc.com
Fri Oct 7 09:11:27 GMT 2005
It's a hardly-ever used registered port.
It's registered to: Cliff Neuman's Prospero Directory Service
I'm sure it's not related but here's the scoop on Prospero:
Cliff Neuman described Prospero. It follows a file system model, rather
than the hypertext model. It is built on UDP for speed. It has the
notion of a Directory which contains links to other objects (other
directories or files). It returns the link to the information object and
then automatically retrieves the file by another mechanism by the
appropriate access method (Archie, WAIS, nntp, WWW - soon!, NFS, ftp
etc.) It has been used very successfully to access the archie database.
Cliff stated that he expected to be able to use X.500 to translate
between the document ID and how to get the document.
With Prospero the user has his own view of the global information base
(or has a view built for him). Cliff thought there should be multiple
name spaces - but the difficulty would be that these would need
representing near the top of the directory tree. With multiple user
chosen views - this would be difficult to manage. Also two users might
refer to an object by different handles which would be relative to their
individual name spaces - difficult when passing references (say in a
mail message) from one person to the other.
More on the virus. I'll get a compressed, protected version as soon as I
can. I've done more evaluation on our Firewall and it seems that this may
have been a timebomb - I have records of several machines starting to talk
to 22.214.171.124 at appx. the same time. Maybe we've had the virus
banging around for some time.
<jeff-kell at utc.ed
Sent by: General DShield Discussion List
list-bounces at list <list at lists.dshield.org>
10/06/2005 06:13 Re: [Dshield] New Variant of
Please respond to
<list at lists.dshie
Paul F Dixon wrote:
> This is a fast moving bug. We're able to detect it by tailing our fwlogs
> and grepping out port 191 calls to 126.96.36.199.
Using .Net? Need to know more about .Net Security?
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list