[unisog] Infected windows boxes with IRC controlled trojans on them

Paul Schmehl pauls at utdallas.edu
Wed Apr 10 22:45:14 GMT 2002


No, we haven't seen any of this, and we've been looking. 
We block 135-139 UDP/TCP and 445 UDP/TCP.

--On Wednesday, April 10, 2002 5:44 PM -0400 Gary Flynn 
<flynngn at jmu.edu> wrote:

> Mark Newman wrote:
>>
>> Can anyone comment on the method of exploit?
>>
>> Admin shares and anonymous enumeration have been the
>> commonality with machines here...but, *how* was this
>> done?
>
> Along the same vein, I'd like to know if anyone that
> blocks netbios at  the Internet border has seen this.

Paul Schmehl (pauls at utdallas.edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member



More information about the unisog mailing list