[unisog] Infected windows boxes with IRC
controlled trojans on them
pauls at utdallas.edu
Wed Apr 10 22:45:14 GMT 2002
No, we haven't seen any of this, and we've been looking.
We block 135-139 UDP/TCP and 445 UDP/TCP.
--On Wednesday, April 10, 2002 5:44 PM -0400 Gary Flynn
<flynngn at jmu.edu> wrote:
> Mark Newman wrote:
>> Can anyone comment on the method of exploit?
>> Admin shares and anonymous enumeration have been the
>> commonality with machines here...but, *how* was this
> Along the same vein, I'd like to know if anyone that
> blocks netbios at the Internet border has seen this.
Paul Schmehl (pauls at utdallas.edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member
More information about the unisog