[unisog] Increased Activity
A00JER1 at wpo.cso.niu.edu
Tue Mar 23 02:48:19 GMT 2004
2745 is the Bagle/Beagle worm (probably variant E - H);
3127 is probably MyDoom which uses 3127 or the next available port up
6129 is Dameware.
You can Google for any of these by using "port xxxx virus." 1025 and
80 are usually legit but the way you describe the first byte of the DST
IP staying the same while the other three change indicates something
like Nimda or Code Red.
Jason Richardson, J.D., CISSP, CISM, CNE
Manager, IT Security and Client Development
Enterprise Systems Support
Northern Illinois University
jasrich at niu.edu
>>> "Lang, Michael" <mike.lang at uconn.edu> 3/22/2004 11:44:09 AM >>>
This is my first post to unisog and I just subscribed, - I hope that
this isn't repetitive...
This morning I see a dramatic increase in hosts on our network that are
The attacked IP is chosen pretty random with the first octet staying
the same and the last three changing.
Not only is there a dramatic increase of hosts on our network getting
this, but I see a lot from the Internet pouring into our network.
Anyone clue me into what this one is?
University of Connecticut
More information about the unisog