Odd worm traffic?
From: Chris Boyd (cboyd_at_gizmopartners.com)
Date: 08/26/03
- Previous message: Abe Usher: "towards a taxonomy of Information Assurance (IA)"
- Next in thread: Jerry Heidtke: "RE: Odd worm traffic?"
- Maybe reply: Jerry Heidtke: "RE: Odd worm traffic?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Aug 2003 10:31:12 -0500 To: incidents@securityfocus.com
Just after midnight local time, one my IDS boxes that monitors a small
residential broadband network lit up with a bunch of traffic using
spoofed source IP of 127.0.0.1, source port 80, destination IPs all
over the /16, dest ports all in the range of 1002-1992.
Googling for a pattern like this doesn't turn up much, and no exact
match. Anyone else seen similar?
--Chris
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
- Previous message: Abe Usher: "towards a taxonomy of Information Assurance (IA)"
- Next in thread: Jerry Heidtke: "RE: Odd worm traffic?"
- Maybe reply: Jerry Heidtke: "RE: Odd worm traffic?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
