Re: exact signature for mydoom / novarg

From: Glenn Forbes Fleming Larratt (glratt_at_rice.edu)
Date: 01/30/04

  • Next message: Nick FitzGerald: "RE: Novarg" 
    Date: Fri, 30 Jan 2004 13:02:05 -0600 (CST)
To: incidents@securityfocus.com

    Not a signature per se, but an analysis which includes the packet
    stream necessary to use the backdoor:

    http://www.math.org.il/newworm-digest1.txt

    On Thu, 29 Jan 2004, David M Dennis wrote:

    > Dear List,
    >
    > Was wondering if there exists in public domain an IP signature
    > that includes packet size, port, tcp/udp, and anything else that
    > might narrow it further than "port 3127 / port 3198" .

                                    Glenn Forbes Fleming Larratt
                                    Rice University Networking
                                    glratt@rice.edu

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Nick FitzGerald: "RE: Novarg"

    Relevant Pages

    • Re: [fw-wiz] Netscreen firewalls
      ... the transparent bridge mode is quite good, ... the default, out of the box transport mechanism is packet forwarding only, ... comparison against a signature is typically the way that enforcement is ...
      (Firewall-Wizards)
    • Re: Ultra-Fast Stateless Forward Signing
      ... With each packet, the sender encrypts a MAC key with the public ... ciphertext and signature many times, so each end can use cached ... Makes a Merkle hash-tree with the OTS keys as the leaves; ... The PK signature of the hash-tree root. ...
      (sci.crypt)
    • Re: Inheritable signature?
      ... bit string, ... Let us start with the "basic" setup with no signature. ... packet by trying the reconstruction with other data. ...
      (sci.crypt)
    • Re: very slow convergence of ntp to correct time.
      ... Many years ago the Proteon routers dropped the first packet ... David> after the cache timed out; ... cause issues for others when they are reconfiguring part of the network. ...
      (comp.protocols.time.ntp)
    • Re: IDS Analyst Levels
      ... your signature logic is tokenising the input data stream. ... `Does this packet ... that's a quick synopsis of the IDS analysis model I've been ...
      (Focus-IDS)