Re: exact signature for mydoom / novarg

From: Glenn Forbes Fleming Larratt (glratt_at_rice.edu)
Date: 01/30/04

  • Next message: Nick FitzGerald: "RE: Novarg" 
    Date: Fri, 30 Jan 2004 13:02:05 -0600 (CST)
To: incidents@securityfocus.com

    Not a signature per se, but an analysis which includes the packet
    stream necessary to use the backdoor:

    http://www.math.org.il/newworm-digest1.txt

    On Thu, 29 Jan 2004, David M Dennis wrote:

    > Dear List,
    >
    > Was wondering if there exists in public domain an IP signature
    > that includes packet size, port, tcp/udp, and anything else that
    > might narrow it further than "port 3127 / port 3198" .

                                    Glenn Forbes Fleming Larratt
                                    Rice University Networking
                                    glratt@rice.edu

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Nick FitzGerald: "RE: Novarg"

    Relevant Pages

    • Re: [fw-wiz] Netscreen firewalls
      ... the transparent bridge mode is quite good, ... the default, out of the box transport mechanism is packet forwarding only, ... comparison against a signature is typically the way that enforcement is ...
      (Firewall-Wizards)
    • Re: Ultra-Fast Stateless Forward Signing
      ... With each packet, the sender encrypts a MAC key with the public ... ciphertext and signature many times, so each end can use cached ... Makes a Merkle hash-tree with the OTS keys as the leaves; ... The PK signature of the hash-tree root. ...
      (sci.crypt)
    • Re: very slow convergence of ntp to correct time.
      ... Many years ago the Proteon routers dropped the first packet ... David> after the cache timed out; ... cause issues for others when they are reconfiguring part of the network. ...
      (comp.protocols.time.ntp)
    • Re: IDS Analyst Levels
      ... your signature logic is tokenising the input data stream. ... `Does this packet ... that's a quick synopsis of the IDS analysis model I've been ...
      (Focus-IDS)
    • Re: kathy! Youll straighten candles. Generally, Ill accord the learning
      ... Just now David will hunt the magic, and if Mohammar exclusively asserts it too, the signature will imagine on behalf of the electrical location. ...
      (sci.crypt)