Re: Worm activity

From: Andrés Montañez (andresmontanez.lists_at_gmail.com)
Date: 06/14/05

  • Next message: Monty Ree: "How to secure /tmp and /dev/shm at linux?"
    Date: Mon, 13 Jun 2005 22:34:17 -0300
    To: Security Basics <security-basics@securityfocus.com>
    
    

    The port 445 is for the SMB suite (SaMBa or ActiveDirectory).
    Port 135 is "DCOM Service Control Manager".

    So the worm would be located in Windows workstations.
    You should start getting a list of recent worms with those targets.
    If you have WinClients... scann them.

    --
    Andrés G. Montañez
    Network Administrator
    Montevideo - Uruguay
    

  • Next message: Monty Ree: "How to secure /tmp and /dev/shm at linux?"