Re: Worm activity
From: Andrés Montañez (andresmontanez.lists_at_gmail.com)
Date: 06/14/05
- Previous message: Manu Garg: "sniffing in a switched network - a presentation on ARP spoofing"
- In reply to: Adam Dyga: "Worm activity"
- Next in thread: Mark Bassett: "Re: Worm activity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Jun 2005 22:34:17 -0300 To: Security Basics <security-basics@securityfocus.com>
The port 445 is for the SMB suite (SaMBa or ActiveDirectory).
Port 135 is "DCOM Service Control Manager".
So the worm would be located in Windows workstations.
You should start getting a list of recent worms with those targets.
If you have WinClients... scann them.
-- Andrés G. Montañez Network Administrator Montevideo - Uruguay
- Previous message: Manu Garg: "sniffing in a switched network - a presentation on ARP spoofing"
- In reply to: Adam Dyga: "Worm activity"
- Next in thread: Mark Bassett: "Re: Worm activity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
