Re: DDOS in progress?
From: Geoff (greendog_at_nospampacific.net.au)
Date: 08/26/03
- Previous message: Uli Wachowitz: "Re: National Security Backdoor in telnetd - all versions."
- In reply to: David: "DDOS in progress?"
- Next in thread: Lord Shaolin: "Re: DDOS in progress?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Aug 2003 19:24:35 +1000
David wrote:
>
> It looks like someone is running a DDOS. Though it doesn't prevent me
> from browsing or posting to the newsgroups and really doesn't slow my
> browsing much.
>
> 12.220.227.112 > 12.219.169.125: icmp: echo request
> 12.220.114.124 > 12.219.169.125: icmp: echo request
I've been seeing the same thing here for about the last week.
I think it's this one:
http://www.sophos.com/virusinfo/analyses/w32nachia.html
"The worm then scans the network for computers on which to execute exploits.
An ICMP Ping packet is sent first to check if a host is online. The Ping
packet is followed by a WebDAV search request or an RPC DCOM exploit. If
the exploit is sucessful W32/Nachi-A uses tftp.exe to copy the worm
files from the source system.
Once the system is infected, W32/Nachi-A attempts to download and run
security patches from the Microsoft's update websites."
Geoff
- Previous message: Uli Wachowitz: "Re: National Security Backdoor in telnetd - all versions."
- In reply to: David: "DDOS in progress?"
- Next in thread: Lord Shaolin: "Re: DDOS in progress?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
