| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rottz at securityflaw.com (Peter E. Johnson) Subject: Is this caused by Sobig? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greg, The ICMP pings are NOT SoBig.F, its the Nachi/Welchia "good worm", it agressively scans local subnets and causes high bandwidth usage obviously. My ISP Cox cable, have filter/blocked it now because I haven't seen any ICMP packets in the last 24hrs. For more info, checkout my post here: http://www.security-forums.com/forum/viewtopic.php?t=7631 As far as your nmap output, obviously all those ports are NOT open, its prolly a switch or another network device that is showing the port is open. I didn't see anything informative in the nmap log. For more information on SoBig.F checkout my post, I keep it fairly updated. http://www.security-forums.com/forum/viewtopic.php?t=7662 If you have anymore questions, let me know. - ---- Peter E. Johnson Founder of Securityflaw - www.securityflaw.com Creator of Information Security Bible - www.securityflaw.com/bible/ On Sat, 23 Aug 2003, gregh wrote: > > See attached text file. > > As many of you are, so am I being pinged quite a lot. So, I checked out a few of the pings and I am getting this same thing each time. > > Is this an effect of Sobig? I hadn't noticed anything quite like this before a few weeks ago. > > Greg. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/RuQHX3lbyIti9jYRAtCcAJ9fNfrxVcqzS6obvjL+/TSZbw7S7ACgvMz2 3W3+/0CNtnIwPX+IfdYz0+s= =7qi/ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists