[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.56.0308222336180.13441@hic1.kazserv.com>
From: rottz at securityflaw.com (Peter E. Johnson)
Subject: Is this caused by Sobig?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greg,
The ICMP pings are NOT SoBig.F, its the Nachi/Welchia "good worm", it
agressively scans local subnets and causes high bandwidth usage
obviously. My ISP Cox cable, have filter/blocked it now because I haven't
seen any ICMP packets in the last 24hrs.
For more info, checkout my post here:
http://www.security-forums.com/forum/viewtopic.php?t=7631
As far as your nmap output, obviously all those ports are NOT open, its
prolly a switch or another network device that is showing the port is
open. I didn't see anything informative in the nmap log.
For more information on SoBig.F checkout my post, I keep it fairly updated.
http://www.security-forums.com/forum/viewtopic.php?t=7662
If you have anymore questions, let me know.
- ----
Peter E. Johnson
Founder of Securityflaw - www.securityflaw.com
Creator of Information Security Bible - www.securityflaw.com/bible/
On Sat, 23 Aug 2003, gregh wrote:
>
> See attached text file.
>
> As many of you are, so am I being pinged quite a lot. So, I checked out a few of the pings and I am getting this same thing each time.
>
> Is this an effect of Sobig? I hadn't noticed anything quite like this before a few weeks ago.
>
> Greg.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/RuQHX3lbyIti9jYRAtCcAJ9fNfrxVcqzS6obvjL+/TSZbw7S7ACgvMz2
3W3+/0CNtnIwPX+IfdYz0+s=
=7qi/
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists