lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: mducharme at cybergeneration.com (Maxime Ducharme)
Subject: Which worm?

Hi Bob,
    I got alot of 'em too, here are some sizes in bytes i got and number
of times they hit my host (with the leading 5 bytes) :

5125 x 1
8325 x 1
10525 x 1
36869 x 1
106629 x 1
109121 x 2
241669 x 1
278533 x 4

I did not have time to look into them yet, i can provide these
files if someone would like to study them.

Have a nice day

Maxime Ducharme
Programmeur / Sp?cialiste en s?curit? r?seau

----- Original Message ----- 
From: "bob sagart" <bobsagart500@...mail.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Tuesday, April 13, 2004 7:53 AM
Subject: [Full-Disclosure] Which worm?


> Hey everyone
> The other night I decided to see what traffic I could capture on tcp port
> 3127 (MyDoom backdoor) since I have been getting a lot of connection
attemps
> showing up in my firewall logs.
> I got several dumps of the traffic using
> nc -l -p 3127 > out.dmp
> most of them are around 10-20kB which I thought was the about the right
size
> of most of the worms and backdoors using that port. But one of the dumps I
> got was 150kB and I was just wondering if anyone could tell me what I
might
> be?
> I cannot send it as an attachment as hotmail says it is a virus.
> Thanks.
>
> _________________________________________________________________
> Check out news, entertainment and more @  http://xtra.co.nz/broadband
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists