Worm attacks

David Brumley dbrumley at rtfm.stanford.edu
Mon Jul 23 19:18:35 EDT 2001


> Gentle people,
>    Did any one catch any worm traffic this past week?
> I'd love to see the first 64 bytes, if anyone has any
> logs.  I'm guessing that Argus would have been the only
> technology to automatically audited worm traffic from the
> last wave.

I don't have any argus logs, but I found that ngrep was especially
helpful in identifying machines looking for the default.ida script.

cheers,
-david
-- 
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security -   dbrumley at Stanford.EDU
Phone: +1-650-723-2445           WWW: http://www.stanford.edu/~dbrumley
Fax:   +1-650-725-9121  PGP: finger dbrumley-pgp at sunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
Life is a whim of several billion cells to be you for a while.



More information about the argus mailing list