Worm attacks
David Brumley
dbrumley at rtfm.stanford.edu
Mon Jul 23 19:18:35 EDT 2001
> Gentle people,
> Did any one catch any worm traffic this past week?
> I'd love to see the first 64 bytes, if anyone has any
> logs. I'm guessing that Argus would have been the only
> technology to automatically audited worm traffic from the
> last wave.
I don't have any argus logs, but I found that ngrep was especially
helpful in identifying machines looking for the default.ida script.
cheers,
-david
--
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security - dbrumley at Stanford.EDU
Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley
Fax: +1-650-725-9121 PGP: finger dbrumley-pgp at sunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
Life is a whim of several billion cells to be you for a while.
More information about the argus
mailing list