Download Game! Currently 65 players and visitors. Last logged in:SolvikElwynesBullwinMerge

BatMUD Forums > General > Re: Possible network issue

Previous thread     Next thread
 
 
#1
24 Sep 2003 22:11
 
 
Out of curiosity, has any net.geek seen an upsurge in port 80 traffic
to random IPs that are not webservers today? Starting this AM EDT?
From one this morning to 12+ today, it does not match signatures
of previous RCON exploits. I think there may be a new toy loose....

 
 
 
Khonshu
15d, 10h, 2m, 31s old
Level:
30
Toggle Font
< Switch sides >
 
 
#2
24 Sep 2003 23:43
 
 
Khonshu wrote:
Out of curiosity, has any net.geek seen an upsurge in port 80 traffic
to random IPs that are not webservers today? Starting this AM EDT?
From one this morning to 12+ today, it does not match signatures
of previous RCON exploits. I think there may be a new toy loose....
A new worm was realsed. its seems to effect mail servers primarly but it does
clog others so net trafiic has been effected. once again it targets win2k
primarly so keep your eyes open on any intrusions that may occur.

Gorge Typo --> Ignore The Typos


In theory, theory and practice are the same, but in practice, theyre not.

 
 
 
Gorge
210d, 10h, 41m, 23s old
Level:
59
Toggle Font
< Switch sides >
 
 
#3
24 Sep 2003 23:50
 
 
Gorge wrote:
Khonshu wrote:
Out of curiosity, has any net.geek seen an upsurge in port 80 traffic
to random IPs that are not webservers today? Starting this AM EDT?
From one this morning to 12+ today, it does not match signatures
of previous RCON exploits. I think there may be a new toy loose....
A new worm was realsed. its seems to effect mail servers primarly but it does
clog others so net trafiic has been effected. once again it targets win2k
primarly so keep your eyes open on any intrusions that may occur.

Gorge Typo --> Ignore The Typos
oh goody. like August wasn't enough fun...

i don't see it on CERT or SARC yet, where'd you find info?
I can't find an existing threat that matches observed behaviour so far...
and yeah, i submitted it this morning just in case it was new.

 
 
 
Khonshu
15d, 11h, 46m, 57s old
Level:
30
Toggle Font
< Switch sides >
 
 
#4
25 Sep 2003 04:41
 
 
Khonshu wrote:
Gorge wrote:
Khonshu wrote:
Out of curiosity, has any net.geek seen an upsurge in port 80 traffic
to random IPs that are not webservers today? Starting this AM EDT?
From one this morning to 12+ today, it does not match signatures
of previous RCON exploits. I think there may be a new toy loose....
A new worm was realsed. its seems to effect mail servers primarly but it does
clog others so net trafiic has been effected. once again it targets win2k
primarly so keep your eyes open on any intrusions that may occur.

Gorge Typo --> Ignore The Typos
oh goody. like August wasn't enough fun...

i don't see it on CERT or SARC yet, where'd you find info?
I can't find an existing threat that matches observed behaviour so far...
and yeah, i submitted it this morning just in case it was new.
Might be win32.Swen. It replicates in many ways. One of it's feature is to
"phone home" on one website to inform it has infected a machine. You can find
a nice desc at:
http://www.f-secure.com/v-descs/swen.shtml


--
I type this every time


If I had all the money I'd spent on drink, I'd spend it on drink.
-- Sir Henry Rawlinson

 
 
 
Fizzl
C o d e s l a v e
1y, 303d, 10h, 19m, 29s old
Level:
32 [Wizard]
Toggle Font
< Switch sides >
 
 
#5
25 Sep 2003 16:15
 
 
re: swen
wow, that's the funniest thing i've seen since Cascade,
but doesn't match what this thing's doing.
It's weird and annoying. And i'm starting to think that i actually have
two things, not one, now that i have 20+ incidents i'm looking over...
thanks again 8)

 
 
 
Khonshu
15d, 12h, 17m, 23s old
Level:
30
Toggle Font
< Switch sides >