Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Fw: Detecting worm infection by remote

  • From: james
  • Date: Wed Aug 13 17:15:57 2003

Well the lame moderator at intrusions@incidents.org will not let this message pass.
Anyone have any ideas ? Sorry as this is off topic, too bad a security list has problems
with questions like this ! I would like start having support call infected users, once the storm
passes. 

james

: ----- Original Message ----- 
: From: "james" <jamesh@cybermesa.com>
: To: <intrusions@incidents.org>
: Sent: Wednesday, August 13, 2003 2:46 PM
: Subject: Detecting worm infection by remote
: 
: 
: : I am trying to build a list of infected users, is it possible to just nmap 
: : tcp port 4444 ? Does anyone know of a scanner I could use ? We had
: : to lock ports 135-139 down all over the state to bring this under control
: : as the users were scanning local users & causing slowdowns. So I cannot detect infections via
: : port 135-139 tcpdumps or Snort.
: : 
: : James Edwards
: : Routing and Security Administrator
: : jamesh@cybermesa.com
: : At the Santa Fe Office: Internet at Cyber Mesa
: : Store hours: 9-6 Monday through Friday
: : 
: :




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.