Re: Nimda virus and whois search...2001-09-30 19:10:02On Sun, 30 Sep 2001 13:35:14 +0300, Pekka Savola said: - users running traceroute, on incomoing icmp time exceeded messages triggering an icmp flood "detection" - using a public ftp server, thus generating an ident query - using an smtp server, -""- - etc. My personal pet peeve - getting complaints that one of my machines is scanning some user's machine with source port 123. Odd that the machine in question was the target of the CNAME 'ntp-2.vt.edu' ;) /Valdis
|
|