Re: Nimda virus and whois search...

ietf

Re: Nimda virus and whois search...

2001-09-30 19:10:02

On Sun, 30 Sep 2001 13:35:14 +0300, Pekka Savola said:

 - users running traceroute, on incomoing icmp time exceeded messages
triggering an icmp flood "detection"
 - using a public ftp server, thus generating an ident query
 - using an smtp server, -""-
 - etc.


My personal pet peeve - getting complaints that one of my machines is scanning
some user's machine with source port 123.  Odd that the machine in question
was the target of the CNAME 'ntp-2.vt.edu' ;)

/Valdis

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Nimda virus and whois search..., Franck Martin Re: Nimda virus and whois search..., Pekka Savola Re: Nimda virus and whois search..., Valdis . Kletnieks <= RE: Nimda virus and whois search..., Franck Martin Re: Nimda virus and whois search..., Bob Braden RE: Nimda virus and whois search..., Franck Martin RE: Nimda virus and whois search..., Joel Jaeggli

Previous by Date:	"Wo Ka Ming!", Helmut Guckenberger
Next by Date:	Re: Nimda virus and whois search..., Bob Braden
Previous by Thread:	Re: Nimda virus and whois search..., Pekka Savola
Next by Thread:	RE: Nimda virus and whois search..., Franck Martin
Indexes:	[Date] [Thread] [Top] [All Lists]