[74317] in North American Network Operators' Group
New Improved Worm nonsense
daemon@ATHENA.MIT.EDU (J. Oquendo)
Wed Sep 22 01:48:25 2004
Date: Wed, 22 Sep 2004 00:51:37 -0500 (EST)
From: "J. Oquendo" <sil@politrix.org>
To: nanog@nanog.org
In-Reply-To: <Pine.GSO.4.58.0409220045150.26146@kungfunix.net>
Errors-To: owner-nanog-outgoing@merit.edu
I've managed to get more information should anyone care to take peek at
what one machine I ran into had. Quickie (ugly) write up/dissection
includes two irclogs stored on the infected machine, parsed infected
machine IP addresses (good to check if your network is spewing worm/virus
traffic), and to get an overall assessment of this annoyance. Cross posted
this to UNISog
http://infiltrated.net/setver32-variables.html
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x51F9D78D
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D
lynx -dump 0xD1.0x5E.0x7B.0x9B/fatal|sed '1!G;h;$!d;s/\#/ /g;s/\+/ /g
sil @ politrix . org http://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net
"How can we account for our present situation unless we
believe that men high in this government are concerting
to deliver us to disaster?" Joseph McCarthy "America's
Retreat from Victory"
