[74317] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

New Improved Worm nonsense

daemon@ATHENA.MIT.EDU (J. Oquendo)
Wed Sep 22 01:48:25 2004

Date: Wed, 22 Sep 2004 00:51:37 -0500 (EST)
From: "J. Oquendo" <sil@politrix.org>
To: nanog@nanog.org
In-Reply-To: <Pine.GSO.4.58.0409220045150.26146@kungfunix.net>
Errors-To: owner-nanog-outgoing@merit.edu



I've managed to get more information should anyone care to take peek at
what one machine I ran into had. Quickie (ugly) write up/dissection
includes two irclogs stored on the infected machine, parsed infected
machine IP addresses (good to check if your network is spewing worm/virus
traffic), and to get an overall assessment of this annoyance. Cross posted
this to UNISog

http://infiltrated.net/setver32-variables.html

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x51F9D78D
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D

lynx -dump 0xD1.0x5E.0x7B.0x9B/fatal|sed '1!G;h;$!d;s/\#/ /g;s/\+/ /g

sil @ politrix . org    http://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net

"How can we account for our present situation unless we
believe that men high in this government are concerting
to deliver us to disaster?" Joseph McCarthy "America's
Retreat from Victory"

home help back first fref pref prev next nref lref last post