|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: james (jamesh_at_cybermesa.com)
Date: Tue Sep 24 2002 - 10:39:42 CDT
I have a client, who is an ISP, that is having real trouble with large
amounts of traffic, at times causing a DoS, on the "control channel"
ports 2002 and 4156. He has a Linux box that was infected and now is clean.
However the internet seems to know about his address
and still sends him lots of traffic. I am dropping the known worm ports for
him on our edge routers. I was thinking of asking him to change the IP of
the box, does anyone know if the worm knows the addresses of infected hosts
by IP or name ?
James Edwards
jamesh
cybermesa.com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:
505-988-9200 or Toll Free: 888-988-2700
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]