cuncatorHOME.COM

• Next message: Tyrone Mills: "Re: Newbie: what does this mean?"
• Previous message: Gary Alexander: "Re: DOS attack on my webserver!!!"
• In reply to: < exter >: "Newbie: what does this mean?"
• Next in thread: Tyrone Mills: "Re: Newbie: what does this mean?"
• Reply: Henry Luciano: "Re: Newbie: what does this mean?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all,
   More likely it's the Netlog worm, I "snort" piles of them every
day. You grabbed any of the packets and looked at the data?

From my pile o' logs:
10/12-18:48:32.736418 yyy.yy.yyy.yy:1550 ->xxx.xxx.xxx.xx:139
TCP TTL:114 TOS:0x0 ID:56344 DF
***AP*** Seq: 0xC61FAC Ack: 0x305373EE Win: 0x212B
.....SMBs.....................C......u.h.h.....................+
...ASHLEY.WORKGROUP.Windows 4.0.Windows4.0............ .\\xxxxxx\C.?????.

The y's are there to protect the guilty (I've found the majority have
shared their full C drive rw with no password, *sigh*), the x's can be
replaced by any number of my hosts, as each instance of the worm tries to
propagate to bunches of IPs.

HTH,
Henry Luciano
cuncatormote.org

On Thu, 12 Oct 2000, < exter > wrote:
> I find this in my syslogs every day.
> At first I though it was some kind of attempt to intrude in my system.
>
> Oct 12 20:15:33 endymion tcplogd: netbios-ssn connection attempt from
> usuario1-NN-NNN-NN.dialup.xxx.es [xx.xxx.xxx.xxx]
>
> Do you think somebody (a bot perhaps) took me for a Win box with a BO
> client or could it be something more innocent.

• Next message: Tyrone Mills: "Re: Newbie: what does this mean?"
• Previous message: Gary Alexander: "Re: DOS attack on my webserver!!!"
• In reply to: < exter >: "Newbie: what does this mean?"
• Next in thread: Tyrone Mills: "Re: Newbie: what does this mean?"
• Reply: Henry Luciano: "Re: Newbie: what does this mean?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]