Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Ian Jones (iandsl081-056-052.dsl-isp.net)
Date: Sat Jun 23 2001 - 15:57:27 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Is this something that has been around for a while? There is a worm
spreading via bind (suprise!) which scans for victims using CHAOS/TXT
queries. After finding and compromising the victim it establishes a
webserver on tcp port 12321 on the victim to serve files to future victims.
I checked my packet dumps and found several infected hosts.
If you want to poke at it, the following hosts is currently up, but I did
notify the whois contact.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: Making the world safe for geeks.
-----END PGP SIGNATURE-----
Snort-users mailing list
Go to this URL to change user options or unsubscribe:
Snort-users list archive: