Do keep an eye on that ICMP traffic. People are seemingly forgetting that this RPC vulnerability can be used as a powerful DDoS tool... Already reports of massive DDoS attacks being generated by botnets being setup around the place on vulnerable machines.... Cheers, M -----Original Message----- From: Tim Thomson [mailto:tim.thomson(a)paradise.net.nz] Sent: Tuesday, August 19, 2003 4:11 AM To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Weird pings On Tue, Aug 19, 2003 at 03:11:49AM +1200, Gavin Grieve wrote:
Then perhaps this report might shed some light.
New variant of the MSBLAST virus.
Odd that it pings before scanning. Didn't notice the 135 probes after the ping, because so many people have 135 blocked now, so only the odd one got through after the ping. I guess this makes it more dangerous, as malicious people will be able to see the pings, even if they can't see the 135 connection, and then they could connect in on port 707. Nice job with the automatic patching of the machine from various vulnerbilities... it probably does it without requiring a reboot :P Cheers, Tim. _______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog