nanog mailing list archives
AW: UDP port 4000 traffic: likely a new worm
From: "Florian Frotzler" <florian.frotzler () gmx at>
Date: Mon, 22 Mar 2004 20:02:47 +0100
I can acknowledge that we see the worm also in Europe/Austria. Today we had a customer with a Black Ice firewall flooding us with random 4000/udp traffic before we shut him down. Kind Regards, -- DI (FH) Florian Frotzler IT Planning e W ) a ) v ) e eWave Telekommunikation GmbH A-1210 Wien, Ignaz-Koeck-Strasse 1
Von: George Bakos The number of immediately vulnerable hosts was rapidly depleted by the worm, given the launch was AFTER most business had shut down for the weekend. I'll venture that Black Ice, a commercial security product, is deployed much more widely on the corporate laptop than the home machine. I expect to see more than a slight bump in those numbers come Monday AM. g On Sat, 20 Mar 2004 13:50:30 -0800 Josh Richards <jrichard () digitalwest net> wrote:The good news is that "witty" appears to not be a very witty propagator. Our flow data shows attempts to connect to 4000/udp on hosts in our network having a downward trend over the lastfew hours:Time Unique Source IPs 08:00 350 09:00 332 10:00 297 11:00 298 12:00 265-- George Bakos Institute for Security Technology Studies Dartmouth College gbakos () ists dartmouth edu 603.646.0665 -voice 603.646.0666 -fax pub 1024D/081ECB85 1999-04-09 George Bakos <gbakos () ists dartmouth edu> Key fingerprint = D646 8F91 F795 27EC FF8B 8C95 B102 9EB2 081E CB85
Current thread:
- UDP port 4000 traffic: likely a new worm Johannes B. Ullrich (Mar 20)
- Re: UDP port 4000 traffic: likely a new worm Josh Richards (Mar 20)
- Re: UDP port 4000 traffic: likely a new worm Josh Richards (Mar 20)
- Re: UDP port 4000 traffic: likely a new worm George Bakos (Mar 21)
- AW: UDP port 4000 traffic: likely a new worm Florian Frotzler (Mar 22)
- Re: UDP port 4000 traffic: likely a new worm Josh Richards (Mar 20)
- Re: UDP port 4000 traffic: likely a new worm Scott Call (Mar 20)
- Re: UDP port 4000 traffic: likely a new worm Josh Richards (Mar 20)
- <Possible follow-ups>
- Re: UDP port 4000 traffic: likely a new worm Rodney Joffe (Mar 20)