|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Fw: Detecting worm infection by remote
Well the lame moderator at [email protected] will not let this message pass. Anyone have any ideas ? Sorry as this is off topic, too bad a security list has problems with questions like this ! I would like start having support call infected users, once the storm passes. james : ----- Original Message ----- : From: "james" <[email protected]> : To: <[email protected]> : Sent: Wednesday, August 13, 2003 2:46 PM : Subject: Detecting worm infection by remote : : : : I am trying to build a list of infected users, is it possible to just nmap : : tcp port 4444 ? Does anyone know of a scanner I could use ? We had : : to lock ports 135-139 down all over the state to bring this under control : : as the users were scanning local users & causing slowdowns. So I cannot detect infections via : : port 135-139 tcpdumps or Snort. : : : : James Edwards : : Routing and Security Administrator : : [email protected] : : At the Santa Fe Office: Internet at Cyber Mesa : : Store hours: 9-6 Monday through Friday : : : :
|