|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: UDP port 4000 traffic: likely a new worm
Confirmed. We had our first customer (colo) hit yesterday evening at 20:43 PST. Additionally, they experienced the hard drive corruption (which was added to the ISC diary entry within the last several hours). Traffic was 4000/udp. Initial 90 Mbit/s peak which leveled out at a constant 60 Mbit/s before we took them off-line. -jr * Johannes B. Ullrich <[email protected]> [20040320 00:44]: > Looks like there may be a worm going around hitting systems that run > BlackIce. Common characteristics of the packets: Source port 4000 (but > random target port) and the string > "insert witty message here". > > details will be posted here: > http://isc.sans.org/diary.html > as I get them together. -- Josh Richards | Colocation Web Hosting Bandwidth Digital West Networks | +1 805 781-9378 / www.digitalwest.net San Luis Obispo, CA | AS14589 & AS29962 [email protected] | DWNI - Making Internet Business Better
|