North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: UDP port 4000 traffic: likely a new worm

  • From: George Bakos
  • Date: Sun Mar 21 23:50:07 2004

The number of immediately vulnerable hosts was rapidly depleted by the
worm, given the launch was AFTER most business had shut down for the
weekend. I'll venture that Black Ice, a commercial security product, is
deployed much more widely on the corporate laptop than the home machine.

I expect to see more than a slight bump in those numbers come Monday AM.

g

On Sat, 20 Mar 2004 13:50:30 -0800
Josh Richards <[email protected]> wrote:

> The good news is that "witty" appears to not be a very witty propagator.
> Our flow data shows attempts to connect to 4000/udp on hosts in our 
> network having a downward trend over the last few hours:
> 
> Time   Unique Source IPs
> 08:00	350 
> 09:00	332
> 10:00	297
> 11:00	298
> 12:00	265 


-- 
George Bakos
Institute for Security Technology Studies
Dartmouth College
[email protected]
603.646.0665 -voice
603.646.0666 -fax

pub  1024D/081ECB85 1999-04-09 George Bakos <[email protected]>
     Key fingerprint = D646 8F91 F795 27EC FF8B  8C95 B102 9EB2 081E CB85