Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 977 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blaster Worm and his Successor. Anyone catchem?

Tmor
did anyone actually catch "Blaster" or "Nachi" on the ASL itself?

   


This thread was automatically locked due to age.
  • 0
    I´m not catch "Blaster" or "Nachi" on my ASL   
  • 0
    Sorry Tmor,
    I don't quite get what you mean with "catching" and "on the ASL itself" ..
    Since the Blaster/Lovesan worm are using Windows RPC wulnerability to spread, there will be no notification from the AV tool or anything else. But, in general, the ports 135, 139 & 445 will be rejected & logged.
    Regarding those ports, we received following amount of attempts to these ports during August so far: 135/ 1000+, 139/ 500+, 445/ 2000+.
    I have not analyzed this from earlier months, so I don't know if there's any increase.   
  • 0 in reply to MagicMike
    Would be interesting to see how the number of attempts behaves over time. One could guess approx number of infected machines in his vicinity.   
  • 0 in reply to MagicMike
    [ QUOTE ]
    we received following amount of attempts to these ports during August so far: 135/ 1000+, 139/ 500+, 445/ 2000+.


    [/ QUOTE ]

    Well i got 10K+ attacks every day on port 445 on our firewalls  
  • 0 in reply to ECKEROTH
    I have several attempts of both worms hitting the firewall and getting dropped(and logged)..the storms average 309k packets totalling 15 megs of data every incident..if you want logs just let me know..