General Discussion Blaster Worm and his Successor. Anyone catchem?

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 5 replies
Subscribers 3 subscribers
Views 979 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blaster Worm and his Successor. Anyone catchem?

Tmor over 22 years ago

did anyone actually catch "Blaster" or "Nachi" on the ASL itself?

This thread was automatically locked due to age.

Parents

0 MagicMike over 22 years ago

Sorry Tmor,
I don't quite get what you mean with "catching" and "on the ASL itself" ..
Since the Blaster/Lovesan worm are using Windows RPC wulnerability to spread, there will be no notification from the AV tool or anything else. But, in general, the ports 135, 139 & 445 will be rejected & logged.
Regarding those ports, we received following amount of attempts to these ports during August so far: 135/ 1000+, 139/ 500+, 445/ 2000+.
I have not analyzed this from earlier months, so I don't know if there's any increase.
Cancel
Vote Up 0 Vote Down

Cancel
0 Vukasin over 22 years ago in reply to MagicMike

Would be interesting to see how the number of attempts behaves over time. One could guess approx number of infected machines in his vicinity.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Vukasin over 22 years ago in reply to MagicMike

Would be interesting to see how the number of attempts behaves over time. One could guess approx number of infected machines in his vicinity.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data