Well the lame moderator at intrusions@incidents.org will not let this message pass.
Anyone have any ideas ? Sorry as this is off topic, too bad a security list has problems
with questions like this ! I would like start having support call infected users, once the storm
passes.
james
: ----- Original Message -----
: From: "james" <jamesh@cybermesa.com>
: To: <intrusions@incidents.org>
: Sent: Wednesday, August 13, 2003 2:46 PM
: Subject: Detecting worm infection by remote
:
:
: : I am trying to build a list of infected users, is it possible to just nmap
: : tcp port 4444 ? Does anyone know of a scanner I could use ? We had
: : to lock ports 135-139 down all over the state to bring this under control
: : as the users were scanning local users & causing slowdowns. So I cannot detect infections via
: : port 135-139 tcpdumps or Snort.
: :
: : James Edwards
: : Routing and Security Administrator
: : jamesh@cybermesa.com
: : At the Santa Fe Office: Internet at Cyber Mesa
: : Store hours: 9-6 Monday through Friday
: :
: :