In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
Has anyone else experienced this?

In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
Has anyone else experienced this?

What AV are you using? Has it detected anything fishy?

What AV are you using? Has it detected anything fishy?

I run Panda`s online virus scanner every couple of days, it hasn`t detected anything.
I`d doubt very much that i would of been infected anyway, It shouldn`t get through the firewall and my my Widows machine is fully up to date with the patches.
I was wondering more along the lines of wether these logs were a by product of machines that have been infected trying to connect to my IP address.

I run Panda`s online virus scanner every couple of days, it hasn`t detected anything.
I`d doubt very much that i would of been infected anyway, It shouldn`t get through the firewall and my my Widows machine is fully up to date with the patches.
I was wondering more along the lines of wether these logs were a by product of machines that have been infected trying to connect to my IP address.

Hmm, could be...I'm sure you've done all the usual spyware scans as well, right?

Hmm, could be...I'm sure you've done all the usual spyware scans as well, right?

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257419#post742766) by homenet
In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
Has anyone else experienced this?


Yes, this is the worm scanning for new hosts to infect.

--TH13

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257419#post742766) by homenet
In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
Has anyone else experienced this?


Yes, this is the worm scanning for new hosts to infect.

--TH13

Its certainly picking up pace fast then. Theirs not one entry in sundays logs, a few in mondays, about 30 in yesterdays but in todays their must be about 100.

You`d of thought people would of learnt from ms.blaster worm!

Its certainly picking up pace fast then. Theirs not one entry in sundays logs, a few in mondays, about 30 in yesterdays but in todays their must be about 100.

You`d of thought people would of learnt from ms.blaster worm!

You`d of thought people would of learnt from ms.blaster worm!
MSblaster who??


people forget very quickly.. Their focus is elsewhere and unless it had a direct impact on them it is quickly forgotten.
point in case, a question was asked on this site "could this be worse than 'I Love you' virus", pity I can't find the thread..

Very short and selective memories.. and the pity is .. Sysadmins are not immune

Cheers

BTW: Smoothwall is a linux based gateway/router/firewall operating System found at http://www.smoothwall.org/ ..

You`d of thought people would of learnt from ms.blaster worm!
MSblaster who??


people forget very quickly.. Their focus is elsewhere and unless it had a direct impact on them it is quickly forgotten.
point in case, a question was asked on this site "could this be worse than 'I Love you' virus", pity I can't find the thread..

Very short and selective memories.. and the pity is .. Sysadmins are not immune

Cheers

BTW: Smoothwall is a linux based gateway/router/firewall operating System found at http://www.smoothwall.org/ ..

Oh well looks like we`ll all be getting phones calls from our more ignorant friends asking why their computer keeps rebooting!

Oh well looks like we`ll all be getting phones calls from our more ignorant friends asking why their computer keeps rebooting!