-
May 5th, 2004, 06:39 PM
#1
Senior Member
Possible Sasser activity?
In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
Has anyone else experienced this?
-
May 5th, 2004, 06:39 PM
#2
Senior Member
Possible Sasser activity?
In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
Has anyone else experienced this?
-
May 5th, 2004, 06:47 PM
#3
What AV are you using? Has it detected anything fishy?
-
May 5th, 2004, 06:47 PM
#4
What AV are you using? Has it detected anything fishy?
-
May 5th, 2004, 06:58 PM
#5
Senior Member
I run Panda`s online virus scanner every couple of days, it hasn`t detected anything.
I`d doubt very much that i would of been infected anyway, It shouldn`t get through the firewall and my my Widows machine is fully up to date with the patches.
I was wondering more along the lines of wether these logs were a by product of machines that have been infected trying to connect to my IP address.
-
May 5th, 2004, 06:58 PM
#6
Senior Member
I run Panda`s online virus scanner every couple of days, it hasn`t detected anything.
I`d doubt very much that i would of been infected anyway, It shouldn`t get through the firewall and my my Widows machine is fully up to date with the patches.
I was wondering more along the lines of wether these logs were a by product of machines that have been infected trying to connect to my IP address.
-
May 5th, 2004, 07:01 PM
#7
Hmm, could be...I'm sure you've done all the usual spyware scans as well, right?
-
May 5th, 2004, 07:01 PM
#8
Hmm, could be...I'm sure you've done all the usual spyware scans as well, right?
-
May 5th, 2004, 07:09 PM
#9
Re: Possible Sasser activity?
Originally posted here by homenet
In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
Has anyone else experienced this?
Yes, this is the worm scanning for new hosts to infect.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
May 5th, 2004, 07:09 PM
#10
Re: Possible Sasser activity?
Originally posted here by homenet
In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
Has anyone else experienced this?
Yes, this is the worm scanning for new hosts to infect.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|