Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Possible Sasser activity?

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    134

    Possible Sasser activity?

    In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
    I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
    Has anyone else experienced this?

  2. #2
    Senior Member
    Join Date
    Dec 2002
    Posts
    134

    Possible Sasser activity?

    In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
    I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
    Has anyone else experienced this?

  3. #3
    What AV are you using? Has it detected anything fishy?

  4. #4
    What AV are you using? Has it detected anything fishy?

  5. #5
    Senior Member
    Join Date
    Dec 2002
    Posts
    134
    I run Panda`s online virus scanner every couple of days, it hasn`t detected anything.
    I`d doubt very much that i would of been infected anyway, It shouldn`t get through the firewall and my my Widows machine is fully up to date with the patches.
    I was wondering more along the lines of wether these logs were a by product of machines that have been infected trying to connect to my IP address.

  6. #6
    Senior Member
    Join Date
    Dec 2002
    Posts
    134
    I run Panda`s online virus scanner every couple of days, it hasn`t detected anything.
    I`d doubt very much that i would of been infected anyway, It shouldn`t get through the firewall and my my Widows machine is fully up to date with the patches.
    I was wondering more along the lines of wether these logs were a by product of machines that have been infected trying to connect to my IP address.

  7. #7
    Hmm, could be...I'm sure you've done all the usual spyware scans as well, right?

  8. #8
    Hmm, could be...I'm sure you've done all the usual spyware scans as well, right?

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885

    Re: Possible Sasser activity?

    Originally posted here by homenet
    In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
    I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
    Has anyone else experienced this?

    Yes, this is the worm scanning for new hosts to infect.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885

    Re: Possible Sasser activity?

    Originally posted here by homenet
    In the last day or so i have seen a lot of logs stating "ICMP PING NMAP" in my IDS records on my Smoothwall box.
    I am just wondering if this is possibly caused by the Sasser worm? I havn`t seen it before and it just seems strange that its suddenly started popping up in my records at the same time as this worm starts to take off.
    Has anyone else experienced this?

    Yes, this is the worm scanning for new hosts to infect.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •