Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Backdoors left behind by worms; DHCP connection

Published: 2004-02-28
Last Updated: 2004-02-28 19:19:43 UTC
by Kevin Hong (Version: 1)
0 comment(s)
Backdoors left behind by worms

With the increase of worms opening backdoor on infected systems, scanning on port 80, 135, 445, 1080, 3127, 3128 and 10080 remains high. In particular, this could be due to Welchia and Mydoom worms. The latest Beagle worm opens a backdoor on port 2745.

DHCP connection

A gentle reminder that when you have a DHCP address from your ISP, you will likely receive garbage destined to the previous owner for up to several hours after you connect. This is because of P2P and other applications unaware that the IP was dynamically assigned.
0 comment(s)
Diary Archives