Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Solaris worm? - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Solaris worm?
We have received a report today from our friend Jose over at Arbor, pointing us to this article

Looks like a netrange over in France is scanning around for port 23.  Read the article for further details about the "worm".

We checked our data here at the Storm Center and it appears we have similar traffic from the same net ranges. 

High number of targets, but low number of sources also reflects that.  Check it out

Joel Esler

Update (Arrigo): as of 13:00 UTC the sources number 102 which is still rather low, one hopes that there aren't that many publicly reachable Solaris systems running telnet.

454 Posts
Feb 28th 2007

Sign Up for Free or Log In to start participating in the conversation!