Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Backdoors left behind by worms; DHCP connection SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Backdoors left behind by worms; DHCP connection
Backdoors left behind by worms

With the increase of worms opening backdoor on infected systems, scanning on port 80, 135, 445, 1080, 3127, 3128 and 10080 remains high. In particular, this could be due to Welchia and Mydoom worms. The latest Beagle worm opens a backdoor on port 2745.

DHCP connection

A gentle reminder that when you have a DHCP address from your ISP, you will likely receive garbage destined to the previous owner for up to several hours after you connect. This is because of P2P and other applications unaware that the IP was dynamically assigned.
Kevin

32 Posts

Sign Up for Free or Log In to start participating in the conversation!