Ethereal-users: RE: [Ethereal-users] identifying bugbear & sobig attacks (how?)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: J T <JT@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Sep 2003 09:36:02 -0400
Title: CHANGE TO DOC TITLE

Both of these viruses use their own SMTP engine to propagate copies of themselves. Tracing your network for machines that are sending large quantities of SMTP traffic (TCP port 25) should help pinpoint which machines are infected.

 

JeffT

 

-----Original Message-----
From: Mike Kelley [mailto:MikeK@xxxxxxxxx]
Sent: Thursday, September 11, 2003 11:36 AM
To: 'ethereal-users@xxxxxxxxxxxx'
Subject: [Ethereal-users] identifying bugbear & sobig attacks (how?)

 

My ultimate goal in bringing up a linux box and using ethereal is to discover which box on my lan is sending the bugbear virus and which has sobig.

 

Any pointers, footprints, RTFM's ?????

 

Mike