Ethereal-users: Re: [Ethereal-users] ARP-Protokoll

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 12 Oct 2004 00:29:23 -0700
BROWN, JAMES C wrote:
Hi everyone!  Just an FYI on a new worm.

There is a new worm variant out there which is beginning to be picked up by
the press.  We got hit last week by one called spybot (but NOT related to
the program) which also uses port 445.  We were the first to call it into
NAV who very promptly published a fix.  I'm sure other AV vendors will also
follow suit.  In all our cases the "bot" was trying to scan addresses in the
149.8.x.x and 149.7.x.x ranges and also used port 445.

Should we have some troubleshooting pages on the Wiki that, for example,
describe particular symptoms such as ARP floods, and common causes?  We
might have a link from pages for particular protocols on the Wiki to
pages for symptoms related to those protocols.  We could also have a
top-level troubleshooting page link to them as well.