Windump Filter for Novarg/ MyDoom Virus Question...

J

Jeffrey Baublitz

I was wondering if someone out there with knowledge about windump can
recommend a filter for finding computers that are trying to send the
email, or do the DoS against www.sco.com on my network. I would like
to track down the infected computers and fix them.

Thanks for any help...

Jeff
 
Y

Yen

Jeffrey Baublitz said:
I was wondering if someone out there with knowledge about windump can
recommend a filter for finding computers that are trying to send the
email, or do the DoS against www.sco.com on my network. I would like
to track down the infected computers and fix them.

Thanks for any help...

Jeff
Click to expand...

Port scan your network for listeners on tcp ports 3127 through 3198.
Infected systems will be running a listener.

Disclaimer: Get permission if you need to before you port scan the network.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MyDoom Virus Hitting the Internet Hard 21
New Virus - Doomjuice - Alert from F-Secure 7
2 specific questions on Novarg 15
Procmail recipe for W32/Mydoom / Novarg / Mimail.R ? 7
MyDoom Backdoor Useage 2
How does MyDoom get into _restore\temp without running? 7
Outlook vs MyDoom 1
Mydoom worm and Macs 21

Top