On Monday, August 25, 2003, at 08:40 am, Ian Douglas wrote:
On Sunday, August 24, 2003 11:34 PM, Laurie Brown wrote:
fw root # grep -c DPT=445 /var/log/firewall 117199 fw root # grep -c DPT=135 /var/log/firewall 65082
I think it's the Blaster worm.
Aha! That explains it. Thanks for putting my mind at rest!
Yep, this is one of a number of worms out there at the moment exploiting a bug in the MS RPC daemon. The really bizarre thing is that the Natchi worm, which seems to be the latest one to come out actually tries to clean up after the old ones, then tries to fix the exploit, and then commits suicide (although not until 2004). Benevolent worms. Whatever next. Doesn't stop them being illegal, or chewing through bandwidth like it's going out of fashion, but there we go...
Paul