Hi. Noah L. Meyerhans wrote:
In 3 dias, about 1500 diferent IP address tried to contact my machine at UDP port 2002. Fortunally i have iptables configured.That's interesting. I haven't seen any traffic to udp port 2002 in the past couple of days at all. The worm uses the following code to pick targets at random:
[...]
I find it hard to believe that 1500 different hosts randomly chose your machine, while 0 randomly chose any of mine.
As described in another mail: I can confirm that there was (and still is) a *huge* packet storm against port 2002 on the infected machine that I found. Even after cleaning the machine up (removing .bugtraq and closing the hole) they are bouncing in (or try to, they get smashed at the firewall).
Bye, Mike