On Sat, Sep 14, 2002 at 08:00:15PM +0200, Guille -bisho- wrote:
> In 3 dias, about 1500 diferent IP address tried to contact my machine at
> UDP port 2002. Fortunally i have iptables configured.
That's interesting. I haven't seen any traffic to udp port 2002 in the
past couple of days at all. The worm uses the following code to pick
targets at random:
if (d == 255) {
if (c == 255) {
a=classes[rand()%(sizeof classes)];
b=rand();
c=0;
}
else c++;
d=0;
}
I find it hard to believe that 1500 different hosts randomly chose your
machine, while 0 randomly chose any of mine.
noah
--
_______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgplbfHTeYZFH.pgp
Description: PGP signature