[Snort-users] Know Your Enemy: Worms at War

Lance Spitzner lance at ...185...
Wed Nov 8 09:24:30 EST 2000


Recently I posted here about needing help analyzing snort
traces of a Win98 compromise, this is the result.  Another 
publication of the Know Your Enemy series.

"This paper was born out of pure curiosity. Our Honeynet was
being pounded with UDP port 137 and TCP port 139 scans.  The
network was getting scanned 5-10 times a day on these ports,
something was up.  The goal was to learn what these scans were
all about.  What was out in the Internet causing all of this
activity?  Based on the ports, we assumed that the scans were
looking for Window's based vulnerabilities.  The plan was to setup
a Win98 honeypot, sit back and wait.  We didn't have to wait long."

A product of the Honeynet Project.  Additionaly, H Carvey and
Ryan Russell greatly contributed to the analysis of the attack.

Know Your Enemy: Worms at War
http://www.enteract.com/~lspitz/worm.html

Thanks!

-- 
Lance Spitzner
http://www.enteract.com/~lspitz




More information about the Snort-users mailing list