[Snort-users] Suspicious DNS query, et al.
Meij Ewout EC CH
ewout.meij at ...680...
Wed Apr 4 05:00:36 EDT 2001
> Ports attacked have been 53 ( DNS ), 111 ( rpcbind ), 515 ( line
> printer ), 21 ( FTP ), and 3879 ( ??? ). The source machines appear
> to have been located in Korea, China, Japan, the Phillippines, Hong
> Kong, and Australia. In this country, Arizona State University
> appears to have been a source.
Smells like Adore Worm, see sans:
More information about the Snort-users