Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Backdoors left behind by worms; DHCP connection - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Backdoors left behind by worms; DHCP connection
Backdoors left behind by worms

With the increase of worms opening backdoor on infected systems, scanning on port 80, 135, 445, 1080, 3127, 3128 and 10080 remains high. In particular, this could be due to Welchia and Mydoom worms. The latest Beagle worm opens a backdoor on port 2745.

DHCP connection

A gentle reminder that when you have a DHCP address from your ISP, you will likely receive garbage destined to the previous owner for up to several hours after you connect. This is because of P2P and other applications unaware that the IP was dynamically assigned.

32 Posts
Feb 28th 2004

Sign Up for Free or Log In to start participating in the conversation!