Wireshark · Ethereal-users: Re: [Ethereal-users] microsoft-ds [SYN] frames flooding my system

Ethereal-users: Re: [Ethereal-users] microsoft-ds [SYN] frames flooding my system

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jonathan Sanders <jonathan@xxxxxxxxxxxxx>

Date: Wed, 22 Dec 2004 08:44:54 -0600

See this all the time here at the ISP where I work...

Most the time it's a Sasser variant trying to initiate outboundconnections. Or Blaster maybe. If I remember right it's trying to make aconnection to a server to download a backdoor to install opening up aport on your box to the outside world. Then again, all depends on thevirus. For sure virus traffic though...


Jonathan


Harrison, Bruce wrote:

I use Ethereal on my Linux routers.  At one location, we are flooded, from several users, with microsoft-ds [SYN] frames going to numerous ipaddresses outside our systems.  Most of the outside addresses are black holes (192.168.128.214, etc).

I think it is part of the Fizzer Worm Virus associated with AOL IM and IRC, but am not sure.

Can anyone shed light on what this microsoft-ds [SYN] is and where I can go to find more information?

Thanks,
Bruce Harrison

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

References:
- [Ethereal-users] microsoft-ds [SYN] frames flooding my system
  - From: Harrison, Bruce

Prev by Date: RE: [Ethereal-users] Query
Next by Date: RE: [Ethereal-users] Query
Previous by thread: Re: [Ethereal-users] microsoft-ds [SYN] frames flooding my system
Next by thread: [Ethereal-users] quick question
Index(es):
- Date
- Thread