Windump Filter for Novarg/ MyDoom Virus Question...

  • Thread starter Thread starter Jeffrey Baublitz
  • Start date Start date
J

Jeffrey Baublitz

I was wondering if someone out there with knowledge about windump can
recommend a filter for finding computers that are trying to send the
email, or do the DoS against www.sco.com on my network. I would like
to track down the infected computers and fix them.

Thanks for any help...

Jeff
 
Jeffrey Baublitz said:
I was wondering if someone out there with knowledge about windump can
recommend a filter for finding computers that are trying to send the
email, or do the DoS against www.sco.com on my network. I would like
to track down the infected computers and fix them.

Thanks for any help...

Jeff
Click to expand...

Port scan your network for listeners on tcp ports 3127 through 3198.
Infected systems will be running a listener.

Disclaimer: Get permission if you need to before you port scan the network.
 
Back
Top