Windump Filter for Novarg/ MyDoom Virus Question...

  • Thread starter Thread starter Jeffrey Baublitz
  • Start date Start date
J

Jeffrey Baublitz

I was wondering if someone out there with knowledge about windump can
recommend a filter for finding computers that are trying to send the
email, or do the DoS against www.sco.com on my network. I would like
to track down the infected computers and fix them.

Thanks for any help...

Jeff
 
Jeffrey Baublitz said:
I was wondering if someone out there with knowledge about windump can
recommend a filter for finding computers that are trying to send the
email, or do the DoS against www.sco.com on my network. I would like
to track down the infected computers and fix them.

Thanks for any help...

Jeff
Click to expand...

Port scan your network for listeners on tcp ports 3127 through 3198.
Infected systems will be running a listener.

Disclaimer: Get permission if you need to before you port scan the network.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MyDoom Virus Hitting the Internet Hard 21
Procmail recipe for W32/Mydoom / Novarg / Mimail.R ? 7
2 specific questions on Novarg 15
New Virus - Doomjuice - Alert from F-Secure 7
MyDoom Backdoor Useage 2
How does MyDoom get into _restore\temp without running? 7
Does MyDoom Mix'Match To Spoof Email Addresses? 1
Outlook vs MyDoom 1

Back
Top