[nsp-sec] Bracing For Impact... MS08-067
Nicholas Ianelli
ni at cert.org
Fri Oct 24 15:09:11 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris/Peter - can either of you shed any light on the following host:
64.233.189.147
John, from the malware I am looking at, I'm only seeing ICMP attempts.
Nick
John Fraizer wrote:
> Watching flows, I've got some TCP/443, TCP/80 traffic on our net to
> 64.233.189.147. I don't know that I've got any infected constituents at
> this time but, I was wondering if any other folks are seeing TCP/443
> and/or TCP/80 traffic in addition to your ICMP? I have no detected ICMP
> thus far but that could be sample related.
>
> John
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkkCHVcACgkQi10dJIBjZIDdTgCg5amR1Ia+o9MFVM8jY0nSrq6J
YOsAn0np3PWZeK1EATUzbHICSGq34z9x
=4TI+
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list