[nsp-sec] FW: Conficker.C ports from IP
Smith, Donald
Donald.Smith at qwest.com
Thu Apr 2 12:17:19 EDT 2009
I have permission to share these two tools the nsp sec list.
Conficker.c is a silk plug-in that identified p2p
ports based on ip and time and simplifies finding conficker.c
p2p comms in netflow. I haven't used it as we don't use silk here.
Get_ports.py is a python script again it uses time, ips and
generates the p2p ports for conficker.c.
I have permission to share this with nsp-sec but this clearly
needs to be treated as highly confidential do NOT share outside this community.
Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com gcia
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: conficker.c
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090402/d7060425/attachment-0001.c>
More information about the nsp-security
mailing list