On 5/19/10 5:44 PM, kitepilot@kitepilot.com wrote:
> Hello World:
> Long story short:
> I got an "official" notification that a computer behind my Linux 
> firewall has the "Win32.Worm.Allaple.Gen" virus.
> I have some 150 puters NAT(ed) behind that firewall and no access 
> whatsoever to any of them.
> Question is:
> What can I do at the Firewall level to identify the virus' traffic so 
> I can harvest the puter's IP address...
> Thanks!
> ET
from 
http://www.threatexpert.com/report.aspx?md5=732f8e67310a1de1c945948bda2512eb
***********
Summary of the findings:
What's been found:
A network-aware worm that uses known exploit(s) in order to replicate 
across vulnerable networks.
MS04-012: DCOM RPC Overflow exploit - replication across TCP 
135/139/445/593 (common for Blaster, Welchia, Spybot, Randex, other IRC 
Bots).
Contains characteristics of an identified security risk.
***********
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss