Re: Sortta OT: How do I see "Win32.Worm.Allaple.Gen" traffic…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: James Finstrom
Date:  
To: Main PLUG discussion list
Subject: Re: Sortta OT: How do I see "Win32.Worm.Allaple.Gen" traffic in my Linux firewall?
Looks like it does a tcp scan on 139 and 445

On 5/19/10, <> wrote:
> Hello World:
> Long story short:
> I got an "official" notification that a computer behind my Linux firewall
> has the "Win32.Worm.Allaple.Gen" virus.
>
> I have some 150 puters NAT(ed) behind that firewall and no access whatsoever
> to any of them.
>
> Question is:
> What can I do at the Firewall level to identify the virus' traffic so I can
> harvest the puter's IP address...
> Thanks!
> ET
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


--
Sent from my mobile device

James Finstrom
Rhino Equipment Corp.
http://rhinoequipment.com ~ http://postug.com
Phone: 1-877-RHINO-T1 ~ FAX: +1 (480) 961-1826
Twitter: http://twitter.com/rhinoequipment
IP:
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss