12 Aug
Worms, Worms, Everywhere
It looks like W32/Blaster is making its rounds. For interests sakes, I’ve started collecting connection attempts to port 135 and 445:
Not sure if the flatline last night was because I lost data when I changed the collection program, or if there was just no attempts (doubtful)
Also updated the extended entry to show a pie chart comparing the sources of infections…
This graph shows the source of the attack, based on the /8 the host comes from. Note a lot of 24/8 hosts, mostly cable modems.
Here’s a shot of activity on the ‘net caused by this worm from http://isc.sans.org/. It looks like it’s picking up a lot of momentum today…
http://isc.sans.org/images/port135percent.png
August 12th, 2003 at 9:54 amWhat tool(s) did you use for collection?
August 12th, 2003 at 11:48 pmSome perl scripts I wrote… One is a daemon that listens for the connections, and logs them. The other two read the logfile and generate the respective graphs (using GD::Graph).
Sean
August 13th, 2003 at 6:48 am