RE: [Full-Disclosure] Sobig has a surprise...

Sat, 23 Aug 2003 16:57:12 +0000

--On Saturday, August 23, 2003 10:09 AM -0500 Ron DuFresne <[EMAIL PROTECTED]> wrote: 

Nick FitzGerald's reply to "Compton, Rich" <[EMAIL PROTECTED]>,
Subject: Re: [Full-Disclosure] Anybody know what Sobig.F has downloaded?,
was excellent, and very informative for a large skillbase, and yet the two
postings by Jerry Heidtke <[EMAIL PROTECTED]>, Subject: RE:
[Full-Disclosure] Sobig has a surprise..., leave in doubt the issue if
this is the end of the sobig.f issue, I saw nothing posted so far to
indicate that all the systems those infected were to grab code/additional
address info, had been intercepted.

Anyone have more details to the other addresses?

{{{sigh}}} They've been posted here more than once. They're on the Sophos website.

But here they are again, taken from my logs, so these are verified IPs that Sobig.f was contacting on 8998/UDP:

/var/log/snort/special/12.158.102.205/UDP:8998-1228
/var/log/snort/special/12.232.104.221/UDP:8998-1228
/var/log/snort/special/218.147.164.29/UDP:8998-1228
/var/log/snort/special/24.197.143.132/UDP:8998-1228
/var/log/snort/special/24.202.91.43/UDP:8998-1228
/var/log/snort/special/24.206.75.137/UDP:8998-1228
/var/log/snort/special/24.210.182.156/UDP:8998-1228
/var/log/snort/special/24.33.66.38/UDP:8998-1228
/var/log/snort/special/61.38.187.59/UDP:8998-1228
/var/log/snort/special/63.250.82.87/UDP:8998-1228
/var/log/snort/special/65.177.240.194/UDP:8998-1228
/var/log/snort/special/65.92.186.145/UDP:8998-1228
/var/log/snort/special/65.92.80.218/UDP:8998-1228
/var/log/snort/special/65.93.81.59/UDP:8998-1228
/var/log/snort/special/65.95.193.138/UDP:8998-1228
/var/log/snort/special/66.131.207.81/UDP:8998-1228
/var/log/snort/special/67.73.21.6/UDP:8998-1228
/var/log/snort/special/67.9.241.67/UDP:8998-1228
/var/log/snort/special/68.38.159.161/UDP:8998-1228
/var/log/snort/special/68.50.208.96/UDP:8998-1228

Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to