Hi, all. I has confirmed that the Bropia worm( ) is currently circulating on the Internet. and has verified that ISS Proventia G200 is detecting (or prevent) this worm with MSMessenger_FileXfer.
■ Signature Configuration - XPU 22.15 -> Security Events -> Audits -> MSMessenger_FileXfer Event Propagation : Source IP, Flood Protection ■ Note 'Source IP' is NOT Compromised host But 'Packet SourceAddress' is Compromised host. ■ Detail Log Event Number : 1 Date/Time : 2005-02-03 10:37:13 GMT+09:00 Tag Name : MSMessenger_FileXfer Alert Name : MSMessenger_FileXfer Severity : Low Tag Brief Description : Observance Type : Intrusion Detection Combined Event Count : 1 Cleared Flag : No Target DNS Name : Target IP Address : 207.46.108.60 Target Object Name : 1863 Target Object Type : Target Port Target Service : Source DNS Name : Source IP Address : 111.111.111.111 SourcePort Name : 1247 Sensor DNS Name : Sensor IP Address : xxx.xxx.xxx.xxx Sensor Name : rs_xxxxxx Attribute Value Pairs for Event Number : 1 Attribute Name : :Filename Attribute Value : ROFL.pif Attribute Name : :From Attribute Value :[EMAIL PROTECTED] Attribute Name : :From-Name Attribute Value : [SY]???%20??~!!! Attribute Name : :intruder-ip-addr Attribute Value : 111.111.111.111 Attribute Name : :intruder-port Attribute Value : 1247 Attribute Name : :victim-ip-addr Attribute Value : 207.46.108.60 Attribute Name : :victim-port Attribute Value : 1863 Attribute Name : algorithm-id Attribute Value : 3104008 Attribute Name : Packet DestinationAddress Attribute Value : 111.111.111.111 Attribute Name : Packet DestinationPort Attribute Value : 1247 Attribute Name : Packet SourceAddress Attribute Value : 207.46.108.60 Attribute Name : Packet SourcePort Attribute Value : 1863 Thanks. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
