Log in

No account? Create an account

I found a worm! - Journal of Omnifarious

Dec. 18th, 2002

08:30 pm - I found a worm!

Previous Entry Share Next Entry

I'm so proud of myself.

I completely redid the two most important computers on my network, my firewall and the main server box. When I redid my firewall, I was much more careful about how I structured the filtering rules. Since I was more careful, I was able to cordon off some anomolous behavior as being indicative of an attack, so I arranged to log incoming packets that looked like they might be part of an attack.

As soon as I got the ruleset all squared away and reconnected to the Internet, I started seeing the logging rules activated. Over the next few hours, I logged several things that looked like people probing my network in preparation for an attack, and these attempts followed some patterns. This worried me, so I sent the logs to Visi, my ISP, and asked them if it was a new worm, or just some tool commonly used by script kiddies that left a distinctive signature.

They did some research (which I wouldn't have had time to do), and discovered that I had noticed Iraqiworm just as it had started stampeding across the Internet, infecting poorly configured Windows XP and Windows 2000 computers.

So, I didn't actually figure out which worm it was, but I did notice that it looked like a worm. I must say that the fine folks at Visi are wonderful and helpful people.

Current Mood: [mood icon] accomplished
Current Music: Doves - Words


Date:December 18th, 2002 07:12 pm (UTC)
(Reply) (Thread)
[User Picture]
Date:December 18th, 2002 07:55 pm (UTC)

Re: Have you tried this?


That's what the firewall is for. Those little packets are like the worms sensors that can sense vibration, and my firewall dropping them is walking without rhythm. :-)

(Reply) (Parent) (Thread)