 sj |
||
|
||
Tech: Worm detected
|
|
|
|||||||
|
Tech: Worm detected |
Share Thread
|
||||||
|
Subject: Tech: Worm detected From: John MacKenzie Date: 06 Jan 05 - 12:05 PM My Virus Programme detected a worm and gave me the following info. Site 127.0.0.1, Port 1042, Address 213.122.110.187, UDP. Don't know what any of it means, and all I can find out is that every computer seems to think it is 127.0.0.1. I was curious to try tracing the source of this attack, how can I do it? Giok |
|
Subject: RE: Tech: Worm detected From: JohnInKansas Date: 06 Jan 05 - 01:10 PM Go to Symantec Security Check and click on the "Trace an Attack" link. There should be enough info there to get you started. Not generally recommended that those of us who have to read the instructions mess with trying to trace them. Better to check on how to report it to the experts and let them do the hard stuff. John |
|
Subject: RE: Tech: Worm detected From: Dave Wynn Date: 06 Jan 05 - 07:19 PM 127.0.0.1 is some kind of catch all IP address I think. It occurs all over the place. It appears to be a local loopback address according to the great gods IBM and Microdaft. |
|
Subject: RE: Tech: Worm detected From: GUEST,Sigurd Date: 06 Jan 05 - 07:35 PM 127.0.0.1 is the Unix and BSD "loopback" device. Basically its a machine's own address for itself. Microsoft adapted the BSD network stack when it added the internet onto windows. 213.122.110.187 is registerred to: OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL ReferralServer: whois://whois.ripe.net:43 NetRange: 213.0.0.0 - 213.255.255.255 CIDR: 213.0.0.0/8 NetName: RIPE-213 NetHandle: NET-213-0-0-0-1 Parent: NetType: Allocated to RIPE NCC NameServer: NS-PRI.RIPE.NET NameServer: NS3.NIC.FR NameServer: SUNIC.SUNET.SE NameServer: AUTH00.NS.UU.NET NameServer: SEC1.APNIC.NET NameServer: SEC3.APNIC.NET NameServer: TINNIE.ARIN.NET Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois RegDate: Updated: 2004-03-16 |
|
Subject: RE: Tech: Worm detected From: GUEST,Jon Date: 06 Jan 05 - 07:35 PM 127.0.0.1 is the host itself, localhost if you like. |
|
Subject: RE: Tech: Worm detected From: The Fooles Troupe Date: 06 Jan 05 - 07:38 PM UDP is the Universal Data Protocol level of the Data Transfer protocol used in Ethernet - now used for most internet traffic. |
|
Subject: RE: Tech: Worm detected From: GUEST,Jon Date: 06 Jan 05 - 07:40 PM RIPE handle the European IP addresses: inetnum: 213.122.0.0 - 213.122.255.255 netname: BT-IMSNET descr: BT-IMSNET country: GB admin-c: BS1474-RIPE tech-c: BS1474-RIPE status: ASSIGNED PA remarks: Please send abuse notification to abuse@btinternet.com mnt-by: BTNET-MNT mnt-lower: BTNET-MNT mnt-routes: BTNET-MNT changed: support@bt.net 20000711 changed: preston.dialip@bt.com 20010523 changed: preston.dialip@bt.com 20010628 changed: preston.dialip@bt.com 20020907 source: RIPE |
|
Subject: RE: Tech: Worm detected From: GUEST,Jon Date: 06 Jan 05 - 07:44 PM Thinking about it, the "outside world" IP address we were given may have been Giok's own IP address for his Internet connection. |
|
Subject: RE: Tech: Worm detected From: John MacKenzie Date: 07 Jan 05 - 12:09 PM First two groups are the same as mine but the next two are different with one of them having only two digits not three. Giok |
|
Subject: RE: Tech: Worm detected From: McGrath of Harlow Date: 07 Jan 05 - 12:52 PM The worms crawl in and the worms crawl out They crawl in thin and they crawl out stout Your eyes fall in and your teeth fall out Your brains come tumbling down your snout Be merry my friends Be merry... |
| Share Thread: |