[Nottingham] CyberKit
Steve Bridges
steve.bridges at hosteurope.com
Thu Sep 25 10:18:48 BST 2003
Yep, it's those nasty worms trying to say hello.
It's a variant of MS/Blaster - most suggestions I've seen say it's the supposed white-hat variant which tries to remove the blaster worm but causes even more network problems in trying to do so.
I'm getting about 1000 ping hits per day, and just over 2000 hits on RPC ports from blaster. Damned annoying. It seems to be slowing my ADSL connection down noticeably.
I think CyberKit is a Windows ping / traceroute / whois gui tool. Snort is mis-identifying it as that (maybe 'cos it can't figure out what it is exactly so it calls it that by default).
There was a bit of a discussion about this sort of thing a week or so ago.
Steve
> -----Original Message-----
> From: Colin Saxton [mailto:colin.saxton at ntlworld.com]
> Sent: 25 September 2003 10:14
> To: nottingham at mailman.lug.org.uk
> Subject: [Nottingham] CyberKit
>
>
> I am being hammered by the following server
> *
>
> 81.108.3.246
> *
> with Pings from CyberKit...I think that it may be a worm
> trying to creep
> through the system. Have you any idea what is going on? My
> snort log is
> filling up like crazy!!
>
>
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/nottingham
>
More information about the Nottingham
mailing list