[frgeek-michiana] Fwd: Find mydoom easily!

• From: Tom Brown <tbrown@xxxxxxxxxxxx>
• To: FreeGeek Michiana <frgeek-michiana@xxxxxxxxxxxxx>
• Date: Tue, 27 Jan 2004 17:34:35 -0500

This may come in handy.

Tom

Subject: Find mydoom easily! Was: [K12OSN] Server Report
From: Quentin Hartman <qhartman@xxxxxxxxxxxxxx>
To: k12osn@xxxxxxxxxx
X-Mailer: Ximian Evolution 1.4.5
X-RAVMilter-Version: 8.3.1(snapshot 20020109) (bessie.lane.k12.or.us)
X-Spam-Score: -122.1, Required: 5
X-Scanned-By: MIMEDefang 2.30 (www . roaringpenguin . com / mimedefang)
X-Loop: k12osn@xxxxxxxxxx
Sender: k12osn-admin@xxxxxxxxxx
X-BeenThere: k12osn@xxxxxxxxxx
X-Mailman-Version: 2.0.13
Reply-To: k12osn@xxxxxxxxxx
List-Help: <mailto:k12osn-request@xxxxxxxxxx?subject=help>
List-Post: <mailto:k12osn@xxxxxxxxxx>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/k12osn>,
<mailto:k12osn-request@xxxxxxxxxx?subject=subscribe>
List-Id: A technical support and discussion community for users of the K12OS Linux distribution. <k12osn.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/k12osn>,
<mailto:k12osn-request@xxxxxxxxxx?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/k12osn/>
X-Original-Date: Tue, 27 Jan 2004 09:30:31 -0800
Date: Tue, 27 Jan 2004 09:30:31 -0800
X-Spam-Status: No, hits=-3.4 required=5.0
tests=IN_REP_TO,REFERENCES,USER_AGENT_XIMIAN,X_LOOP
autolearn=ham version=2.55
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

Just a quick tip for you guys that have Windows machines to worry about
on your network that might be infected with this new worm. The
one-liner:
"nmap -v -p 3127-3198 192.168.0-128.* -oG nmap.txt > /dev/null && cat
nmap.txt | grep open"

will scan for and identify the IP's of any infected machines for you, if
you replace your network information for the dummy information in the
example above. I've been running this on my network every couple of
hours. So far only one infected host! yay! Oh, and it will also hit on
any squid boxes you have running as well since squid defaults to
listening on port 3128. Since we are only scanning a few ports it's fast
too, takes about 90 seconds to scan all my networks, which consist of 6
class C subnets. Hope someone finds this useful!

--
   -Regards-

-Quentin Hartman-

Academic Computing and Networking Services Coordinator
Fern Ridge School District 28J
Elmira, OR
Office: 541-935-2253 x429
Cell: 541-914-2989
qhartman@xxxxxxxxxxxxxx
www.fernridge.k12.or.us

_______________________________________________
K12OSN mailing list
K12OSN@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

To post to the list send email to <frgeek-michiana@xxxxxxxxxxxxxx>

You may unsubscribe or change your list settings by going to the list website at <//www.freelists.org/webpage/frgeek-michiana>

• Follow-Ups:
  • [frgeek-michiana] Re: Fwd: Find mydoom easily!
    • From: mike neuliep

Other related posts:

• » [frgeek-michiana] Fwd: Find mydoom easily!
• » [frgeek-michiana] Re: Fwd: Find mydoom easily!

1. Home
2. frgeek-michiana
3. Archive
4. 01-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---