Know Your Enemy: Worms at War

[Lance Spitzner <lance () SPITZNER NET>]

A publication of the Know Your Enemy series.

"This paper was born out of pure curiosity. Our Honeynet was
being pounded with UDP port 137 and TCP port 139 scans.  The
network was getting scanned 5-10 times a day on these ports,
something was up.  The goal was to learn what these scans were
all about.  What was out in the Internet causing all of this
activity?  Based on the ports, we assumed that the scans were
looking for Window's based vulnerabilities.  The plan was to setup
a Win98 honeypot, sit back and wait.  We didn't have to wait long."

A product of the Honeynet Project.  Additionaly, H Carvey and
Ryan Russell greatly contributed to the analysis of the attack.

Know Your Enemy: Worms at War
http://www.enteract.com/~lspitz/worm.html

Thanks!

--
Lance Spitzner
http://www.enteract.com/~lspitz