08-18-2003 11:57 AM - edited 03-09-2019 04:27 AM
Any new information/custom string for this latest worm??
08-18-2003 01:19 PM
The new Nachi worm uses the same vulnerability as the MSBlaster worm. Signature 3327 detects both attacks, it was written to detect the vulnerability not the specific worm.
09-04-2003 08:35 AM
Hi,
Im seeing the 3327, and 3328, and 2100s etc...but im NOT seeing the WebDAV exploit triggered by NACHI worm and I know its happening cause I correleate the 2100's and 3327/8 sigs to the same destination IPs(some internet respsonse due to increased Port80 scanning.
Is anyone else picking up the NachiaWorm port 80 SYN (WEbDAV exploit) activity with a Cisco Sig (5364 or 5365)???
thx
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: