Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
2
Replies

W32/Welchia Worm/Nachi Worm

ljones
Level 1
Level 1

‎08-18-2003 11:57 AM - edited ‎03-09-2019 04:27 AM

Any new information/custom string for this latest worm??

Labels:
0 Helpful
2 Replies 2

anthall
Level 1
Level 1

‎08-18-2003 01:19 PM

The new Nachi worm uses the same vulnerability as the MSBlaster worm. Signature 3327 detects both attacks, it was written to detect the vulnerability not the specific worm.

0 Helpful

seth.leone
Level 1
Level 1
In response to anthall

‎09-04-2003 08:35 AM

Hi,

Im seeing the 3327, and 3328, and 2100s etc...but im NOT seeing the WebDAV exploit triggered by NACHI worm and I know its happening cause I correleate the 2100's and 3327/8 sigs to the same destination IPs(some internet respsonse due to increased Port80 scanning.

Is anyone else picking up the NachiaWorm port 80 SYN (WEbDAV exploit) activity with a Cisco Sig (5364 or 5365)???

thx

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents