Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

W32/Welchia Worm/Nachi Worm

Any new information/custom string for this latest worm??

2 REPLIES
Community Member

Re: W32/Welchia Worm/Nachi Worm

The new Nachi worm uses the same vulnerability as the MSBlaster worm. Signature 3327 detects both attacks, it was written to detect the vulnerability not the specific worm.

Community Member

Re: W32/Welchia Worm/Nachi Worm

Hi,

Im seeing the 3327, and 3328, and 2100s etc...but im NOT seeing the WebDAV exploit triggered by NACHI worm and I know its happening cause I correleate the 2100's and 3327/8 sigs to the same destination IPs(some internet respsonse due to increased Port80 scanning.

Is anyone else picking up the NachiaWorm port 80 SYN (WEbDAV exploit) activity with a Cisco Sig (5364 or 5365)???

thx

122
Views
0
Helpful
2
Replies
CreatePlease to create content