RE: Detecting BlasterAug 15 2003 05:48PM David A Cavalieri (David Cavalieri Colorado EDU)
Using NetFlow data, instead of watching all of your traffic to tcp/135
(which can be a great deal, depending the size of your organization),
you can watch for single packets; destination tcp/135 with a size of 48
bytes. You can also look for destination UDP/69 (TFTP) packets.
Monitoring traffic on ...
(which can be a great deal, depending the size of your organization),
you can watch for single packets; destination tcp/135 with a size of 48
bytes. You can also look for destination UDP/69 (TFTP) packets.
Monitoring traffic on ...
[ more ]