[lug] how to track forged packets in a virus spoof
D. Stimits
stimits at comcast.net
Thu Aug 21 15:00:52 MDT 2003
I'm running into a case of this new sobig.f virus not only forging
headers, but also forging the dotted decimal IP address. I verified this
with a DoD facility responsible for the dotted decimal IP address of
origination that is showing up on all these virus notices that occur
when virus scanners send out reject notices. After talking to their guy
there I am convinced this virus is going well beyond normal means, that
actual packet mucking has gone on here to disguise its origins. Is there
any way to track something that is both header forged and packet forged?
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list