Jaime Blasco Blog
April 1st, Conficker day
Tue, 31 Mar 2009

Tomorrow Conficker will activate a P2P system to coordinate to other infected machines over TCP and UDP, we've published a directive to detect the P2P behaviour.

Donwload Directive

posted at: 14:55 | path: /Ossim | permanent link to this entry | 2 comments |



* Posted by The Other Pinocho at Tue Mar 31 15:14:48 2009
Something miss, tomorrow "maybe" Conficker will talk. Over TCP and UDP, you said. But why the directive only match UDP protocol. Is there a answer? Or you forgot TCP protocol?
* Posted by Jaime Blasco at Tue Mar 31 16:11:06 2009
I said over TCP and UDP but the UDP traffic is to scan other peers, the directive match UDP protocol because the directive levels name are "Peer Scanning" so it detects peer scanning behaviour. TCP traffic have different behaviour.

Regards

Name:


E-mail:


URL:


Comment:


 Categories

/ (34)
    Attacks/ (2)
    Exploits/ (1)
    General/ (3)
    Lua/ (1)
    Malware/ (3)
    Nessus/ (6)
        cisco/ (1)
        plugins/ (3)
    Ossim/ (9)
    Scada Security/ (2)
    Security Visualization/ (6)
        Malware/ (2)
    Vulnerability Management/ (1)


Jaime Blasco
(feel free to get in touch)
  • Mail
  • Linkedin
  • Twitter
  • Linkedin
  • Forums

Friend's blogs:
  • /blog/dk
  • /blog/juanma
  • /blog/santiago
  • /blog/pablo/



RSS



Lecture...




< March 2009 >
MoTuWeThFrSaSu
       1
2 3 4 5 6 7 8
9101112131415
16171819202122
23242526272829
3031     



Archives

2010-Aug
2010-Jul
2010-Mar
2010-Jan
2009-Dec
2009-Oct
2009-Sep
2009-Jul
2009-Jun
2009-Apr
2009-Mar
2009-Feb
2009-Jan
2008-Oct
2008-Aug



Tags


Made with PyBlosxom