Today I purchased the Hacker Techniques, Exploits & Incident Handling track from SANS so that I can obtain my GIAC Certified Incident Handler (GCIH) designation.
I’m very excited about this track as I get to:
The width of the line represents the number of packets sent between the two countries:
1 pixel: < 10 2 pixel: < 100 3 pixel: < 1000 4 pixel: < 10000 Note that at this time, there is no 'direction' indicated. The arcs are just connecting source and destination. Any motion is created by your viewer. Assume that countries from which a lot of lines originate are the country of the destination submitting the reports. The color indicates the packet type based on the following classification: Blue: Not categorized. Red: Well known services (Ports 80,53,25,22 ...). Yellow: Windows related traffic (Port 135,137,139... ). Green: P2P Traffic/Afterglow (Port 6881,6346,4672... ).
Well I heard from two customers today that are currently experiencing the effects of the MS06-040 worm. They’ve noticed quite a lot of traffic on port 445 and external connection attempt using IRC. For a full writeup please see the following link: MS06-040: BOLO — Be On the LookOut (NEW)