Tag: Worm
Tracking Worms with StealthWatch
While worms seem to be less prevalent than they were in the past, we do still see them appear now and then. Over the past few months we’ve seen Morto over RDP 3389/tcp and Duqu over SMB 445/tcp rear their heads. Luckily we can use flow data to identify these types of hosts within the network. With Morto, we can simply look for scanning over the RDP port. Ideally you’ll have some Dark IP subnets/ranges within your network making this a little easier if you don’t currently use Lancope’s StealthWatch. Finding incomplete sessions to these IP ranges becomes a red… READ MORECATEGORIES NetFlow, Network Security, Network Visibility, StealthWatch
TAGS stealthwatch, netflow, security, worm
TAGS stealthwatch, netflow, security, worm
