RE: Abnormally high Sub-Seven attack rate increase

From: H C (keydet89@yahoo.com)
Date: 01/03/03

  • Next message: Matthew Cole: "RE: Mysterious "Support" account created on Win2k server"
    Date: Thu, 2 Jan 2003 17:17:12 -0800 (PST)
    From: H C <keydet89@yahoo.com>
    To: James C Slora Jr <Jim.Slora@phra.com>, 'Eric Kimminau' <root@kimminau.org>, incidents@securityfocus.com
    
    

    Eric,

    How did 'probes' from your post become 'attacks' in
    the subject line?
    --- James C Slora Jr <Jim.Slora@phra.com> wrote:
    > Eric Kimminau wrote Tuesday, December 31, 2002 12:10
    > AM
    >
    > > Is it just me or has the number of Sub-Seven
    > probes grown
    > > astronomically in the last 7 days? I am seeing on
    > average 25-30
    > > clients per day, each scanning 3 or 4 times each
    > up from only 1 or 2
    > > per day at most for the last several months.
    >
    > DShield does not show an overall increase, but a
    > fair number of people have
    > experienced a huge growth in probes over the past
    > few days. I've gotten
    > several off-list correlations of individual sub7
    > scan increases from my post
    > on the incidents.org intrusions list.
    >
    > It seems to be a network-specific phenomenon.
    >
    > See the "27374 SubSeven Explosion" thread
    >
    http://cert.uni-stuttgart.de/archive/intrusions/2002/12/msg00256.html
    >
    > - Jim
    >
    >
    >
    ----------------------------------------------------------------------------
    > This list is provided by the SecurityFocus ARIS
    > analyzer service.
    > For more information on this free incident handling,
    > management
    > and tracking system please see:
    > http://aris.securityfocus.com
    >

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
    http://mailplus.yahoo.com

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com



    Relevant Pages

    • RE: Unicode worm?
      ... Korea (even 2 nights of a couple of hundred probes from an Asian IT ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
      (Incidents)
    • Re: Nimda Probes Stopped
      ... Subject: Nimda Probes Stopped ... The probe rate is not going up any more - suggesting some degree of ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
      (Incidents)
    • RE: Unusual volume: UDP:137 probes
      ... Subject: Unusual volume: UDP:137 probes ... Seeing the same thing here on Adelphia.net cable modem network: ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ...
      (Incidents)
    • Re: Port 6588 Probes from SA
      ... Yeah, a couple of things... ... what about the probes got you upset enough to ... Do You Yahoo!? ...
      (Incidents)
    • Re: Guess the tool...
      ... Get email alerts & NEW webcam video instant messaging with Yahoo! ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ...
      (Incidents)