RE: Abnormally high Sub-Seven attack rate increase

From: H C (keydet89@yahoo.com)
Date: 01/03/03

Next message: Matthew Cole: "RE: Mysterious "Support" account created on Win2k server"

Previous message: Russell Fulton: "Re: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation"
In reply to: James C Slora Jr: "RE: Abnormally high Sub-Seven attack rate increase"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 2 Jan 2003 17:17:12 -0800 (PST)
From: H C <keydet89@yahoo.com>
To: James C Slora Jr <Jim.Slora@phra.com>, 'Eric Kimminau' <root@kimminau.org>, incidents@securityfocus.com

Eric,

How did 'probes' from your post become 'attacks' in
the subject line?
--- James C Slora Jr <Jim.Slora@phra.com> wrote:
> Eric Kimminau wrote Tuesday, December 31, 2002 12:10
> AM
>
> > Is it just me or has the number of Sub-Seven
> probes grown
> > astronomically in the last 7 days? I am seeing on
> average 25-30
> > clients per day, each scanning 3 or 4 times each
> up from only 1 or 2
> > per day at most for the last several months.
>
> DShield does not show an overall increase, but a
> fair number of people have
> experienced a huge growth in probes over the past
> few days. I've gotten
> several off-list correlations of individual sub7
> scan increases from my post
> on the incidents.org intrusions list.
>
> It seems to be a network-specific phenomenon.
>
> See the "27374 SubSeven Explosion" thread
>
http://cert.uni-stuttgart.de/archive/intrusions/2002/12/msg00256.html
>
> - Jim
>
>
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS
> analyzer service.
> For more information on this free incident handling,
> management
> and tracking system please see:
> http://aris.securityfocus.com
>

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Next message: Matthew Cole: "RE: Mysterious "Support" account created on Win2k server"
Previous message: Russell Fulton: "Re: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation"
In reply to: James C Slora Jr: "RE: Abnormally high Sub-Seven attack rate increase"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Unicode worm?
... Korea (even 2 nights of a couple of hundred probes from an Asian IT ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
(Incidents)
Re: Nimda Probes Stopped
... Subject: Nimda Probes Stopped ... The probe rate is not going up any more - suggesting some degree of ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
(Incidents)
RE: Unusual volume: UDP:137 probes
... Subject: Unusual volume: UDP:137 probes ... Seeing the same thing here on Adelphia.net cable modem network: ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ...
(Incidents)
Re: Port 6588 Probes from SA
... Yeah, a couple of things... ... what about the probes got you upset enough to ... Do You Yahoo!? ...
(Incidents)
Re: Guess the tool...
... Get email alerts & NEW webcam video instant messaging with Yahoo! ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ...
(Incidents)