RE: Increase seen in port probes since Tuesday afternoon
From: M. Shirk (shirkdog_list_at_hotmail.com)
Date: 12/30/04
- Previous message: BahdKo: "Increase seen in port probes since Tuesday afternoon"
- In reply to: BahdKo: "Increase seen in port probes since Tuesday afternoon"
- Next in thread: James C Slora Jr: "RE: Increase seen in port probes since Tuesday afternoon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: incidents@securityfocus.com Date: Thu, 30 Dec 2004 14:23:02 -0500
Its one of the *bot variants It is looking for other infected machines on
those ports and other services to compromise. I get the same in my firewall
and ids logs.
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=37776
Shirkdog
http://www.shirkdog.us
>From: BahdKo <bahdko@erols.com>
>To: incidents@securityfocus.com
>Subject: Increase seen in port probes since Tuesday afternoon
>Date: Thu, 30 Dec 2004 11:22:51 +0200
>
>Is anyone else seeing this?
>
>Since Tuesday afternoon EST I've seen a dramatic increase in the number of
>machines probing my network on ports 2745, 1025, 3127, 6129, and usually
>80. Each probe involves the machine sending three packets to each port.
>
>
>--Laura
>
>
>
_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
- Previous message: BahdKo: "Increase seen in port probes since Tuesday afternoon"
- In reply to: BahdKo: "Increase seen in port probes since Tuesday afternoon"
- Next in thread: James C Slora Jr: "RE: Increase seen in port probes since Tuesday afternoon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
