Re: Increase seen in port probes since Tuesday afternoon
From: Jeff Kell (jeff-kell_at_utc.edu)
Date: 12/31/04
- Previous message: Michael: "RE: Increase seen in port probes since Tuesday afternoon"
- In reply to: James C Slora Jr: "RE: Increase seen in port probes since Tuesday afternoon"
- Next in thread: Martin Mačok: "Re: Increase seen in port probes since Tuesday afternoon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Dec 2004 23:32:14 -0500 To: James C Slora Jr <Jim.Slora@phra.com>
James C Slora Jr wrote:
> BahdKo wrote Thursday, December 30, 2004 04:23
>>Since Tuesday afternoon EST I've seen a dramatic increase in
>>the number of machines probing my network on ports 2745,
>>1025, 3127, 6129, and usually 80. Each probe involves the
>>machine sending three packets to each port.
>
> Yes from time to time. The port pattern is typical of many botnets, many of
> which will focus multiple drones against a particular IP space for a while.
I'm seeing 80, 1025, 6129, and 1433 increases in tcp, and 1434, 1026,
and 1027 udp. The usual 135/445 are present as always but I haven't
paid much attention to a 'marked increase' as they long ago drifted into
the pool of "background noise".
Jeff
- Previous message: Michael: "RE: Increase seen in port probes since Tuesday afternoon"
- In reply to: James C Slora Jr: "RE: Increase seen in port probes since Tuesday afternoon"
- Next in thread: Martin Mačok: "Re: Increase seen in port probes since Tuesday afternoon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
