[unisog] Full-on LSASS worm? [was: Apparent spread of LSASS
hooper at post.queensu.ca
Thu Apr 29 20:24:16 GMT 2004
We've had some trouble coping with heavy incoming scanning on these ports
over the past week. It was driving our border router comatose, until we
blocked all those ports on the incoming interfaces. Source addresses are
mostly other universities, not cable and DSL ranges. That may indicate some
degree of control over scanning scope.
- Andy Hooper - Queen's University, Ontario, Canada
> In the last two hours, we've seen a bunch of hosts all start scanning
> out for ports 2745, 135, 1025, 445, 80, 3127, 139, 1433, and 5000.
More information about the unisog