[unisog] Full-on LSASS worm? [was: Apparent spread of LSASS exploitation]

Andy Hooper hooper at post.queensu.ca
Thu Apr 29 20:24:16 GMT 2004

We've had some trouble coping with heavy incoming scanning on these ports 
over the past week. It was driving our border router comatose, until we 
blocked all those ports on the incoming interfaces. Source addresses are 
mostly other universities, not cable and DSL ranges. That may indicate some 
degree of control over scanning scope.

- Andy Hooper - Queen's University, Ontario, Canada

> In the last two hours, we've seen a bunch of hosts all start scanning
> out for ports 2745, 135, 1025, 445, 80, 3127, 139, 1433, and 5000.

More information about the unisog mailing list