[Dshield] port 515 surge

Johannes B. Ullrich jullrich at euclidian.com
Thu Oct 25 18:18:40 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Just a quick note. There is a big surge in port 515 scans if you look at 
the top 10 port page.

I am currently investigating. But so far, it does not look like anything 
too exiting. It is just that a very large submitter got scanned 'top to 
bottom' for port 515.

Port 515 is used for the printer service in Unix. It is commonly 'scanned 
for' as it is vulnerable up to including RedHat 7.0. Make sure you got it
switched off or patched. But if you are still running the original 7.0 
install, it is probably already too late.

Here some details:

+------------------------+------------+
| Number of Targets      | date       |
+------------------------+------------+
|                   1543 | 2001-09-23 |
|                   1909 | 2001-09-24 |
|                    979 | 2001-09-25 |
|                    766 | 2001-09-26 |
|                    912 | 2001-09-27 |
|                   1228 | 2001-09-28 |
|                   1330 | 2001-09-29 |
|                    879 | 2001-09-30 |
|                   1194 | 2001-10-01 |
|                   1169 | 2001-10-02 |
|                   1183 | 2001-10-03 |
|                   1217 | 2001-10-04 |
|                   6291 | 2001-10-05 |
|                   1396 | 2001-10-06 |
|                  37982 | 2001-10-07 |
|                   1661 | 2001-10-08 |
|                   7276 | 2001-10-09 |
|                   1160 | 2001-10-10 |
|                   2111 | 2001-10-11 |
|                    682 | 2001-10-12 |
|                    949 | 2001-10-13 |
|                   1680 | 2001-10-14 |
|                   1580 | 2001-10-15 |
|                   1302 | 2001-10-16 |
|                    490 | 2001-10-17 |
|                    951 | 2001-10-18 |
|                   1163 | 2001-10-19 |
|                    622 | 2001-10-20 |
|                   1621 | 2001-10-21 |
|                   1083 | 2001-10-22 |
|                   1389 | 2001-10-23 |
|                  29580 | 2001-10-24 |
|                  49398 | 2001-10-25 |
+------------------------+------------+


+------------------------+------------+
| Number of users        | date       |
+------------------------+------------+
|                    177 | 2001-09-23 |
|                    141 | 2001-09-24 |
|                    132 | 2001-09-25 |
|                    150 | 2001-09-26 |
|                    141 | 2001-09-27 |
|                    154 | 2001-09-28 |
|                    169 | 2001-09-29 |
|                    156 | 2001-09-30 |
|                    155 | 2001-10-01 |
|                    117 | 2001-10-02 |
|                    141 | 2001-10-03 |
|                    117 | 2001-10-04 |
|                    148 | 2001-10-05 |
|                    189 | 2001-10-06 |
|                    176 | 2001-10-07 |
|                    166 | 2001-10-08 |
|                    130 | 2001-10-09 |
|                    142 | 2001-10-10 |
|                    143 | 2001-10-11 |
|                    135 | 2001-10-12 |
|                    160 | 2001-10-13 |
|                    182 | 2001-10-14 |
|                    153 | 2001-10-15 |
|                    143 | 2001-10-16 |
|                    129 | 2001-10-17 |
|                    113 | 2001-10-18 |
|                    116 | 2001-10-19 |
|                    145 | 2001-10-20 |
|                    108 | 2001-10-21 |
|                    115 | 2001-10-22 |
|                    133 | 2001-10-23 |
|                    125 | 2001-10-24 |
|                     25 | 2001-10-25 |
+------------------------+------------+


- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE72FeCVOIizK5pIDMRAujEAJ0WCMQdCdmyou0OCmmkoOHMhkHQ8wCfQjER
TqHmLFSaATTEKoSrhVYB07s=
=D7LW
-----END PGP SIGNATURE-----




More information about the list mailing list