[Dshield] port 515 surge

Dale.Duckett@shawinc.com Dale.Duckett at shawinc.com
Thu Oct 25 20:24:06 GMT 2001


I'm not currently a submitter but we were also scanned on port 515
yesterday.  Thanks, Dale.


                                                                                                                    
                    "Johannes B.                                                                                    
                    Ullrich"              To:     <dshield at dshield.org>                                             
                    <jullrich at eucli       cc:                                                                       
                    dian.com>             Subject:     [Dshield] port 515 surge                                     
                    Sent by:                                                                                        
                    dshield-admin at d                                                                                 
                    shield.org                                                                                      
                                                                                                                    
                                                                                                                    
                    10/25/2001                                                                                      
                    02:18 PM                                                                                        
                    Please respond                                                                                  
                    to dshield                                                                                      
                                                                                                                    
                                                                                                                    




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Just a quick note. There is a big surge in port 515 scans if you look at
the top 10 port page.

I am currently investigating. But so far, it does not look like anything
too exiting. It is just that a very large submitter got scanned 'top to
bottom' for port 515.

Port 515 is used for the printer service in Unix. It is commonly 'scanned
for' as it is vulnerable up to including RedHat 7.0. Make sure you got it
switched off or patched. But if you are still running the original 7.0
install, it is probably already too late.

Here some details:

+------------------------+------------+
| Number of Targets      | date       |
+------------------------+------------+
|                   1543 | 2001-09-23 |
|                   1909 | 2001-09-24 |
|                    979 | 2001-09-25 |
|                    766 | 2001-09-26 |
|                    912 | 2001-09-27 |
|                   1228 | 2001-09-28 |
|                   1330 | 2001-09-29 |
|                    879 | 2001-09-30 |
|                   1194 | 2001-10-01 |
|                   1169 | 2001-10-02 |
|                   1183 | 2001-10-03 |
|                   1217 | 2001-10-04 |
|                   6291 | 2001-10-05 |
|                   1396 | 2001-10-06 |
|                  37982 | 2001-10-07 |
|                   1661 | 2001-10-08 |
|                   7276 | 2001-10-09 |
|                   1160 | 2001-10-10 |
|                   2111 | 2001-10-11 |
|                    682 | 2001-10-12 |
|                    949 | 2001-10-13 |
|                   1680 | 2001-10-14 |
|                   1580 | 2001-10-15 |
|                   1302 | 2001-10-16 |
|                    490 | 2001-10-17 |
|                    951 | 2001-10-18 |
|                   1163 | 2001-10-19 |
|                    622 | 2001-10-20 |
|                   1621 | 2001-10-21 |
|                   1083 | 2001-10-22 |
|                   1389 | 2001-10-23 |
|                  29580 | 2001-10-24 |
|                  49398 | 2001-10-25 |
+------------------------+------------+


+------------------------+------------+
| Number of users        | date       |
+------------------------+------------+
|                    177 | 2001-09-23 |
|                    141 | 2001-09-24 |
|                    132 | 2001-09-25 |
|                    150 | 2001-09-26 |
|                    141 | 2001-09-27 |
|                    154 | 2001-09-28 |
|                    169 | 2001-09-29 |
|                    156 | 2001-09-30 |
|                    155 | 2001-10-01 |
|                    117 | 2001-10-02 |
|                    141 | 2001-10-03 |
|                    117 | 2001-10-04 |
|                    148 | 2001-10-05 |
|                    189 | 2001-10-06 |
|                    176 | 2001-10-07 |
|                    166 | 2001-10-08 |
|                    130 | 2001-10-09 |
|                    142 | 2001-10-10 |
|                    143 | 2001-10-11 |
|                    135 | 2001-10-12 |
|                    160 | 2001-10-13 |
|                    182 | 2001-10-14 |
|                    153 | 2001-10-15 |
|                    143 | 2001-10-16 |
|                    129 | 2001-10-17 |
|                    113 | 2001-10-18 |
|                    116 | 2001-10-19 |
|                    145 | 2001-10-20 |
|                    108 | 2001-10-21 |
|                    115 | 2001-10-22 |
|                    133 | 2001-10-23 |
|                    125 | 2001-10-24 |
|                     25 | 2001-10-25 |
+------------------------+------------+


- --
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE72FeCVOIizK5pIDMRAujEAJ0WCMQdCdmyou0OCmmkoOHMhkHQ8wCfQjER
TqHmLFSaATTEKoSrhVYB07s=
=D7LW
-----END PGP SIGNATURE-----

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield







More information about the list mailing list