[Dshield] Increase in Sub Seven's

Johannes Ullrich jullrich at sans.org
Tue Jun 18 14:12:11 GMT 2002

> Yes, I get them too, but since may and from all over the globe.
> But it seems they come in "batches". Some day's I see five to ten of them, some days none.
> In May I even had Sub Seven's arriving, directly followed by Netbus's from the same addresses.

Does anybody have honeypot captures of this activity? If you
need my good old perl honeypot, let me know. Subseven probes
usually come from IRC bots and try to get SubSeven to download
some other piece of malware.

jullrich at sans.org             Collaborative Intrusion Detection
                                    join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20020618/045726a5/attachment.bin

More information about the list mailing list