[Dshield] Port 23 activity spike

Bill McCarty bmccarty at pt-net.net
Mon Dec 29 03:05:16 GMT 2003


Hi all,

I notice that recent DShield data show a spike in activity on port 23: 
<http://isc.incidents.org/port_details.html?port=23&repax=1&tarax=2&srcax=2
&percent=N&days=40&Redraw=>. The 70-day chart shows similar spikes on or 
about October 21 and November 18, roughly 30 and 60 days ago. Looking 
through the list archives, I don't find comments on these earlier spikes.

So far, my network isn't seeing any of this traffic. Does anyone have 
packet captures? I'd like to know what service is being targeted. 
Presumably, someone/something is scanning for Telnet servers; but perhaps 
the target is a backdoor rather than a standard service.

Cheers,

---------------------------------------------------
Bill McCarty




More information about the list mailing list