[Dshield] Recent jump in Port 135 Targets in DShield Data

David Mehl dcm2002 at sbcglobal.net
Sun Sep 21 15:45:38 GMT 2003


Take a quick look at the huge increase in targets scanned on Port 135 in the last day or two. http://www.dshield.org/port_report.php?port=135&recax=1&tarax=2&srcax=2&percent=N&days=70&Redraw=Submit+Queryt
This also seems to be happening without any significant change in the number of source IP addresses. This scan pattern also seemed to preceded MS-Blaster. 
 
Looks like the automated scanning for MS03-039 vulnerability, without automated replication, is starting up. Its not yet a worm, but "just" root kits that happen now. And this is not news worthy. ;-(







More information about the list mailing list