[Dshield] Recent jump in Port 135 Targets in DShield Data

Keith Bergen keith at keithbergen.com
Sun Sep 21 18:19:41 GMT 2003


I'm not seeing any increase in my corner of the 'net, but then I'm on a
dynamic IP within Bellsouth.net. I did hear that another variant of the
Blaster was being released, but there are no new vulnerabilities. It's just
the same ole exploits.

http://keithbergen.dyndns.org/cgi-bin/135graph.pl

Keith.

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of David Mehl
Sent: Sunday, September 21, 2003 11:46 AM
To: General DShield Discussion List
Subject: [Dshield] Recent jump in Port 135 Targets in DShield Data

Take a quick look at the huge increase in targets scanned on Port 135 in the
last day or two.
http://www.dshield.org/port_report.php?port=135&recax=1&tarax=2&srcax=2&perc
ent=N&days=70&Redraw=Submit+Queryt
This also seems to be happening without any significant change in the number
of source IP addresses. This scan pattern also seemed to preceded
MS-Blaster. 
 
Looks like the automated scanning for MS03-039 vulnerability, without
automated replication, is starting up. Its not yet a worm, but "just" root
kits that happen now. And this is not news worthy. ;-(




More information about the list mailing list