[Dshield] Recent jump in Port 135 Targets in DShield Data

Keith Bergen keith at keithbergen.com
Sun Sep 21 18:19:41 GMT 2003

I'm not seeing any increase in my corner of the 'net, but then I'm on a
dynamic IP within Bellsouth.net. I did hear that another variant of the
Blaster was being released, but there are no new vulnerabilities. It's just
the same ole exploits.



-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of David Mehl
Sent: Sunday, September 21, 2003 11:46 AM
To: General DShield Discussion List
Subject: [Dshield] Recent jump in Port 135 Targets in DShield Data

Take a quick look at the huge increase in targets scanned on Port 135 in the
last day or two.
This also seems to be happening without any significant change in the number
of source IP addresses. This scan pattern also seemed to preceded
Looks like the automated scanning for MS03-039 vulnerability, without
automated replication, is starting up. Its not yet a worm, but "just" root
kits that happen now. And this is not news worthy. ;-(

More information about the list mailing list