[Dshield] 4899

jayjwa jayjwa at atr2.ath.cx
Sat Apr 24 08:13:48 GMT 2004


On Fri, 23 Apr 2004, Ed Truitt wrote:

> Subject: Re: [Dshield] 4899

> Over the past 30 days, I have been hot on this port every day.  The top
> number of probes has been > 11,000, 28 of the other days have been
> between 1,000 and 10,000 probes.  Right now, it is number 7 on the "top
> trends" list (just above 3127 - MyDoom.)  The details can be seen at
> http://216.39.204.25/cgi-bin/tarpit/paged_report.plx?trends.

Funny, I noticed this today too. I found a few links for it, but nothing
too note-worthy. I took a look at the last most recent connection attempt
to that port, and it ended up being a Windows 2k server. It looked well
maintained, not the un-firewalled worm-pot I've come to expect.


-- 
Heard: "On 2 recent occasions a "windows update" broke windows.
Once it disabled the NIC altogether and on another occasion it
caused IE to run slower than a one legged cat, trying to bury
a turd on a frozen pond."




More information about the list mailing list