[Dshield] Drop off in attacks

jayjwa jayjwa at atr2.ath.cx
Fri Jan 2 18:04:37 GMT 2004



On Fri, 2 Jan 2004, Benjamin Robson wrote:

> Has anyone else noticed an extreme drop off in the number of 'blocked'
> packets at their firewall (from the Internet)?

> 	1.	People have been switching off their (infected) machines
> for the New Years holiday.
> 	2.	Script kiddies take the NY holidays as well.
> 	3.	Various virii & worms are expiring at midnight
> 31-12-2003.

Unfortunately, I think #1 sounds about right. My logs are about as normal,
I'm seeing _alot_ of connects to port 135, it seems there's a ton of
Windows machines on my ISP's network and they're just probing each other's
port 135. Some 1433's. A few Kuang2thevirus, a few proxy-checks, more and
more port 80 attempted connections- I'm glad I moved my webserver up to
443 and SSL'ed when I did. Pretty standard stuff, for my logs.


[jayjwa]
RLF#37






More information about the list mailing list