[Dshield] Drop off in attacks
jayjwa at atr2.ath.cx
Fri Jan 2 18:04:37 GMT 2004
On Fri, 2 Jan 2004, Benjamin Robson wrote:
> Has anyone else noticed an extreme drop off in the number of 'blocked'
> packets at their firewall (from the Internet)?
> 1. People have been switching off their (infected) machines
> for the New Years holiday.
> 2. Script kiddies take the NY holidays as well.
> 3. Various virii & worms are expiring at midnight
Unfortunately, I think #1 sounds about right. My logs are about as normal,
I'm seeing _alot_ of connects to port 135, it seems there's a ton of
Windows machines on my ISP's network and they're just probing each other's
port 135. Some 1433's. A few Kuang2thevirus, a few proxy-checks, more and
more port 80 attempted connections- I'm glad I moved my webserver up to
443 and SSL'ed when I did. Pretty standard stuff, for my logs.
More information about the list