[Dshield] Drop off in attacks
micheal at tsgincorporated.com
Fri Jan 2 19:12:24 GMT 2004
----- Original Message -----
From: "jayjwa" <jayjwa at atr2.ath.cx>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Friday, January 02, 2004 12:04 PM
Subject: Re: [Dshield] Drop off in attacks
> On Fri, 2 Jan 2004, Benjamin Robson wrote:
> > Has anyone else noticed an extreme drop off in the number of 'blocked'
> > packets at their firewall (from the Internet)?
> > 1. People have been switching off their (infected) machines
> > for the New Years holiday.
> > 2. Script kiddies take the NY holidays as well.
> > 3. Various virii & worms are expiring at midnight
> > 31-12-2003.
> Unfortunately, I think #1 sounds about right. My logs are about as normal,
> I'm seeing _alot_ of connects to port 135, it seems there's a ton of
> Windows machines on my ISP's network and they're just probing each other's
> port 135. Some 1433's. A few Kuang2thevirus, a few proxy-checks, more and
> more port 80 attempted connections- I'm glad I moved my webserver up to
> 443 and SSL'ed when I did. Pretty standard stuff, for my logs.
I agree. Currently, I've seen 601 attempts to pass traffic to port 135 since
midnight and climbing as I type. Most of my denies today have been target to
ports 135, 445, and 137-139. Although, with a fair amount of new systems
purchased at Christmas, I expected it to be much worse than it actually is.
Could it be that folks are actually starting to be concerned with their
systems as the new generation(s) start to take to the net?
TSG Network Administration
Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
More information about the list