[Dshield] Port 23 activity spike
jayjwa at atr2.ath.cx
Fri Jan 9 02:44:36 GMT 2004
On Wed, 7 Jan 2004, Johannes B. Ullrich wrote:
> I will try to add some of this to the web based reports.
> The issue is that some of these queries are slow right now,
> so they need some tuning. The "top ten attackers" for a
> particular day/targetport takes 10 seconds, which is a bit
> long for a web based query. We do some caching, but if
> google tries to index every port, things may get ugly ;-)
I finally saw this today, 3 seperate attempts, all different "innocent
looking" ip's... I had a clevel little message for anyone caught
attempting connects to port 23, by way of tcpwrapper's "twist" command,
but I've since took it down.
More information about the list