[Dshield] Something Different

Glenn Jarvis gaj at sympatico.ca
Thu Jan 15 13:08:10 GMT 2004


> From:
> "Johannes B. Ullrich" <jullrich at sans.org>
> Date:
> Wed, 14 Jan 2004 23:14:15 -0500
> To:
> General DShield Discussion List <list at dshield.org>
> 
> why is this 'different'? It looks just like a regular port 139 (file
> sharing) scan.

It was the first time I had seen this in my logs. It's partly my own 
fault that I didn't add the rest of the message before my fumble fingers 
clicked the send button :-)
Just prior to this the lights on both my dsl modem and the router were 
flashing away similiar to those "Christmas Chase Lights". I wasn't 
online at the time and even a cold boot didn't help. Once the machine 
was back up, the lights started again. I found the quick way to stop it 
was to disconnect the dsl modem phone line for a few moments and plugged 
it back in. It stopped after that, and then I noticed the info in the 
log. I asked quickly about it in the regular ng's and a gent there told 
me it was a DoS Attack and that the router had performed flawlessly. To 
me , it was different. To you folks, probably an every day event :-)
Oh, while I'm here, the gent you mentioned that would contact me in 
reference to the logfile for the DI-604 must be busy as I haven't heard 
from him yet (I'm just as busy... trying to stay warm!) -31C this morning.
Keep warm all.
Glenn




More information about the list mailing list