[Dshield] MyDoom/NoVarg DoS details
peteoutside at yahoo.com
Wed Jan 28 05:36:17 GMT 2004
I will take a serious look at those IPs tomorrow.
Is anyone doing packet capture on these...possible attempted exploits?
(I have my minions at work taking a look at this)
Interesting you should mention those 444/135 scans.
Check out the dates of those target spikes. The plot thickens.
Portscans on the whole range (3127-3192) are booming compared to "normal" traffic, even on the noisy ports. I think it's a safe bet that the author is hunting for compromised boxes.
On the "quiet" ports I see the same pattern...significant spikes within the past 30 days or so, then quiet again, and picking up now. I wonder if there's anything to that.
My antennae are fairly quivering with this one.
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
More information about the list