[Dshield] MyDoom/NoVarg DoS details

Pete Cap peteoutside at yahoo.com
Wed Jan 28 05:36:17 GMT 2004


Johannes,
 
I will take a serious look at those IPs tomorrow.
 
Is anyone doing packet capture on these...possible attempted exploits?
(I have my minions at work taking a look at this)

Interesting you should mention those 444/135 scans.
Check out the dates of those target spikes.  The plot thickens.
 
Portscans on the whole range (3127-3192) are booming compared to "normal" traffic, even on the noisy ports.  I think it's a safe bet that the author is hunting for compromised boxes.
On the "quiet" ports I see the same pattern...significant spikes within the past 30 days or so, then quiet again, and picking up now.  I wonder if there's anything to that.
 
My antennae are fairly quivering with this one.
 
Regards,
Pete


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!


More information about the list mailing list