[Dshield] Massive port 135 upswing?
nlindq at maei.ca
Mon Jun 14 18:57:58 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Okay, something's going on.
Anyone else seeing a massive increase in port 135 hits? Our firewall
is currently seeing 35% CPU utilization from syslogd just keeping up
with dropped packets; the last hourly DShield submission bounced from
the submission queue due to size throttling on the MTA.
Looks like worm traffic--loads of different IP addresses from all
over the place, all hitting TCP port 135. If it's *not* worm
traffic, could it be a DDOS attack?
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
-----END PGP SIGNATURE-----
More information about the list