[Dshield] Massive port 135 upswing?

Nels Lindquist nlindq at maei.ca
Mon Jun 14 18:57:58 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Okay, something's going on.

Anyone else seeing a massive increase in port 135 hits?  Our firewall 
is currently seeing 35% CPU utilization from syslogd just keeping up 
with dropped packets; the last hourly DShield submission bounced from 
the submission queue due to size throttling on the MTA.

Looks like worm traffic--loads of different IP addresses from all 
over the place, all hitting TCP port 135.  If it's *not* worm 
traffic, could it be a DDOS attack?

- ----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFAzfUsbxRqvNchgLQRAkFEAKCWdCs1tweB7wfIG1jhFfXCfOijjACg2BOt
j7DjPdD/sKLQvrk5gDumScs=
=iJSO
-----END PGP SIGNATURE-----



More information about the list mailing list