[Dshield] TCP/3389 (MS Terminal Services) Probes

Chris Brenton cbrenton at chrisbrenton.org
Fri Mar 5 16:34:35 GMT 2004

On Fri, 2004-03-05 at 02:09, Bill McCarty wrote:
> On each of four recent days (Feb. 4, 11, 22, and 23) one of my class C 
> networks has been swept for services listening on TCP/3389.

I can confirm I'm seeing a ramp up in this scanning as well. What's kind
of weird is a vast majority (all but 1) are originating out of Korea.
Seems to indicate a single person or group may be up to this.

Possible zero day?

More information about the list mailing list