[Dshield] TCP/3389 (MS Terminal Services) Probes
cbrenton at chrisbrenton.org
Fri Mar 5 16:34:35 GMT 2004
On Fri, 2004-03-05 at 02:09, Bill McCarty wrote:
> On each of four recent days (Feb. 4, 11, 22, and 23) one of my class C
> networks has been swept for services listening on TCP/3389.
I can confirm I'm seeing a ramp up in this scanning as well. What's kind
of weird is a vast majority (all but 1) are originating out of Korea.
Seems to indicate a single person or group may be up to this.
Possible zero day?
More information about the list