[Dshield] TCP/3389 (MS Terminal Services) Probes
peteoutside at yahoo.com
Fri Mar 5 19:41:03 GMT 2004
Not seeing anything strange here (bout 90 hits in the past five days, mostly attributed to web traffic).
Could I trouble you gents for some packet traces?
Chris Brenton <cbrenton at chrisbrenton.org> wrote:
On Fri, 2004-03-05 at 02:09, Bill McCarty wrote:
> On each of four recent days (Feb. 4, 11, 22, and 23) one of my class C
> networks has been swept for services listening on TCP/3389.
I can confirm I'm seeing a ramp up in this scanning as well. What's kind
of weird is a vast majority (all but 1) are originating out of Korea.
Seems to indicate a single person or group may be up to this.
Possible zero day?
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
Do you Yahoo!?
Yahoo! Search - Find what youre looking for faster.
More information about the list