[Dshield] TCP/3389 (MS Terminal Services) Probes

Pete Cap peteoutside at yahoo.com
Fri Mar 5 19:41:03 GMT 2004


Not seeing anything strange here (bout 90 hits in the past five days, mostly attributed to web traffic).
 
Could I trouble you gents for some packet traces?

Regards,
Pete

Chris Brenton <cbrenton at chrisbrenton.org> wrote:
On Fri, 2004-03-05 at 02:09, Bill McCarty wrote:
>
> On each of four recent days (Feb. 4, 11, 22, and 23) one of my class C 
> networks has been swept for services listening on TCP/3389.

I can confirm I'm seeing a ramp up in this scanning as well. What's kind
of weird is a vast majority (all but 1) are originating out of Korea.
Seems to indicate a single person or group may be up to this.

Possible zero day?
C



_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

---------------------------------
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster.


More information about the list mailing list