[Dshield] TCP/3389 (MS Terminal Services) Probes

Pete Cap peteoutside at yahoo.com
Fri Mar 5 19:41:03 GMT 2004

Not seeing anything strange here (bout 90 hits in the past five days, mostly attributed to web traffic).
Could I trouble you gents for some packet traces?


Chris Brenton <cbrenton at chrisbrenton.org> wrote:
On Fri, 2004-03-05 at 02:09, Bill McCarty wrote:
> On each of four recent days (Feb. 4, 11, 22, and 23) one of my class C 
> networks has been swept for services listening on TCP/3389.

I can confirm I'm seeing a ramp up in this scanning as well. What's kind
of weird is a vast majority (all but 1) are originating out of Korea.
Seems to indicate a single person or group may be up to this.

Possible zero day?

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster.

More information about the list mailing list