[Dshield] MAJOR Jump in Scans to 135/TCP

TRushing@hollandco.com TRushing at hollandco.com
Tue Mar 22 16:37:31 GMT 2005


On 03/21/2005 02:41 PM John R. Kibler wrote:

> Greetings, 
> 
> During the past couple of hours, we have seen a MAJOR jump in the 
> number of scans against TCP/135. Has anyone else?
> 
> Over the past few days, scans to this port have averaged something 
> less than 1/3rd of total scans. However, last hour (14:00 
> US/Eastern, GMT-0500), scans to TCP/135 averaged just under 2/3rds 
> of all scans, and thus far this hour (15:00 - 15:20), the scans are 
> up to just under 3/4ths of all scans. 

I saw a slight uptick yesterday here at work against our Class C starting 
around 17:00 US/Eastern, but nothing like what you describe.  I do not log 
Windows scans on my home firewall because I get too much cruft from other 
users at my ISP, so I have no point of comparison.

Dshield reports for yesterday for port 135 show nothing out of the 
ordinary:

http://www.dshield.org/port_report.php?port=135&recax=1&tarax=2&srcax=2&percent=N&days=40&Redraw=

(Though, likely yesterday's reports are still being processed.)

On a meta-discussion note, why the extreme delay in letting messages 
through the list.  I realize it is moderated, but might it be time to 
expand the moderator pool?  The above e-mail came through to the list 
nearly 20 hours after it was sent.  Had it turned out to be an actual 
early warning, it would have been kind of pointless.  (Of course, had it 
turned out to be an actual warning, someone else somewhere else would have 
probably already noticed something.)

Tim Rushing



More information about the list mailing list