[Dshield] MAJOR Jump in Scans to 135/TCP

Jon R. Kibler Jon.Kibler at aset.com
Wed Mar 23 14:59:07 GMT 2005


Eric Kedrosky wrote:
> 
> It sounds to me like you have an infection of a Bot of some kind.

The probes peaked after about 3 hours and then abruptly stopped. The probes were all originating from outside our network, as they were being blocked as incoming packets on our external-facing firewall interfaces. The probes were hitting 4 different, widely dispersed, netblocks in the same B class address.

I agree that we were probably being hit by some type of bot -- apparently probing at random IPs in the B class where most of our IPs are allocated.

However, due to our limited view of the net, I was not sure if this was a new worm or if it was some existing worm/bot just heavily probing our networks. Thus, the posting.

Jon Kibler
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list