[unisog] SubSeven probes

Peter Van Epp vanepp at sfu.ca
Thu Aug 30 01:55:22 GMT 2001


	Not in anywhere near that volume. In the last 24 hours we have seen
65 total, many of those (from a visual scan) from a 212.198 address (and all
unsuccessful and thus ignored until I went looking for them). Over the last
3 days there have been 10,545 of them which is somewhat more interesting.
A quick visual  of those indicates 24.2 24.26 24.169 as the initial culprets
broadening out later to a mix more like yours (equally unsuccessful and thus
ignored).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

> 
> 
> This is the third day in a row that I've seen probing like this.  It looks
> a lot like distributed, coordinated probing for SubSeven.  Anyone else
> seeing it?
> 
> 						- Andy
> 
> PS By coincidence, the students have been here since Saturday.
> 
> ------------------------------------------------------------------------------
> ** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
> ** Manager of IT Security                 * PGP key:(afj2000) 1024/F67035E1 **
> ** Office of Information Technology, UMBC *        5D 44 1E 2E A6 7C 91 7A  **
> ** 410-455-2583 (v)/410-455-1065 (f)      *        C4 66 5F D5 BA B9 F6 58  **
> ------------------------------------------------------------------------------
> 
> 
> ===================================================================================
>                             Scanners by Number of Target IP Addresses
> 			    -----------------------------------------
> Scanner IP		# Targets 		Ports 			Type
> -------------------	--------------		-----------		-----------
> 4.35.69.53     		27      		27374      		SYN
<snip>



More information about the unisog mailing list