[unisog] Distributed port 445 scan or spoof?
Peter Van Epp
vanepp at sfu.ca
Fri Feb 14 23:36:00 GMT 2003
Doesn't look to have hit here (at least yet :-)). Feb 1 to 4: 6930 hits
Feb 10 to today: 7055 hits.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
On Thu, Feb 13, 2003 at 06:44:12PM -0800, Pat Wilson wrote:
> Hmm. We're seeing incidents of intense port 445 scanning, either from a
> fairly well-coordinated distributed net or from something spoofing one -
> lots of ISP IP addresses, for short bursts of activity.
> Has anyone else seen this recently? We normally see 445 scans, but not
> from so many different directions at once... If it _is_ an address
> spoofer, any idea how to track it down?
> Pat Wilson
> Network Security Manager
> UCSD ACS/Network Operations
> paw at ucsd.edu
> 6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015
More information about the unisog