[unisog] Distributed port 445 scan or spoof?

Peter Van Epp vanepp at sfu.ca
Fri Feb 14 23:36:00 GMT 2003


	Doesn't look to have hit here (at least yet :-)). Feb 1 to 4: 6930 hits
Feb 10 to today: 7055 hits.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

On Thu, Feb 13, 2003 at 06:44:12PM -0800, Pat Wilson wrote:
> 
> Hmm.  We're seeing incidents of intense port 445 scanning, either from a
> fairly well-coordinated distributed net or from something spoofing one -
> lots of ISP IP addresses, for short bursts of activity.
> 
> Has anyone else seen this recently?  We normally see 445 scans, but not
> from so many different directions at once...  If it _is_ an address
> spoofer, any idea how to track it down?
> 
> Thanks.
> 
> 
> Pat Wilson
> Network Security Manager
> UCSD ACS/Network Operations
> paw at ucsd.edu
> 6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015
> 



More information about the unisog mailing list