New Virus or Attack?

Ryan Nobrega nobregar2 at southernct.edu
Fri Jan 31 21:33:42 GMT 2003


Has anyone seen a HUGE increase in udp nbname scans lately.  We are
currently seeing anywhere from 30 to 50 per second.  Here is a small extract
from our logs:

 

"0:02:51" "Drop" "nbname" "4.62.229.73" "xxx.xxx.192.226" "udp" "60" "1026"
""

"0:02:51" "Drop" "nbname" "4.62.229.73" "xxx.xxx.192.227" "udp" "60" "1026"
""

"0:02:52" "Drop" "nbname" "4.62.229.73" "xxx.xxx.192.228" "udp" "60" "1026"
""

"0:02:52" "Drop" "nbname" "4.62.229.73" "xxx.xxx.192.229" "udp" "60" "1026"
""

"0:02:52" "Drop" "nbname" "4.62.229.73" "xxx.xxx.192.230" "udp" "60" "1026"
""

"0:02:52" "Drop" "nbname" "4.62.229.73" "xxx.xxx.192.231" "udp" "60" "1026"
""

 

"0:03:29" "Drop" "nbname" "200.64.37.133" "xxx.xxx.181.84" "udp" "60" "1065"
""

"0:03:29" "Drop" "nbname" "200.64.37.133" "xxx.xxx.181.85" "udp" "60" "1065"
""

"0:03:29" "Drop" "nbname" "200.64.37.133" "xxx.xxx.181.86" "udp" "60" "1065"
""

"0:03:30" "Drop" "nbname" "200.64.37.133" "xxx.xxx.181.87" "udp" "60" "1065"
""

"0:03:30" "Drop" "nbname" "200.64.37.133" "xxx.xxx.181.88" "udp" "60" "1065"
""

"0:03:30" "Drop" "nbname" "200.64.37.133" "xxx.xxx.181.89" "udp" "60" "1065"
""

"0:03:30" "Drop" "nbname" "200.64.37.133" "xxx.xxx.181.90" "udp" "60" "1065"
""

 

"0:40:19" "Drop" "nbname" "219.93.53.64" "xxx.xxx.205.220" "udp" "60" "1028"
""

"0:40:20" "Drop" "nbname" "219.93.53.64" "xxx.xxx.205.221" "udp" "60" "1028"
""

"0:40:20" "Drop" "nbname" "219.93.53.64" "xxx.xxx.205.222" "udp" "60" "1028"
""

"0:40:20" "Drop" "nbname" "219.93.53.64" "xxx.xxx.205.223" "udp" "60" "1028"
""

"0:40:20" "Drop" "nbname" "219.93.53.64" "xxx.xxx.205.224" "udp" "60" "1028"
""

"0:40:20" "Drop" "nbname" "219.93.53.64" "xxx.xxx.205.225" "udp" "60" "1028"
""

 

This is only a small portion from three hosts, but we have had millions
since last night.  I am now beginning to see the same thing originating from
our network.  It appears to be spreading around?  Any help is appreciated.

 

Thanks again,

-Ryan Nobrega

-SCSU Network Services



More information about the unisog mailing list