[unisog] Anyone notice an increase in window probes/pokes/whatever

Joshua Wright Joshua.Wright at jwu.edu
Wed Feb 18 12:13:28 GMT 2004

At the Internet Storm Center (isc.sans.org), we've seen a big spike in TCP/445 activity, as well as TCP/80 activity.  TCP/135 activity seems to be stable at the moment:


The TCP/80 and TCP/445 activity is largely attributed to Welchia.B virus making the rounds.  The handlers diary from 2/16 has some additional information:


-Joshua Wright
Joshua.Wright at jwu.edu

-----Original Message-----
From:	Pete Hickey [mailto:pete at shadows.uottawa.ca]
Sent:	Tue 2004-02-17 8:23 PM
To:	unisog at sans.org
Subject:	[unisog] Anyone notice an increase in window probes/pokes/whatever
At around Tue Feb 17 5:10 AM EST we saw a sudden 10 fold
increase in scans/probes/pokes coming in on ports 445 and 135.
It continued throughout the day, and is now only about 4 times
over normal.

Anyone else seeing this?

Pete Hickey                                       /~\  The ASCII
The University of Ottawa                          \ /  Ribbon Campaign
Ottawa, Ontario                                    X   Against HTML
Canada                                            / \  Email!

More information about the unisog mailing list