[unisog] Anyone notice an increase in window probes/pokes/whatever

Joshua Wright Joshua.Wright at jwu.edu
Wed Feb 18 12:13:28 GMT 2004


At the Internet Storm Center (isc.sans.org), we've seen a big spike in TCP/445 activity, as well as TCP/80 activity.  TCP/135 activity seems to be stable at the moment:

http://isc.sans.org/port_details.html?port=135
http://isc.sans.org/port_details.html?port=445
http://isc.sans.org/port_details.html?port=80

The TCP/80 and TCP/445 activity is largely attributed to Welchia.B virus making the rounds.  The handlers diary from 2/16 has some additional information:

http://isc.sans.org/diary.html?date=2004-02-16

-Joshua Wright
Joshua.Wright at jwu.edu

-----Original Message-----
From:	Pete Hickey [mailto:pete at shadows.uottawa.ca]
Sent:	Tue 2004-02-17 8:23 PM
To:	unisog at sans.org
Cc:	
Subject:	[unisog] Anyone notice an increase in window probes/pokes/whatever
At around Tue Feb 17 5:10 AM EST we saw a sudden 10 fold
increase in scans/probes/pokes coming in on ports 445 and 135.
It continued throughout the day, and is now only about 4 times
over normal.

Anyone else seeing this?


-- 
Pete Hickey                                       /~\  The ASCII
The University of Ottawa                          \ /  Ribbon Campaign
Ottawa, Ontario                                    X   Against HTML
Canada                                            / \  Email!





More information about the unisog mailing list