Increase in Sub7 scans

From: Obert, Jack E. (JObertat_private)
Date: Tue Jun 12 2001 - 06:42:58 PDT

Next message: Alfred Huger: "Dead thread - RE: How to stop a consistent cracker."

Previous message: Justin Shore: "Re: [Fwd: OFF TOPIC: security]"
Next in thread: gene.g.beairdat_private: "RE: Increase in Sub7 scans"
Reply: gene.g.beairdat_private: "RE: Increase in Sub7 scans"
Reply: David Endler: "RE: Increase in Sub7 scans"
Reply: Adam Stanley: "Re: Increase in Sub7 scans"
Reply: Daniel Martin: "Re: Increase in Sub7 scans"
Reply: Phil: "Re: Increase in Sub7 scans"
Reply: bparisat_private: "RE: Increase in Sub7 scans"
Reply: Justin Shore: "Re: Increase in Sub7 scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Since February, I've been receiving tcp port scans for the default sub7 port
(27374) at a rate of approximately 3-4 per day.  Starting on June 8th to
present, I've been receiving them at 9 times that rate.  

6/5/01 - 3 Scans
6/6/01 - 4 Scans
6/7/01 - 3 Scans
6/8/01 - 8 Scans
6/9/01 - 14 Scans
6/10/01 - 38 Scans
6/11/01 - 22 Scans

Any ideas on what could have sparked this increased scanning?  A new
utility?  A new vulnerability related to sub7?  New media publicity?

Thanks

Jack E. Obert, GSEC 
Technical Information Security Officer 
St. John's Health System

Next message: Alfred Huger: "Dead thread - RE: How to stop a consistent cracker."
Previous message: Justin Shore: "Re: [Fwd: OFF TOPIC: security]"
Next in thread: gene.g.beairdat_private: "RE: Increase in Sub7 scans"
Reply: gene.g.beairdat_private: "RE: Increase in Sub7 scans"
Reply: David Endler: "RE: Increase in Sub7 scans"
Reply: Adam Stanley: "Re: Increase in Sub7 scans"
Reply: Daniel Martin: "Re: Increase in Sub7 scans"
Reply: Phil: "Re: Increase in Sub7 scans"
Reply: bparisat_private: "RE: Increase in Sub7 scans"
Reply: Justin Shore: "Re: Increase in Sub7 scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 08:20:40 PDT