RE: Code Red side effects

From: ren stimpy (ren000aat_private)
Date: Thu Aug 02 2001 - 06:57:54 PDT

Next message: Paul Gear: "Re: Code red probe followed by udp port 10x"

Previous message: Jonathan A. Zdziarski: "RE: AOL hackings"
Maybe in reply to: Jonathan Rickman: "Code Red side effects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

same thing here... i've been seeing rpc scans on the
whole class c subnet at least once a week...
othertimes it is just a 10-50 address at a time/per
day... it's getting quite annoying...

btw, has anyone seen these 27374 (sub7), 12345
(netbus), 139 (netbios) combo scans lately? it all
comes in within a second to the same ip/from the same
ip and then this pattern hits the other ip addresses
that i manage... know what's doing this?
thanks...


> -----Original Message-----

	"Ken Pfeil" <Kenat_private>
	08/01/2001 05:59 PM
	Please respond to Ken
		 
		 To: "Jonathan Rickman" <jonathanat_private>,
<incidentsat_private>
		 cc: 
		 Subject: RE: Code Red side effects


No, you're not the only one. And here I was thinking I
was going crazy ;-) 
Port 1234 is quite popular today as well.

> -----Original Message-----
> From: Jonathan Rickman [mailto:jonathanat_private]
> Sent: Wednesday, August 01, 2001 5:34 PM
> To: incidentsat_private
> Subject: Code Red side effects
> 
> 
> With all the attention focused on Code Red, am I the
only one 
> seeing a huge
> increase in RPC scans? I've logged over a hundred
unique hosts in 
> the last 4
> hours.
> 
> -- 
> Jonathan Rickman
> X Corps Security
> http://www.xcorps.net
> 
> 
>
------------------------------------------------------------------
> ----------
> This list is provided by the SecurityFocus ARIS
analyzer service.
> For more information on this free incident handling,
management 
> and tracking system please see:
http://aris.securityfocus.com
> 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS
analyzer service.
For more information on this free incident handling,
management 
and tracking system please see:
http://aris.securityfocus.com





__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Paul Gear: "Re: Code red probe followed by udp port 10x"
Previous message: Jonathan A. Zdziarski: "RE: AOL hackings"
Maybe in reply to: Jonathan Rickman: "Code Red side effects"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 13:47:19 PDT