same thing here... i've been seeing rpc scans on the whole class c subnet at least once a week... othertimes it is just a 10-50 address at a time/per day... it's getting quite annoying... btw, has anyone seen these 27374 (sub7), 12345 (netbus), 139 (netbios) combo scans lately? it all comes in within a second to the same ip/from the same ip and then this pattern hits the other ip addresses that i manage... know what's doing this? thanks... > -----Original Message----- "Ken Pfeil" <Kenat_private> 08/01/2001 05:59 PM Please respond to Ken To: "Jonathan Rickman" <jonathanat_private>, <incidentsat_private> cc: Subject: RE: Code Red side effects No, you're not the only one. And here I was thinking I was going crazy ;-) Port 1234 is quite popular today as well. > -----Original Message----- > From: Jonathan Rickman [mailto:jonathanat_private] > Sent: Wednesday, August 01, 2001 5:34 PM > To: incidentsat_private > Subject: Code Red side effects > > > With all the attention focused on Code Red, am I the only one > seeing a huge > increase in RPC scans? I've logged over a hundred unique hosts in > the last 4 > hours. > > -- > Jonathan Rickman > X Corps Security > http://www.xcorps.net > > > ------------------------------------------------------------------ > ---------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 13:47:19 PDT