"gffl" == Glenn Forbes Fleming Larratt <glrattat_private> writes: gffl> We saw, on 9 December between 1327 and 1340 UTC, simultaneous ssh scans from: *snip* gffl> . They began and ended very abruptly at the times noted above, and gffl> came from mostly North America (9 from 4 different Canadian provinces, gffl> and 9 from 7 different US states), but also from .kr, .be, .au and gffl> .hk . In every case that I could determine, it appeared to be the gffl> usual suspects - home broadband networks. gffl> I suspect either a worm or a coordinated zombie attack. ...Or one person scanning you and then throwing random source addresses in as well to obfuscate the actual address scanned from. This was more popular in the past, but it is still done. See nmap -D for example... Clarissa ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 13:11:55 PST