during the past week, i have noticed a *very* substantial and alarming number of unsolicited morpheus/kazaa scans/probes (port 1214). before last week, the targeted systems, which reside on roadrunner cablemodem networks, were receiving an average of 40 separate probes/day, with less than 5 morpheus/kazaa probes/day. currently, those same systems have been getting over 300 morpheus/kazaa probes/day for the past 5 days. the elevated probe numbers have been relatively constant. no file sharing software is or ever has been run (or installed) on any of the systems. ALL unsolicited incoming traffic is filtered/blocked/dropped. NO public services (www, ftp, etc) have ever been run on any of the systems. the probes have been coming from a wide variety of systems all over the world, including .edu and .gov. i have not seen any substantial increase in similar scans on corporate networks that i monitor. anybody else seen an increase in morpheus/kazaa scans, or have any insight into the reasons (new vuln scanning tool, new morpheus/kazaa exploits, etc)? thanks, k ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Feb 11 2002 - 12:29:34 PST