On Tue, 2002-02-12 at 05:35, TCG CSIRT wrote: > > Is this a normal increase considering the vulnerabilities made public late last year? I don't think that there is a 'normal' curve for this type of activity. I strongly suspect that kiddie behaviour is more a result of fashion than rational thinking. SSH is mearly C00l now! > Is anyone (everyone) else seeing the same type of activity? I have not done the stats but my impression is that my figures would mirror yours. I am now seeing about 1-2 port 22 scans a day in each network block I monitor. > Has anyone seen evidence of a worm? no, but then we have not had any compromises. I have seen no random probing that is favoured by most worms. I do believe that there are worms out there that exploit BIND problems, I regularly see random probes on udp 53. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Feb 11 2002 - 16:30:10 PST