On Monday 30 Sep 2002 9:33 am, Mark Forsyth wrote: > On Monday, September 30, 2002 9:02 AM, John Sage > [SMTP:jsageat_private] wrote: > > This has received some mention on the UNISOG list and elsewhere, but > > not here. > > > > Some people have been seeing unusually high volumes of UDP:137 probes > > since about 09/27/02 late, or early 09/28/02. > > A few people (who log sych things) on the Optus cable network in Australia > have been seeing it too. > In my case since Sep 20 it's gone ... > Sep 20 2 hits > Sep 21, 22, 23 0 hits > Sep 24 3 hits > Sep 25 0 hits > Sep 26 4 hits > Sep 27 2 hits > Sep 28 156 hits Starting at 02:20 (Aust. EST) > Sep 29 410 hits > Sep 30 406 hits up until 18:24 > Been seeing exactly the same spike with same patterns. Up from 40 odd scans on 28/9/2002 to 495 already today. Incidents.org have picked this up at the Internet Storm Center http://isc.incidents.org/port_details.html?port=137 No explanations or reasons been given by anyone yet. -- Emeric Miszti UK Security Online http://www.uksecurityonline.com Tel No: 0870 088 5689 Fax No: 0870 706 2162 PGP Public Key available at http://www.uksecurityonline.com/emeric.asc ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 13:25:55 PDT