RE: Unusual volume: UDP:137 probes

From: Scott, Michael R. (MICHAEL.R.SCOTTat_private)
Date: Tue Oct 01 2002 - 09:37:18 PDT

  • Next message: Scott, Michael R.: "RE: Unusual volume: UDP:137 probes" 

    Correction/update to my earlier post:
It seems to be scanning random chunks of addresses, not /16's, see below for
a listing of targets probed over a 75 second period.  Notice how it starts
off with incrementing the host of a /24 then jumps to a different /8 and
increments only the first octet.  Yesterday night's NAV signatures detect it
as W32.Opaserv.Worm.  A view of the properties of the file show a C time of
this past Sat night (9/28 19:32 PST), and an M time of 1/1/70.

181.5.73.183
181.5.73.184
181.5.73.185
181.5.73.186
181.5.73.187
181.5.73.188
181.5.73.189
181.5.73.190
181.5.73.191
181.5.73.192
181.5.73.193
181.5.73.194
181.5.73.195
181.5.73.196
181.5.73.197
181.5.73.198
181.5.73.199
181.5.73.200
181.5.73.201
181.5.73.202
181.5.73.203
181.5.73.204
181.5.73.205
181.5.73.206
181.5.73.207
181.5.73.208
181.5.73.209
181.5.73.210
181.5.73.211
181.5.73.212
181.5.73.213
181.5.73.214
181.5.73.215
181.5.73.216
181.5.73.217
181.5.73.218
181.5.73.219
181.5.73.220
181.5.73.221
181.5.73.222
181.5.73.223
181.5.73.224
181.5.73.225
181.5.73.226
181.5.73.227
181.5.73.228
181.5.73.229
181.5.73.230
181.5.73.231
181.5.73.232
181.5.73.233
181.5.73.234
181.5.73.235
181.5.73.236
181.5.73.237
181.5.73.238
181.5.73.239
181.5.73.240
181.5.73.241
181.5.73.242
181.5.73.243
181.5.73.244
181.5.73.245
181.5.73.246
181.5.73.247
181.5.73.248
181.5.73.249
181.5.73.250
181.5.73.251
181.5.73.252
181.5.73.253
181.5.73.254
181.5.73.255
215.27.171.66
216.27.171.66
217.27.171.66
218.27.171.66
219.27.171.66
220.27.171.66
221.27.171.66
222.27.171.66
223.27.171.66
224.27.171.66
225.27.171.66
226.27.171.66
227.27.171.66
228.27.171.66
229.27.171.66
230.27.171.66
231.27.171.66
232.27.171.66
233.27.171.66
234.27.171.66
235.27.171.66
236.27.171.66
237.27.171.66
238.27.171.66
239.27.171.66
240.27.171.66
241.27.171.66
242.27.171.66
243.27.171.66
244.27.171.66
245.27.171.66
246.27.171.66
247.27.171.66
248.27.171.66
249.27.171.66
250.27.171.66
251.27.171.66
252.27.171.66
253.27.171.66
254.27.171.66
66.171.27.255
162.163.234.229
162.163.234.230
162.163.234.231
162.163.234.232
162.163.234.233
162.163.234.234
162.163.234.235
162.163.234.236
162.163.234.237
162.163.234.238
162.163.234.239
162.163.234.240
162.163.234.241
162.163.234.242
162.163.234.243
162.163.234.244
162.163.234.245
162.163.234.246
162.163.234.247
162.163.234.248
162.163.234.249
162.163.234.250
162.163.234.251
162.163.234.252
162.163.234.253
162.163.234.254
162.163.234.255
173.11.177.110
173.11.177.111
173.11.177.112
173.11.177.113
173.11.177.114
173.11.177.115
173.11.177.116
173.11.177.117
173.11.177.118
173.11.177.119
173.11.177.120
173.11.177.121
173.11.177.122
173.11.177.123
173.11.177.124
173.11.177.125
173.11.177.126
173.11.177.127
173.11.177.128
173.11.177.129
173.11.177.130
173.11.177.131
173.11.177.132
173.11.177.133
173.11.177.134
173.11.177.135
173.11.177.136
173.11.177.137
173.11.177.138
173.11.177.139
173.11.177.140
173.11.177.141
173.11.177.142
173.11.177.143
173.11.177.144
173.11.177.145
173.11.177.146
173.11.177.147
173.11.177.148
173.11.177.149
173.11.177.150
173.11.177.151
173.11.177.152
173.11.177.153
173.11.177.154
173.11.177.155
173.11.177.156
173.11.177.157
173.11.177.158
173.11.177.159
173.11.177.160
173.11.177.161
173.11.177.162
173.11.177.163
173.11.177.164
173.11.177.165
173.11.177.166
173.11.177.167
173.11.177.168
173.11.177.169
173.11.177.170
173.11.177.171
173.11.177.172
173.11.177.173
173.11.177.174
173.11.177.175
173.11.177.176
173.11.177.177
173.11.177.178
173.11.177.179
173.11.177.180
173.11.177.181
173.11.177.182
173.11.177.183
173.11.177.184
173.11.177.185
173.11.177.186
173.11.177.187
173.11.177.188
173.11.177.189
173.11.177.190
173.11.177.191
173.11.177.192
173.11.177.193
173.11.177.194
173.11.177.195
173.11.177.196
173.11.177.197
173.11.177.198
173.11.177.199
173.11.177.200
173.11.177.201
173.11.177.202
173.11.177.203
173.11.177.204
173.11.177.205
173.11.177.206
173.11.177.207
173.11.177.208
173.11.177.209
173.11.177.210
173.11.177.211
173.11.177.212
173.11.177.213
173.11.177.214
173.11.177.215
173.11.177.216
173.11.177.217
173.11.177.218
173.11.177.219
173.11.177.220
173.11.177.221
173.11.177.222
173.11.177.223
173.11.177.224
173.11.177.225
173.11.177.226
173.11.177.227
173.11.177.228
173.11.177.229
173.11.177.230
173.11.177.231
173.11.177.232
173.11.177.233
173.11.177.234
173.11.177.235
173.11.177.236
173.11.177.237
173.11.177.238
173.11.177.239
173.11.177.240
173.11.177.241
173.11.177.242
173.11.177.243
173.11.177.250
173.11.177.252
173.11.177.252
173.11.177.254
173.11.177.254
149.248.50.154
149.248.50.155
149.248.50.156
149.248.50.157
149.248.50.158
149.248.50.159
149.248.50.160
149.248.50.161
149.248.50.162
149.248.50.163
149.248.50.164
149.248.50.165
149.248.50.166
149.248.50.167
149.248.50.168
149.248.50.169
149.248.50.170
149.248.50.171
149.248.50.172
149.248.50.173
149.248.50.174
149.248.50.175
149.248.50.176
149.248.50.177
149.248.50.178
149.248.50.179
149.248.50.180
149.248.50.181
149.248.50.182
149.248.50.183
149.248.50.184
149.248.50.185
149.248.50.186
149.248.50.187
149.248.50.188
149.248.50.189
149.248.50.190
149.248.50.191
149.248.50.192
149.248.50.193
149.248.50.194
149.248.50.195
149.248.50.196
149.248.50.197
149.248.50.198
149.248.50.199
149.248.50.200
149.248.50.201
149.248.50.202
149.248.50.203
149.248.50.204
149.248.50.205
149.248.50.206
149.248.50.207
149.248.50.208
149.248.50.209
149.248.50.210
149.248.50.211
149.248.50.212
149.248.50.213
149.248.50.214
149.248.50.215
149.248.50.216

Mike 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Tue Oct 01 2002 - 12:20:55 PDT