--On Thursday, February 27, 2003 6:25 PM +0000 Charles Hamby <fixerat_private> wrote: > Has anyone else recently been pegged with a large number of distributed > TCP 445 scans over a short amount of time (within a few minutes)? No, but I've seen a slow TCP 445 scan that took several hours to transit half of a class C network. However, the scan originated from a single IP. The source and destination port of all packets was 13000. Snort flagged the packets as related to the Shaft DDOS tool. But, I suspect the current tool merely shares code with Shaft. --------------------------------------------------- Bill McCarty ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Tue Mar 04 2003 - 10:58:03 PST