|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Joe Matusiewicz (joem
nist.gov)Date: Mon May 21 2001 - 08:07:29 CDT
At 11:45 AM 5/18/01, gattacahushmail.com wrote:
>Hello all,
>
>I have a curiousity question. In the last 24 hours I have seen scans for
>the following ports. They have been from multiple addresses at different
>times. The scans have been the same ports and sequence each time which leads
>me to suspect a canned scan tool. Is this something new? Thanks in advance.
>
>cheers,
>gattaca
>
><snip>
>Fri May 18 10:36:30 EDT 2001 (snip filter file command) reports
>211.218.149.27 DENIED HOST
>(tcp ports)
>31337 11753 12754 2400 33567 5300 1008 1524 29369 9112 6723 6635 8282 9705
>10008 15104 3879 22252 60008
></snip>
I first noticed these scans two weeks ago. Now I get about 20 a day going
to random addresses on my network. Each port is hit in 4 second
increments. There coming from all over the world. Using netcraft.com, all
the source addresses are running Linux. I assume this is some new yet to
be determined Linux worm. The only mention I can find of it is at:
http://www.incidents.org/react/diary.php
-- Joe
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]