On Tue, 2002-02-12 at 05:35, TCG CSIRT wrote:
>
> Is this a normal increase considering the vulnerabilities made public late last year?

I don't think that there is a 'normal' curve for this type of activity. I
strongly suspect that kiddie behaviour is more a result of fashion than
rational thinking. SSH is mearly C00l now!

> Is anyone (everyone) else seeing the same type of activity?

I have not done the stats but my impression is that my figures would
mirror yours. I am now seeing about 1-2 port 22 scans a day in each network
block I monitor.

> Has anyone seen evidence of a worm?

no, but then we have not had any compromises. I have seen no random probing
that is favoured by most worms. I do believe that there are worms out there
that exploit BIND problems, I regularly see random probes on udp 53.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]