|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Emeric Miszti (emeric_at_uksecurityonline.com)
Date: Mon Sep 30 2002 - 10:54:59 CDT
On Monday 30 Sep 2002 9:33 am, Mark Forsyth wrote:
> On Monday, September 30, 2002 9:02 AM, John Sage
> [SMTP:jsage
finchhaven.com] wrote:
> > This has received some mention on the UNISOG list and elsewhere, but
> > not here.
> >
> > Some people have been seeing unusually high volumes of UDP:137 probes
> > since about 09/27/02 late, or early 09/28/02.
>
> A few people (who log sych things) on the Optus cable network in Australia
> have been seeing it too.
> In my case since Sep 20 it's gone ...
> Sep 20 2 hits
> Sep 21, 22, 23 0 hits
> Sep 24 3 hits
> Sep 25 0 hits
> Sep 26 4 hits
> Sep 27 2 hits
> Sep 28 156 hits Starting at 02:20 (Aust. EST)
> Sep 29 410 hits
> Sep 30 406 hits up until 18:24
>
Been seeing exactly the same spike with same patterns. Up from 40 odd scans on
28/9/2002 to 495 already today.
Incidents.org have picked this up at the Internet Storm Center
http://isc.incidents.org/port_details.html?port=137
No explanations or reasons been given by anyone yet.
-- Emeric Miszti UK Security Online http://www.uksecurityonline.comTel No: 0870 088 5689 Fax No: 0870 706 2162
PGP Public Key available at http://www.uksecurityonline.com/emeric.asc
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]