|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Increase seen in port probes since Tuesday afternoon
From: Jeff Kell (jeff-kell
utc.edu)
Date: Thu Dec 30 2004 - 22:32:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
James C Slora Jr wrote:
> BahdKo wrote Thursday, December 30, 2004 04:23
>>Since Tuesday afternoon EST I've seen a dramatic increase in
>>the number of machines probing my network on ports 2745,
>>1025, 3127, 6129, and usually 80. Each probe involves the
>>machine sending three packets to each port.
>
> Yes from time to time. The port pattern is typical of many botnets, many of
> which will focus multiple drones against a particular IP space for a while.
I'm seeing 80, 1025, 6129, and 1433 increases in tcp, and 1434, 1026,
and 1027 udp. The usual 135/445 are present as always but I haven't
paid much attention to a 'marked increase' as they long ago drifted into
the pool of "background noise".
Jeff
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]