Security Incidents mailing list archives

Abnormally high Sub-Seven attack rate increase

From: Eric Kimminau <root () kimminau org>
Date: Tue, 31 Dec 2002 00:09:40 -0500 (EST)

Howdy all! 

Is it just me or has the number of Sub-Seven probes grown
astronomically in the last 7 days? I am seeing on average 25-30
clients per day, each scanning 3 or 4 times each up from only 1 or 2
per day at most for the last several months.


Time, Event, Intruder, Count
12/30/2002 4:36:04 AM, SubSeven port probe, 211.54.97.249, 4
12/30/2002 4:35:28 AM, SubSeven port probe, 61.76.228.152, 4
12/30/2002 4:35:28 AM, SubSeven port probe, 61.76.228.152, 4
12/30/2002 4:12:11 AM, SubSeven port probe, 211.218.199.99, 4
12/30/2002 4:12:11 AM, SubSeven port probe, 211.218.199.99, 4
12/30/2002 3:51:45 AM, SubSeven port probe, 211.220.174.241, 4
12/30/2002 3:07:42 AM, SubSeven port probe,
pcp465155pcs.shrpsr01.tn.comcast.net, 4
12/30/2002 2:55:53 AM, SubSeven port probe, 211.180.104.212, 4
12/30/2002 2:55:52 AM, SubSeven port probe, 211.180.104.212, 4
12/30/2002 2:48:50 AM, SubSeven port probe,
CPE0080c6fe0c2c.cpe.net.cable.rogers.com, 4
12/30/2002 2:12:42 AM, SubSeven port probe, 61.84.87.119, 4
12/30/2002 2:01:28 AM, SubSeven port probe, 211.220.171.85, 3
12/30/2002 2:01:28 AM, SubSeven port probe, 211.220.171.85, 3
12/30/2002 1:30:10 AM, SubSeven port probe, 218.150.0.71, 3
12/30/2002 1:30:10 AM, SubSeven port probe, 218.150.0.71, 3
12/30/2002 1:10:01 AM, SubSeven port probe, 61.84.137.155, 4
12/30/2002 1:10:01 AM, SubSeven port probe, 61.84.137.155, 4
12/30/2002 12:56:18 AM, SubSeven port probe, 211.195.57.52, 4
12/30/2002 12:56:18 AM, SubSeven port probe, 211.195.57.52, 4
12/30/2002 12:45:13 AM, SubSeven port probe, 218.147.103.205, 4
12/30/2002 12:45:13 AM, SubSeven port probe, 218.147.103.205, 4
12/30/2002 12:13:30 AM, SubSeven port probe, 61.82.221.165, 3
12/30/2002 12:13:30 AM, SubSeven port probe, 61.82.221.165, 3
12/29/2002 11:52:24 PM, SubSeven port probe, 61.77.146.31, 4
12/29/2002 11:51:42 PM, SubSeven port probe, 218.148.57.89, 3
12/29/2002 11:51:41 PM, SubSeven port probe, 218.148.57.89, 3
12/29/2002 11:29:42 PM, SubSeven port probe, 211.230.118.236, 4
12/29/2002 10:48:21 PM, SubSeven port probe,
1Cust124.tnt1.reading.pa.da.uu.net, 4
12/29/2002 10:48:21 PM, SubSeven port probe,
1Cust124.tnt1.reading.pa.da.uu.net, 4
12/29/2002 10:42:14 PM, SubSeven port probe, 61.73.229.103, 4
12/29/2002 10:07:20 PM, SubSeven port probe,
s211-33-10-129.thrunet.ne.kr, 1
12/29/2002 10:07:19 PM, SubSeven port probe,
s211-33-10-129.thrunet.ne.kr, 1



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Abnormally high Sub-Seven attack rate increase Eric Kimminau (Jan 02)
- Re: Abnormally high Sub-Seven attack rate increase Jeff Kell (Jan 02)
- <Possible follow-ups>
- RE: Abnormally high Sub-Seven attack rate increase James C Slora Jr (Jan 02)
  - RE: Abnormally high Sub-Seven attack rate increase H C (Jan 03)