Security Incidents mailing list archives

RE: new/old port 135 scans?

From: "Flowers, Katie" <Katie.Flowers () savvis net>
Date: Tue, 13 Jan 2004 16:51:05 -0600

Only nachi was programmed to self-destruct after 01/01/04, but that will
only happen if the infected machine is rebooted after said date.

Katie, ASN6347

-----Original Message-----
From: Brian Collins [mailto:listbc () newnanutilities org] 
Sent: Monday, January 12, 2004 11:26 PM
To: incidents () securityfocus com
Subject: new/old port 135 scans?

Tonight we're seeing a significant increase in scans on tcp/135.
Customers 
are sending roughly 20 packets to several incremental IPs in a class C, 
waiting 2 seconds, sending roughly 20 more, etc.  I was under the 
impression that Blaster/Nachi was programmed to cease as of 1/1/04 (of 
course, I could be wrong about that).    I'll try to have some packets 
available in a little while.  In the meantime, has anyone else noticed
an 
increase?

Thanks,
--Brian Collins 

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

new/old port 135 scans? Brian Collins (Jan 13)
- Re: new/old port 135 scans? Mike Hoskins (Jan 13)
- Re: new/old port 135 scans? Brian Eckman (Jan 14)
- <Possible follow-ups>
- RE: new/old port 135 scans? Flowers, Katie (Jan 13)
- RE: new/old port 135 scans? DeGennaro, Gregory (Jan 14)
  - Re: new/old port 135 scans? Brian Eckman (Jan 14)