Security Incidents mailing list archives
RE: new/old port 135 scans?
From: "Flowers, Katie" <Katie.Flowers () savvis net>
Date: Tue, 13 Jan 2004 16:51:05 -0600
Only nachi was programmed to self-destruct after 01/01/04, but that will only happen if the infected machine is rebooted after said date. Katie, ASN6347 -----Original Message----- From: Brian Collins [mailto:listbc () newnanutilities org] Sent: Monday, January 12, 2004 11:26 PM To: incidents () securityfocus com Subject: new/old port 135 scans? Tonight we're seeing a significant increase in scans on tcp/135. Customers are sending roughly 20 packets to several incremental IPs in a class C, waiting 2 seconds, sending roughly 20 more, etc. I was under the impression that Blaster/Nachi was programmed to cease as of 1/1/04 (of course, I could be wrong about that). I'll try to have some packets available in a little while. In the meantime, has anyone else noticed an increase? Thanks, --Brian Collins ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- new/old port 135 scans? Brian Collins (Jan 13)
- Re: new/old port 135 scans? Mike Hoskins (Jan 13)
- Re: new/old port 135 scans? Brian Eckman (Jan 14)
- <Possible follow-ups>
- RE: new/old port 135 scans? Flowers, Katie (Jan 13)
- RE: new/old port 135 scans? DeGennaro, Gregory (Jan 14)
- Re: new/old port 135 scans? Brian Eckman (Jan 14)