Security Incidents mailing list archives
Re: Scans for telnetd on DNS servers.
From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Thu, 9 Mar 2006 22:32:45 +0100 (CET)
On Sat, 4 Mar 2006, Jay D. Dyson wrote:
In the past hour I've seen 43 scans for telnetd (port 23) on a single DNS box. Most of these scans are coming from Asia, but a number are originating from South America as well. These are not network sweeps; they are aimed solely at DNS systems.
I observed a sudden increase of 23/tcp probes on Feb 28 at 16:00 GMT (from more or less zero to approx. 1500 probes per hour). It lasted for 10 hours, then it stopped almost quickly as it started. It was neither a focused probing of a certain kind of devices, nor any systematic sweep -- various IP addresses (including broadcast and other reserved addresses) in our network were hit in a seemingly random manner. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Scans for telnetd on DNS servers. Jay D. Dyson (Mar 04)
- Re: Scans for telnetd on DNS servers. Raistlin Majere (Mar 06)
- Re: Scans for telnetd on DNS servers. Pavel Kankovsky (Mar 09)
- Re: Scans for telnetd on DNS servers. Alex (Mar 09)
- Re: Scans for telnetd on DNS servers. Pavel Kankovsky (Mar 13)
- Re: Scans for telnetd on DNS servers. jim barchuk (Mar 14)
- Re: Scans for telnetd on DNS servers. Alex (Mar 09)
- <Possible follow-ups>
- Re: Re: Scans for telnetd on DNS servers. kmuskrat (Mar 13)