Full Disclosure mailing list archives
Re: DCOM
From: Valdis.Kletnieks () vt edu
Date: Mon, 11 Aug 2003 23:37:06 -0400
On Mon, 11 Aug 2003 13:14:16 PDT, Joey <joey2cool () yahoo com> said:
The targets total has stayed about the same for the past 2 weeks. I see no difference. http://isc.sans.org/port_details.html?port=135
It took me a while to figure that out, until I realized what was going on: Port 135 probes are *SO* prevalent that *every single* submission to DShield has at least one or two dozen (I know my laptop gets several an hour). So what that's *REALLY* measuring is "How many DShield sites have made any sort of report that day" - the "number of targets" is approximately "number of sensors active today". Take a look at the "sources" line instead....
Attachment:
_bin
Description:
Current thread:
- DCOM Worm released, (continued)
- DCOM Worm released Joey (Aug 11)
- Re: DCOM Worm released Dennis Opacki (Aug 11)
- Re: DCOM Worm released Dennis Opacki (Aug 11)
- Re: DCOM Worm released Jordan Wiens (Aug 11)
- RE: DCOM Worm released Marc Maiffret (Aug 11)
- Re: DCOM Worm released daniel uriah clemens (Aug 11)
- RE: DCOM Worm released gml (Aug 11)
- DCOM Worm released Joey (Aug 11)
- Re: DCOM Worm released Nils (Aug 11)
- Re: DCOM Worm released ragdelaed (Aug 11)
- Re: DCOM Joey (Aug 11)
- Re: DCOM Valdis . Kletnieks (Aug 13)
- RE: DCOM Mike (Aug 12)