Honeypots mailing list archives
RE: recent scannin activitty
From: "Chan Kien Eng" <eng () essasia net>
Date: Fri, 29 Aug 2003 15:40:15 +0800
It's the worms - Nachi worm We getting a lots of hits as well on our dragon IDS.
-----Original Message----- From: John Levine [mailto:levine () ece gatech edu] Sent: Friday, August 29, 2003 6:37 AM To: honeypots () securityfocus com Subject: recent scannin activitty To all, I have noticed an increase in ICMP scans from early summer.
What
I have noticed here on the Georgia Tech Honeynet lately is a large increase in ICMP scans triggering the SNORT ICMP ping Cyberkit 2.2 Windows signature from blaster infected machines (i.e. these same machines try
to
connect on port 135). John Levine School Of Electrical and Computer Engineering Georgia Institute of Technology
*****Confidentiality Notice***************** This message contains confidential information and is intended only for the individual named.If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. ********************************************
Current thread:
- recent scannin activitty John Levine (Aug 29)
- Re: recent scannin activitty John Lyons (Aug 29)
- <Possible follow-ups>
- RE: recent scannin activitty Chan Kien Eng (Aug 29)