Honeypots mailing list archives

RE: recent scannin activitty

From: "Chan Kien Eng" <eng () essasia net>
Date: Fri, 29 Aug 2003 15:40:15 +0800

It's the worms - Nachi worm
We getting a lots of hits as well on our dragon IDS.

-----Original Message-----
From: John Levine [mailto:levine () ece gatech edu]
Sent: Friday, August 29, 2003 6:37 AM
To: honeypots () securityfocus com
Subject: recent scannin activitty

To all,
      I have noticed an increase in ICMP scans from early summer.

What

I have noticed here on the Georgia Tech Honeynet lately is a large
increase
in ICMP scans triggering the SNORT ICMP ping Cyberkit 2.2 Windows
signature from blaster infected machines (i.e. these same machines try

to

connect on port 135).


John Levine
School Of Electrical and Computer Engineering
Georgia Institute of Technology



*****Confidentiality Notice***************** 
This message contains confidential
information and is intended only for the 
individual named.If you are not the named
addressee you should not disseminate, 
distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if 
you have received this e-mail by mistake and
delete this e-mail from your system.
********************************************

Current thread:

recent scannin activitty John Levine (Aug 29)
- Re: recent scannin activitty John Lyons (Aug 29)
- <Possible follow-ups>
- RE: recent scannin activitty Chan Kien Eng (Aug 29)