Security Incidents mailing list archives

RE: Code Red side effects

From: ren stimpy <ren000a () yahoo com>
Date: Thu, 2 Aug 2001 06:57:54 -0700 (PDT)

same thing here... i've been seeing rpc scans on the
whole class c subnet at least once a week...
othertimes it is just a 10-50 address at a time/per
day... it's getting quite annoying...

btw, has anyone seen these 27374 (sub7), 12345
(netbus), 139 (netbios) combo scans lately? it all
comes in within a second to the same ip/from the same
ip and then this pattern hits the other ip addresses
that i manage... know what's doing this?
thanks...

-----Original Message-----


        "Ken Pfeil" <Ken () infosec101 org>
        08/01/2001 05:59 PM
        Please respond to Ken
                 
                 To: "Jonathan Rickman" <jonathan () xcorps net>,
<incidents () securityfocus com>
                 cc: 
                 Subject: RE: Code Red side effects


No, you're not the only one. And here I was thinking I
was going crazy ;-) 
Port 1234 is quite popular today as well.

-----Original Message-----
From: Jonathan Rickman [mailto:jonathan () xcorps net]
Sent: Wednesday, August 01, 2001 5:34 PM
To: incidents () securityfocus com
Subject: Code Red side effects


With all the attention focused on Code Red, am I the

only one

seeing a huge
increase in RPC scans? I've logged over a hundred

unique hosts in

the last 4
hours.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

------------------------------------------------------------------

----------
This list is provided by the SecurityFocus ARIS

analyzer service.

For more information on this free incident handling,

management

and tracking system please see:

http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS
analyzer service.
For more information on this free incident handling,
management 
and tracking system please see:
http://aris.securityfocus.com





__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Code Red side effects Jonathan Rickman (Aug 01)
- RE: Code Red side effects Ken Pfeil (Aug 01)
- Re: Code Red side effects Opus (Aug 01)
- <Possible follow-ups>
- RE: Code Red side effects ren stimpy (Aug 02)
- RE: Code Red side effects Portnoy, Gary (Aug 02)