Security Incidents mailing list archives
RE: Code Red side effects
From: ren stimpy <ren000a () yahoo com>
Date: Thu, 2 Aug 2001 06:57:54 -0700 (PDT)
same thing here... i've been seeing rpc scans on the whole class c subnet at least once a week... othertimes it is just a 10-50 address at a time/per day... it's getting quite annoying... btw, has anyone seen these 27374 (sub7), 12345 (netbus), 139 (netbios) combo scans lately? it all comes in within a second to the same ip/from the same ip and then this pattern hits the other ip addresses that i manage... know what's doing this? thanks...
-----Original Message-----
"Ken Pfeil" <Ken () infosec101 org> 08/01/2001 05:59 PM Please respond to Ken To: "Jonathan Rickman" <jonathan () xcorps net>, <incidents () securityfocus com> cc: Subject: RE: Code Red side effects No, you're not the only one. And here I was thinking I was going crazy ;-) Port 1234 is quite popular today as well.
-----Original Message----- From: Jonathan Rickman [mailto:jonathan () xcorps net] Sent: Wednesday, August 01, 2001 5:34 PM To: incidents () securityfocus com Subject: Code Red side effects With all the attention focused on Code Red, am I the
only one
seeing a huge increase in RPC scans? I've logged over a hundred
unique hosts in
the last 4 hours. -- Jonathan Rickman X Corps Security http://www.xcorps.net
------------------------------------------------------------------
---------- This list is provided by the SecurityFocus ARIS
analyzer service.
For more information on this free incident handling,
management
and tracking system please see:
http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red side effects Jonathan Rickman (Aug 01)
- RE: Code Red side effects Ken Pfeil (Aug 01)
- Re: Code Red side effects Opus (Aug 01)
- <Possible follow-ups>
- RE: Code Red side effects ren stimpy (Aug 02)
- RE: Code Red side effects Portnoy, Gary (Aug 02)