Security Incidents mailing list archives

RE: Increase in Sub7 scans

From: gene.g.beaird () mail sprint com
Date: Tue, 12 Jun 2001 10:26:58 -0500

School's out!  :-(

Gene Beaird
Corporate Systems Administrator
Sprint E|Solutions
Houston, Texas

-----Original Message-----
From: JObert [mailto:JObert () sprg smhs com]
Sent: Tuesday, June 12, 2001 8:43 AM
To: incidents
Cc: JObert
Subject: Increase in Sub7 scans


Since February, I've been receiving tcp port scans for the default sub7 
port
(27374) at a rate of approximately 3-4 per day.  Starting on June 8th to
present, I've been receiving them at 9 times that rate.  

6/5/01 - 3 Scans
6/6/01 - 4 Scans
6/7/01 - 3 Scans
6/8/01 - 8 Scans
6/9/01 - 14 Scans
6/10/01 - 38 Scans
6/11/01 - 22 Scans

Any ideas on what could have sparked this increased scanning?  A new
utility?  A new vulnerability related to sub7?  New media publicity?

Thanks

Jack E. Obert, GSEC 
Technical Information Security Officer 
St. John's Health System

Current thread:

Increase in Sub7 scans Obert, Jack E. (Jun 12)
- Re: Increase in Sub7 scans Eric S. Johnson (Jun 12)
- Re: Increase in Sub7 scans Adam Stanley (Jun 12)
- Re: Increase in Sub7 scans Daniel Martin (Jun 12)
- <Possible follow-ups>
- RE: Increase in Sub7 scans gene . g . beaird (Jun 12)
  - Re: Increase in Sub7 scans sarnold (Jun 12)
- RE: Increase in Sub7 scans David Endler (Jun 12)
- Re: Increase in Sub7 scans Phil (Jun 12)
  - Re: Increase in Sub7 scans Alan Hannan (Jun 13)
- RE: Increase in Sub7 scans bparis (Jun 12)
- Re: Increase in Sub7 scans Justin Shore (Jun 12)