Security Incidents mailing list archives
RE: new/old port 135 scans?
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Wed, 14 Jan 2004 10:03:23 -0800
Nachi, Was also supposed to end; Self removal When the system clock reaches Jan 1, 2004, the worm will delete itself upon execution My guess it did not, we have bad CMOS batteries out there, or all of this traffic is msblast or blaster. Or perhaps, a new one? Regards, Greg DeGennaro Jr., CCNP -----Original Message----- From: Brian Eckman [mailto:eckman () umn edu] Sent: Wednesday, January 14, 2004 9:02 AM To: Brian Collins Cc: incidents () securityfocus com Subject: Re: new/old port 135 scans? Brian Collins wrote:
Tonight we're seeing a significant increase in scans on tcp/135. Customers are sending roughly 20 packets to several incremental IPs in a class C, waiting 2 seconds, sending roughly 20 more, etc. I was under the impression that Blaster/Nachi was programmed to cease as of 1/1/04 (of course, I could be wrong about that). I'll try to have some packets available in a little while. In the meantime, has anyone else noticed an increase?
That is exactly what Blaster does. It has not ceased, and probably won't for years. There should be an increase in it, as it no longer has Nachi trying to eradicate it. Brian -- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota "There are 10 types of people in this world. Those who understand binary and those who don't." --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- new/old port 135 scans? Brian Collins (Jan 13)
- Re: new/old port 135 scans? Mike Hoskins (Jan 13)
- Re: new/old port 135 scans? Brian Eckman (Jan 14)
- <Possible follow-ups>
- RE: new/old port 135 scans? Flowers, Katie (Jan 13)
- RE: new/old port 135 scans? DeGennaro, Gregory (Jan 14)
- Re: new/old port 135 scans? Brian Eckman (Jan 14)