RE: Increase in Port Scan Attempts?

["Gonzalez, Albert" <agonzalez () redsiren com>]

A more detailed explanation of what exactly you are experiencing might help
us throw a bit more information your way. Also remember that Sasser[1] worm
is making the rounds right now, so you might be seeing traffic associated
with it, as most of us are. You did patch right? Although there have been
reports of the patches breaking the machine upon reboot. :/

Hope that helps in some way.

Cheers,
_A

[1] - http://www.lurhq.com/sasser.html
also
http://sarc.com/avcenter/venc/data/w32.sasser.worm.html

-----Original Message-----
From: Alex [mailto:incidents () alexolson com]
Sent: Sunday, May 02, 2004 6:12 PM
To: incidents () securityfocus com
Subject: Increase in Port Scan Attempts?


I have noticed in the past week about 10 different port scan attempts by
various hosts.  I'm used to seeing entries of one host probing 
particular ports, but I'm seeing the same host repeatedly probing multiple
ports in a very short time. Most of them only log about 10-20 entries 
total in my firewall.    However, last sunday, I received 3000 attempts 
from a university webserver (at 1:30 am).

Earlier on this list there was talk of the possible existence of an
unknown exploit in Windows.  Does anyone have any more info about this?  
Something unusual seems to be afoot.

-Alex 


---------------------------------------------------------------------------
----------------------------------------------------------------------------