[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dshield
Subject:    Re: [Dshield] Anyone else seeing this from 68.236.159.156
From:       David Cary Hart <DavidHart () tqmcube ! com>
Date:       2004-12-10 17:48:50
Message-ID: 1102700930.25185.2.camel () dch ! TQMcube ! com
[Download RAW message or body]

On Fri, 2004-12-10 at 06:57 -0500, Aaron Lewis wrote:
> Over the last 2 days or so I've been seeing excessive port probing from
> 68.236.159.156. About every 7 minutes they probe 135, 139 and 445. 
> Thur, 12/09/2004 22:21:09 - TCP connection dropped - Source:68.236.159.156,

You should report this to security@verizon.net 

These probes are coming from a business account and the customer has
probably been compromised by a virus.

-------------- Sponsor Message ------------------------------------
NEW Log Analyzer for Firewalls and Syslog Servers!

LogLogic appliances offer, analysis modules and a browser based management console \
that deliver ad-hoc queries, real-time alerts, root-cause and trend-analysis reports \
and reliable aggregation and retention for log data. 

No more homegrown solutions. Stop downtime, save time, money and your sanity.

Click here to see a DEMO!

http://www.loglogic.com/products/demo_formDS.html

_______________________________________________
send all posts to list@lists.dshield.org
To change your subscription options (or unsubscribe), see: \
http://www.dshield.org/mailman/listinfo/list


[prev in list] [next in list] [prev in thread] [next in thread]