[prev in list] [next in list] [prev in thread] [next in thread]
List: dshield
Subject: Re: [Dshield] Veritas Backup Exec Scanning
From: Blake McNeill <mcneillb () linklogger ! com>
Date: 2005-06-30 5:30:24
Message-ID: 0IIV00DB9TYU9T () l-daemon
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
PortPeeker capture of the attack attempt at
http://www.linklogger.com/TCP10000Capture.htm
Seeing more and more of these.
Blake
-----Original Message-----
From: list-bounces@lists.dshield.org [mailto:list-bounces@lists.dshield.org]
On Behalf Of TRushing@hollandco.com
Sent: Monday, June 27, 2005 9:55 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Veritas Backup Exec Scanning
What I find particularly interesting in looking at the Dshield port
history for the Veritas vulnerabilitiy
http://www.dshield.org/port_report.php?port=10000&recax=1&tarax=2&srcax=2&pe
rcent=N&days=40&Redraw=
is that for the most part, targets are in the double (and sometimes
triple) digits until the scans began to pick up after the notice came out
late last week.
However, on 28 May, there are 25 source machines scanning nearly 50,000
hosts. That really stands out. I imagine that it would be easy for
Johannes or someone to look at those 25 source ips and determine whether
that was the vendor or discoverer checking to see how widespread the
problem was or if it was something else. If we do end up with a worm out
of this, I imagine those 25 addresses should get some closer scrutiny.
Tim Rushing
The Holland Company
_______________________________________________
send all posts to list@lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
_______________________________________________
send all posts to list@lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic