lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20030923053125.69AF6693E@mdev.river.com>
From: rdump at river.com (Richard Johnson)
Subject: Re: Increased port 135 activity

In article <3F6E8FAC.1020400@...khammer.org>,
 Paul Tinsley <pdt@...khammer.org> wrote:

> most if not all of the spikes on that graph can be mapped to a 
> worm/virus that was discovered around the same time.


The current port 135 activity appears to be both heavy and more 
narrowly targeted than a recent (typical?) worm activity.

I've seen a few dialups drowned in the traffic (which seems to be scans 
of nearby /16s), while other systems on different parts of the net 
report only the normal levels of MS junk traffic.

I don't know whether the systems you're looking at show similar 
behavior.


Richard

-- 
My mailbox. My property. My personal space. My rules. Deal with it.
                        http://www.river.com/users/share/cluetrain/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ