RE: [MLUG] new series of attacks

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG membership <EMAIL:PROTECTED>
Subject: RE: [MLUG] new series of attacks
From: Mike Miller <EMAIL:PROTECTED>
Date: Tue, 11 Jun 2002 08:49:01 -0500 (CDT)
In-reply-to: <EMAIL:PROTECTED>
Reply-to: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED

On Tue, 11 Jun 2002, McNutt, Justin M. wrote:

> > Jun  6 12:41:10 TCP: port 27374 connection attempt from c-66-56-76-79.atl.client2.attbi.com:3066
> > Jun  6 12:41:10 TCP: port 12345 connection attempt from c-66-56-76-79.atl.client2.attbi.com:3067
>
> These are both trojans.  We block these ports at the MOREnet link at
> UMC.  IIRC, one is Sub7 and the other is NetBus.

You have a good strategy there.  Here's my question:  Why am I suddenly
getting so many attempts on these ports.  I mean, things have gone totally
nuts in the last week.  Here are the numbers:

Oct 5 - Jun 4:  173 attempts on port 27374
Jun 5 - now:    296 attempts on port 27374

Oct 5 - Jun 4:   10 attempts on port 12345
Jun 5 - now:    287 attempts on port 12345

You see the problem.  The rate of attacks on port 12345 has increased by a
factor of approximately 1,100 times in the past week over the preceeding
8-month baseline.  I think it means that something has really gone haywire
out there!

Mike

--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

References:
- RE: [MLUG] new series of attacks
  - From: "McNutt, Justin M." <EMAIL:PROTECTED>

Prev by Date: RE: [MLUG] new series of attacks
Next by Date: [MLUG] Mozilla 1.0.0
Previous by thread: RE: [MLUG] new series of attacks
Next by thread: RE: [MLUG] new series of attacks
Index(es):
- Date
- Thread