Hosting Provided By

Abnormally high Sub-Seven attack rate increase

From: Eric Kimminau <root(at)kimminau.org>
Date: Tue Dec 31 2002 - 00:09:40 EST

Is it just me or has the number of Sub-Seven probes grown astronomically in the last 7 days? I am seeing on average 25-30 clients per day, each scanning 3 or 4 times each up from only 1 or 2 per day at most for the last several months.

Time, Event, Intruder, Count
12/30/2002 4:36:04 AM, SubSeven port probe, 211.54.97.249, 4
12/30/2002 4:35:28 AM, SubSeven port probe, 61.76.228.152, 4
12/30/2002 4:35:28 AM, SubSeven port probe, 61.76.228.152, 4
12/30/2002 4:12:11 AM, SubSeven port probe, 211.218.199.99, 4
12/30/2002 4:12:11 AM, SubSeven port probe, 211.218.199.99, 4
12/30/2002 3:51:45 AM, SubSeven port probe, 211.220.174.241, 4
12/30/2002 3:07:42 AM, SubSeven port probe,

pcp465155pcs.shrpsr01.tn.comcast.net, 4

12/30/2002 2:55:53 AM, SubSeven port probe, 211.180.104.212, 4
12/30/2002 2:55:52 AM, SubSeven port probe, 211.180.104.212, 4
12/30/2002 2:48:50 AM, SubSeven port probe,

CPE0080c6fe0c2c.cpe.net.cable.rogers.com, 4

12/30/2002 2:12:42 AM, SubSeven port probe, 61.84.87.119, 4
12/30/2002 2:01:28 AM, SubSeven port probe, 211.220.171.85, 3
12/30/2002 2:01:28 AM, SubSeven port probe, 211.220.171.85, 3
12/30/2002 1:30:10 AM, SubSeven port probe, 218.150.0.71, 3
12/30/2002 1:30:10 AM, SubSeven port probe, 218.150.0.71, 3
12/30/2002 1:10:01 AM, SubSeven port probe, 61.84.137.155, 4
12/30/2002 1:10:01 AM, SubSeven port probe, 61.84.137.155, 4
12/30/2002 12:56:18 AM, SubSeven port probe, 211.195.57.52, 4
12/30/2002 12:56:18 AM, SubSeven port probe, 211.195.57.52, 4
12/30/2002 12:45:13 AM, SubSeven port probe, 218.147.103.205, 4
12/30/2002 12:45:13 AM, SubSeven port probe, 218.147.103.205, 4
12/30/2002 12:13:30 AM, SubSeven port probe, 61.82.221.165, 3
12/30/2002 12:13:30 AM, SubSeven port probe, 61.82.221.165, 3
12/29/2002 11:52:24 PM, SubSeven port probe, 61.77.146.31, 4
12/29/2002 11:51:42 PM, SubSeven port probe, 218.148.57.89, 3
12/29/2002 11:51:41 PM, SubSeven port probe, 218.148.57.89, 3
12/29/2002 11:29:42 PM, SubSeven port probe, 211.230.118.236, 4
12/29/2002 10:48:21 PM, SubSeven port probe,

1Cust124.tnt1.reading.pa.da.uu.net, 4
12/29/2002 10:48:21 PM, SubSeven port probe, 1Cust124.tnt1.reading.pa.da.uu.net, 4
12/29/2002 10:42:14 PM, SubSeven port probe, 61.73.229.103, 4 12/29/2002 10:07:20 PM, SubSeven port probe, s211-33-10-129.thrunet.ne.kr, 1
12/29/2002 10:07:19 PM, SubSeven port probe, s211-33-10-129.thrunet.ne.kr, 1

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Jan 2 12:06:02 2003

This message: [ Message body ]
Next message: John Paul: "PDL anti-spam blacklist"
Previous message: Jonathan Rickman: "Re: Virus? Trojan?"
In reply to: David Gillett: "Virus? Trojan?"
Next in thread: Jeff Kell: "Re: Abnormally high Sub-Seven attack rate increase"
Reply: Jeff Kell: "Re: Abnormally high Sub-Seven attack rate increase"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:55 EDT