Security Incidents mailing list archives
Re: Increase in Sub7 scans
From: Adam Stanley <adam () nethosters com>
Date: 12 Jun 2001 11:44:57 -0500
I received an email this morning from a concerned gentleman detailing a new Sub7 worm that was being released on IRC. It was in response to the Mcveigh execution and was being distributed on the EFNet IRC network in channel #mcveigh. An account on one of my machines was oped in the channel at the time and as a result I received the report. I will forward the email on to the list following this post. -Adam -- Adam Stanley CTO / VP Nethosters, Inc. On 12 Jun 2001 08:42:58 -0500, Obert, Jack E. wrote:
Since February, I've been receiving tcp port scans for the default sub7 port (27374) at a rate of approximately 3-4 per day. Starting on June 8th to present, I've been receiving them at 9 times that rate. 6/5/01 - 3 Scans 6/6/01 - 4 Scans 6/7/01 - 3 Scans 6/8/01 - 8 Scans 6/9/01 - 14 Scans 6/10/01 - 38 Scans 6/11/01 - 22 Scans Any ideas on what could have sparked this increased scanning? A new utility? A new vulnerability related to sub7? New media publicity? Thanks Jack E. Obert, GSEC Technical Information Security Officer St. John's Health System
Current thread:
- Increase in Sub7 scans Obert, Jack E. (Jun 12)
- Re: Increase in Sub7 scans Eric S. Johnson (Jun 12)
- Re: Increase in Sub7 scans Adam Stanley (Jun 12)
- Re: Increase in Sub7 scans Daniel Martin (Jun 12)
- <Possible follow-ups>
- RE: Increase in Sub7 scans gene . g . beaird (Jun 12)
- Re: Increase in Sub7 scans sarnold (Jun 12)
- RE: Increase in Sub7 scans David Endler (Jun 12)
- Re: Increase in Sub7 scans Phil (Jun 12)
- Re: Increase in Sub7 scans Alan Hannan (Jun 13)
- RE: Increase in Sub7 scans bparis (Jun 12)
- Re: Increase in Sub7 scans Justin Shore (Jun 12)