Security Incidents mailing list archives
morpheus/kazaa probes/scans
From: k <tattooman () scott culp should read 1984 while ondrugz com>
Date: Tue, 12 Feb 2002 00:49:32 +0000 (GMT)
during the past week, i have noticed a *very* substantial and alarming number of unsolicited morpheus/kazaa scans/probes (port 1214). before last week, the targeted systems, which reside on roadrunner cablemodem networks, were receiving an average of 40 separate probes/day, with less than 5 morpheus/kazaa probes/day. currently, those same systems have been getting over 300 morpheus/kazaa probes/day for the past 5 days. the elevated probe numbers have been relatively constant. no file sharing software is or ever has been run (or installed) on any of the systems. ALL unsolicited incoming traffic is filtered/blocked/dropped. NO public services (www, ftp, etc) have ever been run on any of the systems. the probes have been coming from a wide variety of systems all over the world, including .edu and .gov. i have not seen any substantial increase in similar scans on corporate networks that i monitor. anybody else seen an increase in morpheus/kazaa scans, or have any insight into the reasons (new vuln scanning tool, new morpheus/kazaa exploits, etc)? thanks, k ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- morpheus/kazaa probes/scans k (Feb 11)
- Re: morpheus/kazaa probes/scans Raistlin (Feb 11)
- Re: morpheus/kazaa probes/scans Mike Damm (Feb 11)
- Re: morpheus/kazaa probes/scans Russell Fulton (Feb 11)
- <Possible follow-ups>
- RE: morpheus/kazaa probes/scans BRAD GRIFFIN (Feb 11)
- Re: morpheus/kazaa probes/scans Troy D. Strum (Feb 12)