Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unusual volume: UDP:137 probes

From: Christopher Albert <albert () DMS UMontreal CA>
Date: Mon, 30 Sep 2002 16:45:39 -0400
Emeric Miszti wrote:


On Monday 30 Sep 2002 9:33 am, Mark Forsyth wrote:
On Monday, September 30, 2002 9:02 AM, John Sage [SMTP:jsage () finchhaven com] wrote: 


This has received some mention on the UNISOG list and elsewhere, but
not here.

Some people have been seeing unusually high volumes of UDP:137 probes
since about 09/27/02 late, or early 09/28/02.


<snip>
Been seeing exactly the same spike with same patterns. Up from 40 odd scans on 28/9/2002 to 495 already today. 

Incidents.org have picked this up at the Internet Storm Center

http://isc.incidents.org/port_details.html?port=137

No explanations or reasons been given by anyone yet.


This might be W32/Bubbear@MM , which spreads by SMTP
and network shares:*
*
http://vil.nai.com/vil/content/v_99728.htm
http://www.sophos.com/virusinfo/analyses/w32bugbeara.html

Chris
--------------------------------------------------------------------
Christopher Albert Responsable des services informatiques 
        Departement de mathematiques et de statistique
Universite de Montreal 
          bureau 6188, Pavillon Andre-Aisenstadt
Tel: (514) 343-2281 Fax: (514) 343-5700 -------------------------------------------------------------------- 





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: