[nsp-sec] Increased in HP OV NMM scanning (tcp/2954)
jose nazario
jose at arbor.net
Tue Apr 15 11:14:05 EDT 2008
Following publication of the exploit code for the HP OV NMM buffer overflow
on TCP/2954, we're seeing a spike in attackers now for this port. This
follows a smaller bump last week when the code was a) not working well and
b) possibly working exploit code was not so public. Via ATLAS, here are the
top hosts scanning:
Host Bytes per subnet Percentage
85.25.146.193 2.09 kB 84.6%
80.233.240.24 186.94 B 7.6%
62.77.76.167 60.20 B 2.4%
195.246.222.16 53.74 B 2.2%
193.93.27.17 37.02 B 1.5%
89.146.16.26 28.20 B 1.1%
80.123.116.21 7.26 B 0.3%
62.244.213.210 5.34 B 0.2%
212.241.176.186 0.33 B 0.0%
85.196.83.12 0.16 B 0.0%
Other 0 B 0.0%
This is all since 01:50 UTC today.
Exploit code is here:
http://www.milw0rm.com/exploits/5445
- jose
More information about the nsp-security
mailing list