[nsp-sec] TCP-23 Increase
Sean Donelan
sean at donelan.com
Mon Jun 30 15:14:54 EDT 2008
On Mon, 30 Jun 2008, Matthew.Swaar at us-cert.gov wrote:
> I'm working on comparing Ips across multiple days, see if it's a
> relatively static handful doing this. The traffic appears to be mostly
> 60bpp SYN scanning, with some SYN-RST thrown in.
>
> Anyone have a theory about what prompted this?
No theories, but we saw a spike in TCP/23 starting last Tuesday (June
24), putting it in the top 5 scanners. It seems very widely distributed.
Although Japan showed up more than typical, the normal "baddies" seemed
lower than typical.
sean donelan
akamai (20940)
More information about the nsp-security
mailing list