[nsp-sec] tcp/23 increase
Greenberg, David A
dgreenbe at iu.edu
Wed Jan 13 16:01:49 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have no idea why, but we (and US higher-ed in general) are seeing an increase in tcp/23 traffic that started Tuesday morning. The volume isn't huge, but 3000 sources in the past 24 hours make me think that this is some sort of coordinated, distributed scan.
http://www.ren-isac.net/cgi-bin/monitoring/Internet2TGa_port.cgi?tcp_dst_23_flows
I uploaded a list of sources with UTC timestamp that we have seen at Indiana University to https://asn.cymru.com/nsp-sec/upload/1263415602.whois.txt and have attached the ASN list in a text file.
Thanks,
David
- --
David Greenberg
Principal Security Engineer
University Information Security Office
Office of the Vice President for IT
Indiana University
-----BEGIN PGP SIGNATURE-----
Version: 9.12.0 (Build 1035)
Charset: utf-8
wj8DBQFLTjS9v9fiDogoQQIRAvwwAKC5D20M/8trn39xhQ4CeX2yu1TK0QCgh1oH
4ADPQ5EOqvm8l9e3/5T3n5c=
=kGol
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tcp.23.sources.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20100113/95e2e3f3/attachment-0001.txt>
More information about the nsp-security
mailing list