[nsp-sec] tcp/23 increase
Peter Haag
peter.haag at switch.ch
Thu Jan 14 03:13:56 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greenberg, David A wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> I have no idea why, but we (and US higher-ed in general) are seeing an increase in tcp/23 traffic that started Tuesday morning. The volume isn't huge, but 3000 sources in the past 24 hours make me think that this is some sort of coordinated, distributed scan.
According to our flows, it started on Tue Jan 13th 01:00 GMT. That's were we see a remarkable spike, caused by
213.143.229.25. The distributed scan starts an hour later 02:00 GMT - and still goes on.
- Peter
>
> http://www.ren-isac.net/cgi-bin/monitoring/Internet2TGa_port.cgi?tcp_dst_23_flows
>
> I uploaded a list of sources with UTC timestamp that we have seen at Indiana University to https://asn.cymru.com/nsp-sec/upload/1263415602.whois.txt and have attached the ASN list in a text file.
>
> Thanks,
> David
>
- ------------------------------------------------------------------------
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: peter.haag at switch.ch Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBS07SQv5AbZRALNr/AQLFTwP+OuXRS8gRNZcNBgrAuQkeE9lJRrPNV8u7
z4B+dqJ5c8SgncFg3le/zQzZWrPuLF+WVo+mvkHGzupI1p4rLQyWasanAkLBh2yn
QRJ4lnS7B7aMHP0qxTc9XtWhzcbe0kdcU3ad/lqg/16+wTVnFItZgK1/4Q3JHuVT
w4bbBu7F4b4=
=v0AW
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: p23.png
Type: image/png
Size: 25595 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20100114/2357bd86/attachment-0001.png>
More information about the nsp-security
mailing list