On Mon, 9 Apr 2001, Justin Schoeman wrote:
> I was just wondering if anybody else has noticed a significant
> increase in exploit scanning over the last few weeks? Just this last
> weekend, I have monitored 9 scans, including bind, ftpd, statd and
> lpd. This has been getting more and more common, starting with
> approximately 1 scan every two days, about 4 weeks ago, to
> approximately 3 scans a day now. The scans all come from different
> sources, mainly on the pacific rim.
worms: adore, l1on, and ramen.
http://www.sans.org/y2k/adore.htm
http://www.whitehats.com/library/worms/lion/index.html
http://www.whitehats.com/library/worms/ramen/index.html
hope this helps. its responsible for about 99% of the particular service
sweeps you are seeing.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
