-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I can confirm to you that I have servers with WEB, FTP, SMTP and POP3 facing the internet and the firewall is not getting hit with DPT=23, not a single hit all day!
Raist Jay D. Dyson wrote: > Hi folks, > > With all the chatter on SSH scans, I'm puzzled by an obvious spike > in specific scans on my DNS servers. I'm used to seing scans on these > systems, but today's scans have been an object lesson in high weirdness. > > In the past hour I've seen 43 scans for telnetd (port 23) on a > single DNS box. Most of these scans are coming from Asia, but a number > are originating from South America as well. These are not network > sweeps; they are aimed solely at DNS systems. > > As if that weren't odd enough, the operating systems of the boxes > that are tripping my alarms are evenly divided between Linux (kernel > versions 2.1.19 to 2.4.21) and, oddly enough, Microsoft Windows (nmap > can't tell if they're WinMe, Win2K, or WinXP). > > The systems identified thus far are as follows (37 unique so far): > > 59.114.133.238 59.115.155.217 > 59.143.224.179 61.182.160.23 > 61.231.147.111 72.29.65.187 > 84.156.88.229 86.108.12.54 > 86.194.143.163 148.221.145.97 > 194.79.46.194 195.190.104.24 > 198.107.38.61 200.138.189.184 > 200.140.216.82 200.147.120.33 > 200.151.180.142 200.180.180.192 > 200.97.171.2 200.97.49.173 > 201.18.118.135 201.50.0.138 > 202.76.10.193 210.104.255.77 > 210.172.165.69 211.115.88.55 > 213.151.33.233 213.77.71.234 > 218.160.158.17 218.168.113.3 > 218.232.187.58 219.153.32.221 > 220.129.124.151 220.133.16.14 > 220.138.120.24 220.142.33.3 > 221.143.22.24 > > If anyone else is seeing this sort of strangeness, this could be > another one of those happy fun botnets that's trying to spank vulnerable > DNS systems. Too early to tell for sure. > > -Jay > > ( ( _______ > )) )) .-"There's always time for a good cup of coffee."-. >====<--. > C|~~|C|~~| \------ Jay D. Dyson - [EMAIL PROTECTED] ------/ | = |-' > `--' `--' `--- Good? Bad? I'm the guy with the guns. ---' `------' > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFECmdP5vz/u/r21GQRApMmAKDmQ3tnqMG301IvhZp8cNC0yVbKTACgstut 5krM3Dv2Uqj9lFFuOksUkSw= =jo2K -----END PGP SIGNATURE-----
