On Sat, 4 Mar 2006, Jay D. Dyson wrote: > In the past hour I've seen 43 scans for telnetd (port 23) on a > single DNS box. Most of these scans are coming from Asia, but a number > are originating from South America as well. These are not network sweeps; > they are aimed solely at DNS systems.
I observed a sudden increase of 23/tcp probes on Feb 28 at 16:00 GMT (from more or less zero to approx. 1500 probes per hour). It lasted for 10 hours, then it stopped almost quickly as it started. It was neither a focused probing of a certain kind of devices, nor any systematic sweep -- various IP addresses (including broadcast and other reserved addresses) in our network were hit in a seemingly random manner. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
