[Snort-users] Increase in nmap pings

Michael Schwartzkopff misch at ...3397...
Mon May 3 13:01:06 EDT 2004


Hi,

its the sasser worm. The infected computer has port 5554 open. You can check 
it with any scanner. But still find the numbers increasing ...


Am Montag, 3. Mai 2004 18:49 schrieb Larry Pitcher:
> I got several this morning (not hundreds) from 80.132.233.166, apparently
> from Germany.
>
> Larry Pitcher
> pitcherl at ...11634...
>
>
>
> -----Original Message-----
> From: Chuck Holley [mailto:cholley at ...11679...]
> Sent: Monday, May 03, 2004 8:17 AM
> To: 'Miner, Jonathan W'; 'Snort-users '
> Subject: RE: [Snort-users] Increase in nmap pings
>
>
> I noticed some too. Not a whole lot but about a dozen.  Out of france?
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Miner,
> Jonathan W
> Sent: Monday, May 03, 2004 11:05 AM
> To: 'Snort-users '
> Subject: RE: [Snort-users] Increase in nmap pings
>
> Checking my logs for NMAP events, I concur with Michael's observations:
>
> 5/1 0005h (EST) - 5/2 0005h (EST): 2
> 5/2 0005h (EST) - 5/3 0005h (EST): 39
> 5/3 0005h (EST) - now: 2483
>
> The bulk of the "ICMP PING NMAP" events started after 0117h (EST). Many
> different sources and destinations.
>
> -----Original Message-----
> From: Michael Schwartzkopff
> To: Snort-users
> Sent: 5/3/04 8:47 AM
> Subject: [Snort-users] Increase in nmap pings
>
> since 9:00 CEST (7:00 GMT) I see a massive increase in nmap pings SID
> 469.
>
> Some questions:
>
> - - Anybody else seeing it?
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list