I'm sitting in front of two Class B's. We saw a steady increase in the unique external IPs scanning us for UDP 1026, 1030 today since 0700 EST. This chart shows the number of unique external IPs with incoming UDP 1026 traffic per hour since noon. First column is hour in EST:
00 209
01 93
02 92
03 112
04 33
05 34
06 92
07 211
08 282
09 409
10 494
11 598
12 709
13 871
14 1039
15 1263
16 1392
17 1559
18 1722
19 1905
UDP 1030 also appears to be increasing at the same rate. I took samples at 12:00, 14:00, 16:00, and 18:00 and got results of 833, 1205, 1448, and 1784.
We had two hosts pop up today and start scanning for this - I will try to get my hands on them tomorrow.
Phil
=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut
email: phil.rodrigues@uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu <http://www.security.uconn.edu>
=======================================
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com on behalf of Irwan Hadi
Sent: Mon 12/1/2003 6:40 PM
To: full-disclosure@lists.netsys.com
Cc:
Subject: [Full-Disclosure] Increase probe on UDP port 1026
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Mon Dec 01 20:48:45 2003
This archive was generated by hypermail 2.1.8 : Mon Dec 01 2003 - 21:01:01 CST
