Lots of portscans this morning

Looks like there’s a new worm afoot on campus this morning, lots of probes at port 445 and 135 to our portsentry hosts. Maybe this new RBot variant or this Agobot variant.

And we were down to less than 60 open tickets.

Update (11/18/2004): Looks like at least some of these were recently reinstalled Windows XP without all the patches. Most commonly found virus was Korgo.worm.v. But, this mini-outbreak reinforces the usefulness of being proactive with network monitoring and using the quarantine vlan.

Leave a Reply

Your email address will not be published. Required fields are marked *