Anyone else seeing a huge spike in attempts to (ab)use loc-srv (135/tcp)?

• Previous message: New announcement mailing list for PenLUG: penlug-announce
• Next message: Anyone else seeing a huge spike in attempts to (ab)use loc-srv (135/tcp)?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Now that I'm back from wandering through Oregon, I'm trying to get back
to the routine stuff -- one aspect of which is reviewing various logs
on a regular basis.

I grant that I was away for over a week, did not have Internet connectivity
for most of that, and that the newspapers I read didn't tend to cover
technology issues much (if at all).

But I wasn't really prepared for the huge spike I'm seeing in such
events as:

Aug 20 20:52:43 janus /kernel: ipfw: 20000 Deny TCP 63.193.123.61:2075 63.193.123.122:135 in via dc0
Aug 20 20:52:53 janus last message repeated 2 times
Aug 20 20:58:01 janus /kernel: ipfw: 20000 Deny TCP 63.191.136.90:4855 63.193.123.122:135 in via dc0
Aug 20 20:58:04 janus /kernel: ipfw: 20000 Deny TCP 63.189.192.53:4607 63.193.123.122:135 in via dc0
Aug 20 20:58:08 janus /kernel: ipfw: 20000 Deny TCP 63.156.181.173:4320 63.193.123.122:135 in via dc0
Aug 20 21:00:00 bunrab newsyslog[9927]: logfile turned over due to size>100K
Aug 20 21:00:00 bunrab newsyslog[9927]: logfile turned over due to size>100K
Aug 20 21:03:54 janus /kernel: ipfw: 20000 Deny TCP 65.177.40.173:3030 63.193.123.122:135 in via dc0
Aug 20 21:04:00 janus /kernel: ipfw: 20000 Deny TCP 63.191.200.217:3360 63.193.123.122:135 in via dc0

("janus" is the firewall, and it logs to "bunrab" -- thus the whimper
from bunrab about the logfile size.)

The list of these is even greater than the list of maillog lines from
rejected mail for the day, by a factor of at least 2.  And that's saying
something.

Note that this is merely for my home net, which ought not have much in
the way of a high profile.

Is this, perhaps, yet an additional manifestation of the virus-du-jour
for Microsoft-based machines (and thus, additional evidence that they
ought to be firewalled off from access to any resources about which a
reasonable person might care)?

Peace,
david
- 
David H. Wolfskill				david at catwhisker.org
If you want true virus-protection for your PC, install a non-Microsoft OS
on it.  Plausible candidates include FreeBSD, Linux, NetBSD, OpenBSD, and
Solaris (in alphabetical order).

• Previous message: New announcement mailing list for PenLUG: penlug-announce
• Next message: Anyone else seeing a huge spike in attempts to (ab)use loc-srv (135/tcp)?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]