InfoSec News

As Hurricane Irene starts to move north along the East Coast of the United States, the first reports of its affects on communications systems are coming in.
 


A few weeks ago a diary[1] posted by Dr. J pointed out a spike in port 3389[2] traffic.
Since then the sources have spiked ten fold. This is a key indicator that there is an increase of infected hosts that are looking to exploit open RDP services.
We're interested to know if any of our readers have come across infected hosts that could be contributing to this port knocking out in the wild.
Tell us what you're seeing and please share with us what you can.

[1] http://isc.sans.edu/diary.html?storyid=11299

[2] http://isc.sans.edu/port.html?port=3389


-Kevin Shortt

--

ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Columnist Mike Elgan writes that Apple is going to do to your cable TV box what it did to the audio CD: Make it go away.
 
Internet Storm Center Infocon Status