Last Updated: 2008-05-27 10:50:06 UTC
by Marcus Sachs (Version: 2)
Take a look at port 1533. That's quite an increase in targeted computers reporting via DShield over the past few days. Anybody got some good packet captures showing what is going on? If so, send them to us via our contact page so we can analyze them.
UPDATE: Juanma sent us a note pointing to a recent vulnerability in IBM Lotus Sametime. That's probably the cause of the increase in port 1533 activity.
Marcus H. Sachs
Director, SANS Internet Storm Center