Last Updated: 2007-02-28 16:28:04 UTC
by Joel Esler (Version: 2)
Looks like a netrange over in France is scanning around for port 23. Read the article for further details about the "worm".
We checked our data here at the Storm Center and it appears we have similar traffic from the same net ranges.
High number of targets, but low number of sources also reflects that. Check it out
Update (Arrigo): as of 13:00 UTC the sources number 102 which is still rather low, one hopes that there aren't that many publicly reachable Solaris systems running telnet.
UPDATE:2 (Joel): Looks like Sun has released a "worm clean up" script. Check it out at http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_seen