Re: Qeustion!

[Steve Stearns <sterno () GEMINI BIGBROTHER NET>]

On Tue, 17 Oct 2000, Unenge Brian wrote:

> I experience some kind of weird scanning on my network on port 111  (sunrpc)
> the scanning last for about 20 - 25 seconds from different networks WW.
> One from Korea one from Belgium one from Finland and some from US, is it
> possible to make any harm on this port, i am having serious trouble on my
> DNS server after this.

Your system may not be vulnerable to an RPC exploit, but you should insure
that you've got the latest patches applied if you are running NFS.  If you
aren't running NFS then make sure you've got it turned off.

I've noticed lately a lot of scans from machines that appear to have been
already compromised (almost always using an RPC vulnerability).  The
systems that seem to be most prone to this problem are older Linux and
Solaris systems (based on my limited completely unscientific analysis of
the systems that have been scanning me).

For some additional information on this subject, check out:

http://advice.networkice.com/Advice/Intrusions/2003016/default.htm

---Steve