Security Incidents mailing list archives
Re: Qeustion!
From: Steve Stearns <sterno () GEMINI BIGBROTHER NET>
Date: Thu, 19 Oct 2000 14:01:07 -0500
On Tue, 17 Oct 2000, Unenge Brian wrote:
I experience some kind of weird scanning on my network on port 111 (sunrpc) the scanning last for about 20 - 25 seconds from different networks WW. One from Korea one from Belgium one from Finland and some from US, is it possible to make any harm on this port, i am having serious trouble on my DNS server after this.
Your system may not be vulnerable to an RPC exploit, but you should insure that you've got the latest patches applied if you are running NFS. If you aren't running NFS then make sure you've got it turned off. I've noticed lately a lot of scans from machines that appear to have been already compromised (almost always using an RPC vulnerability). The systems that seem to be most prone to this problem are older Linux and Solaris systems (based on my limited completely unscientific analysis of the systems that have been scanning me). For some additional information on this subject, check out: http://advice.networkice.com/Advice/Intrusions/2003016/default.htm ---Steve
Current thread:
- Qeustion! Unenge Brian (Oct 19)
- Re: Qeustion! reb (Oct 19)
- Re: Qeustion! Steve Stearns (Oct 20)
- Re: Qeustion! George Bakos (Oct 20)