Security Incidents mailing list archives
Re: anyone else seen an increase in sunrpc scans these days?
From: "Nathan W. Lindstrom" <nlindstrom () ENSIM COM>
Date: Tue, 16 Jan 2001 12:25:18 -0800
I strongly recommend downloading, building and running PortSentry from http://www.psionic.com/abacus/portsentry/ I have run it with great success on FreeBSD, Linux and Solaris. --Nathan Digital Overdrive wrote:
[requoted] Cristian Dumitrescu wrote:On Mon, 15 Jan 2001, Alex Popa wrote:In the last five days, the port scans to my entire class C have dramatically increased, from one per two days on average, to four yesterday and six today. Is there a new exploit around, or is there some sort of new worm out there? I might just be paranoid, but here are the addreses that have been looking for port 111 in the last 26 hours: 24.26.121.156 24.168.66.119 64.31.226.156 142.169.227.102 193.226.15.15 211.218.144.11Hey I've been experiencing the same kind of scans in the last 2 weeks, with increased density in the last days, from these ip addreses: 211.120.63.136 213.154.132.122 210.205.6.215 24.114.48.24 62.83.125.82 193.231.199.4 193.40.223.66 65.3.3.83 193.230.227.234Just one question: How do you detect these scans ? I can't find anything in my logs, but I don't have programs like portsentry running. What can you (all) advice me ? Kind regards, Jan -- .~. Dutch Security Information Network : http://www.dsinet.org /V\ news:alt.hack.nl FAQ : http://www.dsinet.org/hackfaq /( )\ digiover () dsinet org / digiover () cotse com ^^-^^ "Microsoft: We make virii work!"
-- [Your mouse moved. Windows NT will be restarted for your changes to take effect.]
Current thread:
- Re: anyone else seen an increase in sunrpc scans these days? Ray Simard (Jan 15)
- <Possible follow-ups>
- Re: anyone else seen an increase in sunrpc scans these days? Steve Buttgereit (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Derek Kwan (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Brian Taylor (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Matthew Hallacy (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Devdas Bhagat (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Cristian Dumitrescu (Jan 15)
- sunrpc / wu-ftpd worm ? Mihai Moldovanu (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Digital Overdrive (Jan 16)
- Re: anyone else seen an increase in sunrpc scans these days? Cristian Dumitrescu (Jan 16)
- Re: anyone else seen an increase in sunrpc scans these days? Nathan W. Lindstrom (Jan 16)
- Re: anyone else seen an increase in sunrpc scans these days? Ignacio Machin (Jan 18)
- Re: anyone else seen an increase in sunrpc scans these days? razor (Jan 18)
- Re: anyone else seen an increase in sunrpc scans these days? Ignacio Machin (Jan 22)
- FTP and RPC based worms [was anyone else ...] Russell Fulton (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] Royans K Tharakan (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] slim bones (Jan 16)
- Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Mihai Moldovanu (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Jeffrey F. Lawhorn (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Daniel Martin (Jan 16)