Security Incidents mailing list archives
Re: anyone else seen an increase in sunrpc scans these days?
From: Mihai Moldovanu <mihaim () PROFM RO>
Date: Mon, 15 Jan 2001 14:40:16 +0200
Jason Lewis wrote:
I couldn't find any of those addresses, but I have similar scans in my logs. 63.91.6.36 64.32.209.213 64.21.114.2 66.22.62.2 216.98.160.251
Yes . The same problem here . But not only 111 . 21 also. We deployed a honnypot and waited to be compromised. It took 12 hours to be compromised. I took it out of the network and this is what i found on it : It seemns like a worm that installs StatDXscan ( Class B rpc.statd scanner) , wu-ftpd scanner , a modified t0rn rootkit along with Adore LKM rootkit , and flood tools : Sl2 , smurf5 , tojaned sshd running on port 48480 ) t0rnscan has inside it the following string: irc.webbernet.net:6667 -- Lead programmer, Mihai Moldovanu (mihaim () profm ro) WEB: http://tfm.profm.ro/ http://www.developers.ro/
Current thread:
- Re: anyone else seen an increase in sunrpc scans these days?, (continued)
- Re: anyone else seen an increase in sunrpc scans these days? Matthew Hallacy (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Devdas Bhagat (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Cristian Dumitrescu (Jan 15)
- sunrpc / wu-ftpd worm ? Mihai Moldovanu (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Digital Overdrive (Jan 16)
- Re: anyone else seen an increase in sunrpc scans these days? Cristian Dumitrescu (Jan 16)
- Re: anyone else seen an increase in sunrpc scans these days? Nathan W. Lindstrom (Jan 16)
- Re: anyone else seen an increase in sunrpc scans these days? Ignacio Machin (Jan 18)
- Re: anyone else seen an increase in sunrpc scans these days? razor (Jan 18)
- Re: anyone else seen an increase in sunrpc scans these days? Ignacio Machin (Jan 22)
- FTP and RPC based worms [was anyone else ...] Russell Fulton (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] Royans K Tharakan (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] slim bones (Jan 16)
- Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Mihai Moldovanu (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Jeffrey F. Lawhorn (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Daniel Martin (Jan 16)