Security Incidents mailing list archives
Re: Lots of rpc.statd probes lately
From: Steve Stearns <sterno () BIGBROTHER NET>
Date: Thu, 1 Mar 2001 12:10:18 -0600
Frank Louwers wrote:
The last 2 weeks, I've seen a HUGE increase in rpc.statd probes. Any new exploits around? Frank
The system I run is a relatively low profile system (linux box hooked up to a DSL line with just my low traffic website on it). So, my assumption is that almost all of the rpc probes I see are from sequential searches of IP addresses. Since February 12th I have seen 73 unique rpc probes on my system making for an average of just over 4 probes a day (and it seems like it's been increasing lately). Not a lot in the grand scheme of things, but considering that this is almost all from sequential scanning, it seems like a whole lot to me. By contrast, a few months ago I was maybe getting 3 probes a week (and that's all kinds of probes, not just RPC). So I've seen at least an order of magnitude increase (using my relatively unscientific measurements). I think that the big increases aren't so much attributed to new exploits, but rather that as vulnerable boxes are exploited, they increase the number of overall scans resulting in more exploits, wash, rinse, repeat. On the bright side, eventually all the boxes that can be exploited will be exploited and the number of scans should begin tapering off as some of the compromised boxes are fixed. ---Steve
Current thread:
- Lots of rpc.statd probes lately Frank Louwers (Mar 01)
- Re: Lots of rpc.statd probes lately Steve Stearns (Mar 01)
- <Possible follow-ups>
- Re: Lots of rpc.statd probes lately James Paterson (Mar 01)
- Re: Lots of rpc.statd probes lately Justin Shore (Mar 01)
- Re: Lots of rpc.statd probes lately Joseph Nicholas Yarbrough (Mar 02)