Security Incidents mailing list archives
RE: Strange network activity
From: "Dave Paris" <dparis () w3works com>
Date: Fri, 16 Apr 2004 14:53:12 -0400
-----Original Message----- From: Roach4 [mailto:ml () undergroundportal com] Sent: Friday, April 16, 2004 10:39 AM To: incidents () securityfocus com Subject: Strange network activity Hi, Yesterday we noticed some strange traffic from some internal machines trying to contact Japan IP addresses on the port 54875 like 300 times a second. We left the office without worrying too much and we came back this morning to see that there was external Japan IP addresses which was querying internal machines for the RPC vulnerability.
[...] "noticed...internal machines trying to contact...like 300 times a second." "left the office without worrying too much" Please tell me you left out a line line in your message like "so we firewalled off the internal machines from contacting (inbound and outbound) the suspect networks." If so, please disregard the remainder of this note. If not... Pardon me for throwing decorum (and sane-sounding responses) out the window, but WHAT IN THE HOLY HELL WERE YOU PEOPLE FREAKIN' THINKING WHEN YOU JUST UP AND LEFT??!! I mean really... 300 times a second and this didn't set off any bells in your heads that there just *might* be a wee bit of a problem on your network?!? [Shaking my head in disbelief] -dsp --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Strange network activity Roach4 (Apr 16)
- RE: Strange network activity Dave Paris (Apr 16)