Security Basics mailing list archives
Re: SunRPC Outbound Probes
From: Eric Hagen <eric () sandpile net>
Date: Wed, 15 Oct 2003 18:39:28 -0500
Have you managed to sniff any of the UDP traffic? If it were TCP, it wouldn't be worth it since they would probably just be SYN packets, but the initial transmission that is blocked could very well contain the payload of whatever it's trying to do. I haven't heard of any known nasties working from that IP, but the box is up and running a few services (yeah, I just checked). Details of what's in the packets may be useful.
Eric Hagen John Smithson wrote:
Gurus,Since yesterday evening we have notice few machines trying to go outbound to 216.65.91.114 on SunRPc (UDP) ports. Is there some sort of trojan on the box? THey shoud not be going outbound on this address on sunrpc service. We are blocking this specific oubound traffic on our firewall. howver, I'm seeing huge number of events are generated by this machines.We have ran AV Scanner / Ad-aware all of them came empty on these machines. Machines varies on OS 9x and NT, OS.Can someone help me figure out what is going on?? Thanks _________________________________________________________________Want to check if your PC is virus-infected? Get a FREE computer virus scan online from McAfee. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963--------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ----------------------------------------------------------------------------
Current thread:
- SunRPC Outbound Probes John Smithson (Oct 15)
- Re: SunRPC Outbound Probes Eric Hagen (Oct 15)