Full Disclosure mailing list archives

Re: Broadcast storm in my network/ any ideas

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 22 Dec 2005 20:31:22 +0300

Dear wilder_jeff Wilder,

UDP/111  (Sun  RPC)  is  not used in Windows environment. Either you use
some services for Unix, i.e. MS services for Unix, 3rd party NFS/NIS/etc
support or this is result of privileged user/trojan/backdoor activity.

--Thursday, December 22, 2005, 8:16:48 PM, you wrote to full-disclosure () lists grok org uk:


wW> I  have  a Windows 2000 terminal server that is consistantly sending
wW> out  broadcasts  to 255.255.255.255:111... below is a capture from a
wW> RPC     portmap     proxy     attempt    UDP    10.74.32.31:3300/udp
wW> 255.255.255.255:111/udp  07:50:35  RPC  portmap  proxy  attempt  UDP
wW> 10.74.32.31:3291/udp 255.255.255.255:111/udp 07:50:05

-- 
~/ZARAZA
http://www.security.nnov.ru/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: new attack technique? using JavaScript+XML+OWSPost Data, (continued)
- - - Re: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)
    - RE: new attack technique? using JavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
    - Re: new attack technique? using JavaScript+XML+OWSPost Data name pipe (Dec 22)
    - Re: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)
    - Re: new attack technique? using JavaScript+XML+OWSPost Data Test Drive (Dec 22)
    - RE: new attack technique? usingJavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
    - RE: new attack technique? usingJavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
    - RE: new attack technique? using JavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
    - Re: new attack technique? using JavaScript+XML+OWSPost Data Test Drive (Dec 22)
    - Broadcast storm in my network/ any ideas wilder_jeff Wilder (Dec 22)
    - Re: Broadcast storm in my network/ any ideas 3APA3A (Dec 22)
    - Re: Broadcast storm in my network/ any ideas TheGesus (Dec 22)
    - Re: Broadcast storm in my network/ any ideas J.A. Terranson (Dec 22)
    - Re: new attack technique? usingJavaScript+XML+OWSPost Data Morning Wood (Dec 22)
    - Re: new attack technique? usingJavaScript+XML+OWSPost Data Abhisek Datta (Dec 22)
  - Message not available
    - Re: [WEB SECURITY] RE: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)