Full Disclosure mailing list archives
Re: Broadcast storm in my network/ any ideas
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 22 Dec 2005 20:31:22 +0300
Dear wilder_jeff Wilder, UDP/111 (Sun RPC) is not used in Windows environment. Either you use some services for Unix, i.e. MS services for Unix, 3rd party NFS/NIS/etc support or this is result of privileged user/trojan/backdoor activity. --Thursday, December 22, 2005, 8:16:48 PM, you wrote to full-disclosure () lists grok org uk: wW> I have a Windows 2000 terminal server that is consistantly sending wW> out broadcasts to 255.255.255.255:111... below is a capture from a wW> RPC portmap proxy attempt UDP 10.74.32.31:3300/udp wW> 255.255.255.255:111/udp 07:50:35 RPC portmap proxy attempt UDP wW> 10.74.32.31:3291/udp 255.255.255.255:111/udp 07:50:05 -- ~/ZARAZA http://www.security.nnov.ru/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: new attack technique? using JavaScript+XML+OWSPost Data, (continued)
- Re: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)
- RE: new attack technique? using JavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- Re: new attack technique? using JavaScript+XML+OWSPost Data name pipe (Dec 22)
- Re: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)
- Re: new attack technique? using JavaScript+XML+OWSPost Data Test Drive (Dec 22)
- RE: new attack technique? usingJavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- RE: new attack technique? usingJavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- RE: new attack technique? using JavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- Re: new attack technique? using JavaScript+XML+OWSPost Data Test Drive (Dec 22)
- Broadcast storm in my network/ any ideas wilder_jeff Wilder (Dec 22)
- Re: Broadcast storm in my network/ any ideas 3APA3A (Dec 22)
- Re: Broadcast storm in my network/ any ideas TheGesus (Dec 22)
- Re: Broadcast storm in my network/ any ideas J.A. Terranson (Dec 22)
- Re: new attack technique? usingJavaScript+XML+OWSPost Data Morning Wood (Dec 22)
- Re: new attack technique? usingJavaScript+XML+OWSPost Data Abhisek Datta (Dec 22)
- Re: [WEB SECURITY] RE: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)