Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Broadcast storm in my network/ any ideas

From: TheGesus <thegesus () gmail com>
Date: Thu, 22 Dec 2005 12:32:28 -0500
Smells like "Windows Services for Unix" (a.k.a. "SFUX") to me.

A very oddball product that never made any real market penetration.

Check to see if it's installed in Add/Remove Programs.  Then hose it.

On 12/22/05, wilder_jeff Wilder <wilder_jeff () msn com> wrote:


All,

I have a Windows 2000 terminal server that is consistantly sending out
broadcasts to 255.255.255.255:111... below is a capture from a snort box I
have running. In the last 18 hours I have had about 2000 packets from this
box to this address about every 30 seconds.  Snort reports the signature as
a RPC portmap proxy attempt UDP.  I have not been able to find much
information on this event.  I have run a current AV scan against the box, it
did come up clean.  Can anyone give me a bit of direction as to these
events?

-Jeff

RPC portmap proxy attempt UDP  10.74.32.31:3300/udp
255.255.255.255:111/udp 07:50:35
RPC portmap proxy attempt UDP  10.74.32.31:3291/udp
255.255.255.255:111/udp 07:50:05


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: