Security Incidents mailing list archives
Re: Qeustion!
From: George Bakos <alpinista () BIGFOOT COM>
Date: Fri, 20 Oct 2000 08:37:47 -0400
ICMP 3:13 is "admin prohibeted filter". If you are seeing this traffic coming at you, it is most likely responses to stimuli that either came from you, or spoofed your address as the source. If you keep complete packet logs, check to see if anything left your network headed for Belgium, Finland & Korea. If you don't have access to such logs, examine the host in question for signs of bad doings. The AUSCERT provides excellent checklists to help at: http://www.auscert.org.au/Information/Auscert_info/papers.html Get a hold of me off-list if you need assistance. On 17 Oct 00, at 22:54, Unenge Brian wrote:
I'm a newbee on this, so if anybody could help with (type3 - code13) I would appreciate it. I experience some kind of weird scanning on my network on port 111 (sunrpc) the scanning last for about 20 - 25 seconds from different networks WW. One from Korea one from Belgium one from Finland and some from US, is it possible to make any harm on this port, i am having serious trouble on my DNS server after this.
George Bakos - Security Engineer Electronic Warfare Associates Information & Infrastructure Technologies http://www.ewa.com 802-338-3213 To request PGP public key, mailto:alpinista () bigfoot com?subject=sendpubkey or http://pgpkeys.mit.edu:11371/
Current thread:
- Qeustion! Unenge Brian (Oct 19)
- Re: Qeustion! reb (Oct 19)
- Re: Qeustion! Steve Stearns (Oct 20)
- Re: Qeustion! George Bakos (Oct 20)