Security Incidents mailing list archives

Re: A rise

From: Glenn Forbes Fleming Larratt <glratt () IO COM>
Date: Sun, 18 Feb 2001 13:02:14 -0600

Ach. That would explain the scan we saw this morning out of Morocco
(I think? .ma?) -

        - rpc scan of our entire Class B, in about 22 mins, at 1224 UTC;

        - bind scan of our entire Class B, in about 22 mins, at 1335 UTC;

        - ftp scan of our Class B ( which I interrupted by blocking their
                traffic, *thank* you), at 1357 UTC - they got through
                about 60% of it in about 13 mins.

        -g

On Sun, 18 Feb 2001, Jeff Stutzman wrote:

I read on Friday that Ramen had been modified by adding the knark rootkit,
BIND exploit, and rpc exploit to the initial code. This might explain the
newfound interest in RPC scanning.

Jeff
Office of Naval Intelligence
Computer Network Ops


--
Glenn Forbes Fleming Larratt         The Lab Ratt (not briggs :-)
glratt () io com                        http://www.io.com/~glratt
There are imaginary bugs to chase in heaven.

Current thread:

A rise John (Feb 17)
- Re: A rise Jon Lewis (Feb 17)
- Re: A rise Ryan Russell (Feb 17)
  - Re: A rise Jeff Stutzman (Feb 18)
    - Re: A rise Ryan Russell (Feb 19)
    - Re: A rise Ryan Russell (Feb 19)
    - Re: A rise Glenn Forbes Fleming Larratt (Feb 19)
- <Possible follow-ups>
- Re: A rise Leon Rosenstein (Feb 19)