Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Crazy port 111 scans

From: "Reeves, Mike" <MReeves () SYNCHRONY NET>
Date: Mon, 5 Feb 2001 17:26:48 -0500
I have had more 111 scans this past 5 days than in the last 2 months. Is
there some new RPC exploit or something?

Anyone else seeing these hosts?

18:22:00.911324 host181.visualsoft-usa.com.1645 > My.network.com.111: S
402285810:402285810(0) win 32120 (DF)
02/05/01 13:47:55.277351 12.31.6.3.2064 > My.network.com.sunrpc: S
33416796:33416796(0) win 32120 (DF)
 02/05/01 14:29:14.683800 211.38.138.9.1162 > My.Network.com.sunrpc: S
461989038:461989038(0) win 32120
02/02/01 19:48:06.869293 adsl-27-8.owt.com.2005 > My.network.com.sunrpc: S
4034763275:4034763275(0) win 32120 (DF)
02/02/01 23:51:50.661684 62.65.2.71.2607 > My.network.com.sunrpc: S
3918117478:3918117478(0) win 32120 (DF)
02/03/01 04:03:38.658691 ns.ilemex.com.mx.2997 > My.network.com.sunrpc: S
1478508650:1478508650(0) win 32120 (DF)
02/03/01 11:13:36.380162 211.38.138.9.2476 > My.network.com.sunrpc: S
3191203248:3191203248(0) win 32120 (DF)
02/03/01 18:27:46.742232 196.12.47.172.2954 > My.network.com.sunrpc: S
820917967:820917967(0) win 32120 (DF)
02/04/01 18:22:00.915583 63.102.65.181.1649 > My.network.com.sunrpc: S
407442869:407442869(0) win 32120 (DF)
02/04/01 18:51:51.514082 66.35.6.50.2999 > My.Network.com.sunrpc: S
817945587:817945587(0) win 32120 (DF)




Mike K. Reeves
Networking Services Engineer,
Synchrony Communications, Inc.
MCSE Microsoft Certified System Eliminator
"Geek by nature... Linux By Choice..."
Previous By Date Next
Previous By Thread Next

Current thread: