Security Incidents mailing list archives
Re: anyone else seen an increase in sunrpc scans these days?
From: Niels Heinen <niels.heinen () UBIZEN COM>
Date: Mon, 15 Jan 2001 02:08:24 +0100
Alex Popa wrote:
In the last five days, the port scans to my entire class C have dramatically increased, from one per two days on average, to four yesterday and six today. Is there a new exploit around, or is there some sort of new worm out there? I might just be paranoid, but here are the addreses that have been looking for port 111 in the last 26 hours: 24.26.121.156 24.168.66.119 64.31.226.156 142.169.227.102 193.226.15.15 211.218.144.11 ------------+------------------------------------------ Alex Popa, | "Artificial Intelligence is razor () ldc ro| no match for Natural Stupidity" ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here."
There are several automated rpc hacking tools circulating in the underground. Most of them are modfied statdx.c exploits with rpc scanners. The scanner keeps a record of hosts found with rpc enabled and this list is used by the modified statdx which will try to exploit them. It might be possible that some script kiddie is using it against you not realising how noisy these tools are. Greets, Niels
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: anyone else seen an increase in sunrpc scans these days?, (continued)
- Re: anyone else seen an increase in sunrpc scans these days? Ignacio Machin (Jan 22)
- Re: anyone else seen an increase in sunrpc scans these days? Mihai Moldovanu (Jan 15)
- FTP and RPC based worms [was anyone else ...] Russell Fulton (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] Royans K Tharakan (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] slim bones (Jan 16)
- Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Mihai Moldovanu (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Jeffrey F. Lawhorn (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Daniel Martin (Jan 16)
- FTP and RPC based worms [was anyone else ...] Russell Fulton (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] Steve Clement (Jan 16)
- Rise in rpc scans - Honeynet Project Lance Spitzner (Jan 15)