Security Incidents mailing list archives
Re: anyone else seen an increase in sunrpc scans these days?
From: Timothy Lyons <Timothy.Lyons () PREDICTIVE COM>
Date: Mon, 15 Jan 2001 11:57:00 -0500
My complete logs are not available to me at the moment as I'm on the road, but I too have seen a steady increase of RPC scans over the past 10-14 days. There have been some whisperings on the newsgroups of a possible new worm - has anyone heard anything along those lines? --Tim 160.78.31.151 211.43.11.3 4.34.155.70 4.19.91.5 211.46.236.177 Jason Lewis <jlewis () JASONLEWIS NET> Sent by: Incidents Mailing List <INCIDENTS () SECURITYFOCUS COM> 01/15/2001 01:20 Please respond to jlewis To: INCIDENTS () SECURITYFOCUS COM cc: Subject: Re: anyone else seen an increase in sunrpc scans these days? I couldn't find any of those addresses, but I have similar scans in my logs. 63.91.6.36 64.32.209.213 64.21.114.2 66.22.62.2 216.98.160.251 Last 24 hours....all the above IP's are looking for Sun RPC. jas http://www.rivalpath.com -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Alex Popa Sent: Sunday, January 14, 2001 7:26 PM To: INCIDENTS () SECURITYFOCUS COM Subject: anyone else seen an increase in sunrpc scans these days? In the last five days, the port scans to my entire class C have dramatically increased, from one per two days on average, to four yesterday and six today. Is there a new exploit around, or is there some sort of new worm out there? I might just be paranoid, but here are the addreses that have been looking for port 111 in the last 26 hours: 24.26.121.156 24.168.66.119 64.31.226.156 142.169.227.102 193.226.15.15 211.218.144.11 ------------+------------------------------------------ Alex Popa, | "Artificial Intelligence is razor () ldc ro| no match for Natural Stupidity" ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here."
Current thread:
- FTP and RPC based worms [was anyone else ...], (continued)
- FTP and RPC based worms [was anyone else ...] Russell Fulton (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] Royans K Tharakan (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] slim bones (Jan 16)
- Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Mihai Moldovanu (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Jeffrey F. Lawhorn (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Daniel Martin (Jan 16)
- FTP and RPC based worms [was anyone else ...] Russell Fulton (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] Steve Clement (Jan 16)
- Rise in rpc scans - Honeynet Project Lance Spitzner (Jan 15)