Security Incidents mailing list archives
Rise in rpc scans - Honeynet Project
From: Lance Spitzner <lance () SPITZNER NET>
Date: Mon, 15 Jan 2001 18:52:28 -0600
The Honeynet Project has logged a large amount of rpc.statd activity in the past three months. Based on this activity we estimate the average life span of a standard, unsecured Red Hat 6.2 system is two to three weeks. We have had 6 unsecured linux honeypots compromised since November. Also, we have noticed a new trend among the blackhat community, they are no longer determining the OS type of the victim. We have both Linux and Solaris systems within our Honeynet. We have consistently seen the Solaris honeypot hit with Linux exploits. /var/adm/messages Dec 28 22:10:53 solaris rpc.statd[336]: gethostbyname error ... Jan 4 00:49:03 solaris rpc.statd[1711]: gethostbyname error ... Jan 5 14:07:48 solaris rpc.statd[1711]: gethostbyname error ... Jan 7 07:18:39 solaris rpc.statd[1711]: gethostbyname error ... Jan 9 16:02:19 solaris rpc.statd[1711]: gethostbyname error ... lance http://project.honeynet.org
Current thread:
- Re: FTP and RPC based worms [was anyone else ...], (continued)
- Re: FTP and RPC based worms [was anyone else ...] slim bones (Jan 16)
- Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Mihai Moldovanu (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Jeffrey F. Lawhorn (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Daniel Martin (Jan 16)
- Re: FTP and RPC based worms [was anyone else ...] Steve Clement (Jan 16)
- Re: anyone else seen an increase in sunrpc scans these days? thomas lakofski (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Niels Heinen (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Edward Mitchell (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Timothy Lyons (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Alfred Huger (Jan 15)
- Rise in rpc scans - Honeynet Project Lance Spitzner (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Ed Woodson (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? James Bryan (Jan 15)