SV: Aggresive RPC & DNS scans from Korean hosts

[Mike Blomgren <mike.blomgren () KONSULT ATG SE>]

This host has been up since the begining of february, when we were hit by
his probes. Mostly for ports 53, 515, 21 & 111. He scanned several machines
very slooowly, for four days.

And he's apparently still going strong....

~Mike

> -----Ursprungligt meddelande-----
> Från: Matt W. [mailto:kmx () EGATOBAS ORG]
> Skickat: den 20 mars 2001 18:57
> Till: INCIDENTS () SECURITYFOCUS COM
> Ämne: Re: Aggresive RPC & DNS scans from Korean hosts
>
>
> I've been seeing traffic from this host for about a week.  
> Started with SYN
> scans for port 21/53/111/ and i've been sweeped for 53/111 
> twice in the last 3
> days.
>
> -matt
> www.farm9.com
> Managed Security Services.
>
> Joseph Nicholas Yarbrough wrote:
>
> > In the spirit of owned korean hosts, a we have been getting 
> aggresive scans
> > from 203.232.4.4 on tcp/53 and tcp/111. (perhaps more)
> >
> > -Nick