Security Incidents mailing list archives
SV: Aggresive RPC & DNS scans from Korean hosts
From: Mike Blomgren <mike.blomgren () KONSULT ATG SE>
Date: Wed, 21 Mar 2001 11:38:31 +0100
This host has been up since the begining of february, when we were hit by his probes. Mostly for ports 53, 515, 21 & 111. He scanned several machines very slooowly, for four days. And he's apparently still going strong.... ~Mike
-----Ursprungligt meddelande----- Från: Matt W. [mailto:kmx () EGATOBAS ORG] Skickat: den 20 mars 2001 18:57 Till: INCIDENTS () SECURITYFOCUS COM Ämne: Re: Aggresive RPC & DNS scans from Korean hosts I've been seeing traffic from this host for about a week. Started with SYN scans for port 21/53/111/ and i've been sweeped for 53/111 twice in the last 3 days. -matt www.farm9.com Managed Security Services. Joseph Nicholas Yarbrough wrote:In the spirit of owned korean hosts, a we have been gettingaggresive scansfrom 203.232.4.4 on tcp/53 and tcp/111. (perhaps more) -Nick
Current thread:
- SV: Aggresive RPC & DNS scans from Korean hosts Mike Blomgren (Mar 21)