Snort mailing list archives
OT: increased activoty on port 111, anyone?
From: "Martijn Heemels" <martijn () yggdrasil yi org>
Date: Wed, 26 Sep 2001 18:21:56 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, During the last week the portsentry boobytrap on port 111 (portmap) on my linux box has been hit a lot more than usual. Port 111 is one of the ports that i use to blackhole portscanners (i know how many of you feel about automatic firewalling, but this is a small homeserver and the risk of a dos attack by spoofing is acceptable to me). Also, during the same period i've been getting a lot of 'Lame server' warnings from my nameserver (runs on the same host), while before I hardly ever got one. The timing is a little suspect, in the light of the Nimda worm, so I wondered whether any of you have a clue. Any idea on what could cause this? Thanks, Martijn P.S. This is a low-traffic LAN connected to the net via Cable with a redhat masquerading firewall. The box runs about a dozen servers. - -- .: M. Heemels .:. webdesigner :. .: Eindhoven, NL, martijn () heemels com :. .: PGP of S/MIME encrypted e-mail preferred :. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO7IAohLMC0rbivl4EQKMjQCfVuvwx5cUkziuE4ijW4y3RVD0QboAnRoy 9s/bSqed11VSsUvDL9UGia/9 =Ccx+ -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description:
Current thread:
- OT: increased activoty on port 111, anyone? Martijn Heemels (Sep 26)