Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

New Info - SunRPC Outbound Probes

From: "John Smithson" <why1234 () hotmail com>
Date: Thu, 16 Oct 2003 09:47:06 -0700
Gurus,
Thanks for everyone's input. WHen I post this the outbound traffic used to be only on sunrpc - in last two days it has attempted to go out on following ports: 

Outbound  -
TCP - 80, 443, 135, sunrpc, icmp, 138
UDP - 137, 53
We have seen attempts of Inbound ICMP from the 216.65.91.114 - not lot to suspect Welchia or any other infection on that machine.
We have capture packets from one of our internal host and all traffic points to that address was the SYN packets - constant retransmission. Since it was just SYN packets - no payload found in the packets.
We have ran multiple malware/spyware removal tools against the appeared infected box - results turned out to be empty. We have ran other AV solution - turned empty.
Yes, the IP address belongs to Hotscentric.com, and it is an external server - not ours. 


Thanks,

-------------
Gurus,
Since yesterday evening we have notice few machines trying to go outbound to 216.65.91.114 on SunRPc (UDP) ports. Is there some sort of trojan on the box? THey should not be going outbound on this address on sunrpc service. We are blocking this specific outbound traffic on our firewall. however, I'm seeing huge number of events are generated by this machines.
We have ran AV Scanner / Ad-aware all of them came empty on these machines. Machines varies on OS 9x and NT, OS. 

Can someone help me figure out what is going on??

Thanks

_________________________________________________________________
Concerned that messages may bounce because your Hotmail account has exceeded its 2MB storage limit? Get Hotmail Extra Storage! http://join.msn.com/?PAGE=features/es 


---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: