Full Disclosure mailing list archives
Re: Port scans on 593?
From: Bradford Shedwick <bjshedwick () yahoo com>
Date: Sun, 29 Feb 2004 18:49:55 -0800 (PST)
Hey man, Thats another RPC Epmap port. Someone's looking for an rpc exploit Napoleon James Lay <jlay () ameriben com> wrote: Anyone else seeing these? Feb 28 13:58:28 homebox kernel: New,invalid TCP:IN=eth0 OUT= MAC=00:60:08:16:39:30:00:08:20:cb:04:a8:08:00 SRC=24.161.91.200 DST=24.116.*.* LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=23604 DF PROTO=TCP SPT=4300 DPT=593 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204021801010402) Saw a few yesterday...more today....different hosts...ODD. Sans says it's http-rpc-epmap. James Lay Network Manager/Security Officer AmeriBen Solutions/IEC Group Semper Vigilans!!! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Bradford Shedwick American by birth, Patriot by choice --------------------------------- Do you Yahoo!? Get better spam protection with Yahoo! Mail
Current thread:
- Re: Port scans on 593? Bradford Shedwick (Feb 29)