Full Disclosure mailing list archives
Broadcast storm in my network/ any ideas
From: "wilder_jeff Wilder" <wilder_jeff () msn com>
Date: Thu, 22 Dec 2005 10:16:48 -0700
All,I have a Windows 2000 terminal server that is consistantly sending out broadcasts to 255.255.255.255:111... below is a capture from a snort box I have running. In the last 18 hours I have had about 2000 packets from this box to this address about every 30 seconds. Snort reports the signature as a RPC portmap proxy attempt UDP. I have not been able to find much information on this event. I have run a current AV scan against the box, it did come up clean. Can anyone give me a bit of direction as to these events?
-JeffRPC portmap proxy attempt UDP 10.74.32.31:3300/udp 255.255.255.255:111/udp 07:50:35 RPC portmap proxy attempt UDP 10.74.32.31:3291/udp 255.255.255.255:111/udp 07:50:05
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: new attack technique? using JavaScript+XML+OWSPost Data, (continued)
- Message not available
- Re: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)
- Re: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)
- RE: new attack technique? using JavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- Re: new attack technique? using JavaScript+XML+OWSPost Data name pipe (Dec 22)
- Re: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)
- Re: new attack technique? using JavaScript+XML+OWSPost Data Test Drive (Dec 22)
- RE: new attack technique? usingJavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- RE: new attack technique? usingJavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- RE: new attack technique? using JavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- Re: new attack technique? using JavaScript+XML+OWSPost Data Test Drive (Dec 22)
- Broadcast storm in my network/ any ideas wilder_jeff Wilder (Dec 22)
- Re: Broadcast storm in my network/ any ideas 3APA3A (Dec 22)
- Re: Broadcast storm in my network/ any ideas TheGesus (Dec 22)
- Re: Broadcast storm in my network/ any ideas J.A. Terranson (Dec 22)
- Re: new attack technique? usingJavaScript+XML+OWSPost Data Morning Wood (Dec 22)
- Re: new attack technique? usingJavaScript+XML+OWSPost Data Abhisek Datta (Dec 22)
- Re: [WEB SECURITY] RE: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)