Re: Qeustion!

[reb () OPENRECORDS ORG]

Brian,

The 'attacker' is probably looking for statd on port 111 to exploit.  The
different ip addresses that you see could have been generated with the
Decoy option of nmap -D or with a distributed scan.  I would verify that
you are not running rpc services unnecessarily.

Reb

On Tue, 17 Oct 2000, Unenge Brian wrote:

> Hi!
>
> I'm a newbee on this, so if anybody could help with (type3 - code13) I would
> appreciate it.
>
> I experience some kind of weird scanning on my network on port 111  (sunrpc)
> the scanning last for about 20 - 25 seconds from different networks WW.
> One from Korea one from Belgium one from Finland and some from US, is it
> possible to make any harm on this port, i am having serious trouble on my
> DNS server after this.
>
> If anyone could give me a hint I would be grateful.
>
> Thanks in advance
>
> Brian