Security Incidents mailing list archives

Re: Qeustion!

From: George Bakos <alpinista () BIGFOOT COM>
Date: Fri, 20 Oct 2000 08:37:47 -0400

ICMP 3:13 is "admin prohibeted filter".  If you are seeing this traffic
coming at you, it is most likely responses to stimuli that either
came from you, or spoofed your address as the source.

If you keep complete packet logs, check to see if anything left your
network headed for Belgium, Finland & Korea.  If you don't have
access to such logs, examine the host in question for signs of bad
doings.  The AUSCERT provides excellent checklists to help at:
http://www.auscert.org.au/Information/Auscert_info/papers.html

Get a hold of me off-list if you need assistance.

On 17 Oct 00, at 22:54, Unenge Brian wrote:

I'm a newbee on this, so if anybody could help with (type3 - code13) I
would appreciate it.

I experience some kind of weird scanning on my network on port 111
(sunrpc) the scanning last for about 20 - 25 seconds from different
networks WW. One from Korea one from Belgium one from Finland and some
from US, is it possible to make any harm on this port, i am having
serious trouble on my DNS server after this.

George Bakos - Security Engineer
Electronic Warfare Associates
Information & Infrastructure Technologies
http://www.ewa.com
802-338-3213

 To request PGP public key,
 mailto:alpinista () bigfoot com?subject=sendpubkey
 or http://pgpkeys.mit.edu:11371/

Current thread:

Qeustion! Unenge Brian (Oct 19)
- Re: Qeustion! reb (Oct 19)
- Re: Qeustion! Steve Stearns (Oct 20)
- Re: Qeustion! George Bakos (Oct 20)