Security Incidents mailing list archives
Re: anyone else seen an increase in sunrpc scans these days?
From: Edward Mitchell <ed () XWING CENTIGRAM COM>
Date: Mon, 15 Jan 2001 07:34:05 -0800
The last 10 days have seen a total of 15 sunrpc scans/rpcinfo queries and related exploit attempts against my network. Oddly, snort reports the rpc exploits as x86 versions. I thought there was a sparc port for the Solaris vulnerability, but maybe I'm mistaken. Either stupid people out there can't tell an x86 from a sparc box, or snort's rule is flawed... The other most common attack these days is against ftp, namely wu-ftpd 2.6.1(very patched). *sigh* On Mon, 15 Jan 2001, Alex Popa wrote:
In the last five days, the port scans to my entire class C have dramatically increased, from one per two days on average, to four yesterday and six today. Is there a new exploit around, or is there some sort of new worm out there? I might just be paranoid, but here are the addreses that have been looking for port 111 in the last 26 hours: 24.26.121.156 24.168.66.119 64.31.226.156 142.169.227.102 193.226.15.15 211.218.144.11 ------------+------------------------------------------ Alex Popa, | "Artificial Intelligence is razor () ldc ro| no match for Natural Stupidity" ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here."
Current thread:
- Re: anyone else seen an increase in sunrpc scans these days?, (continued)
- Re: anyone else seen an increase in sunrpc scans these days? Mihai Moldovanu (Jan 15)
- FTP and RPC based worms [was anyone else ...] Russell Fulton (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] Royans K Tharakan (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] slim bones (Jan 16)
- Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Mihai Moldovanu (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Jeffrey F. Lawhorn (Jan 16)
- Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Daniel Martin (Jan 16)
- FTP and RPC based worms [was anyone else ...] Russell Fulton (Jan 15)
- Re: FTP and RPC based worms [was anyone else ...] Steve Clement (Jan 16)
- Re: anyone else seen an increase in sunrpc scans these days? Mihai Moldovanu (Jan 15)
- Rise in rpc scans - Honeynet Project Lance Spitzner (Jan 15)