Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: anyone else seen an increase in sunrpc scans these days?

From: James Bryan <jhbryan () PENGUINTOWNE COM>
Date: Mon, 15 Jan 2001 15:00:00 -0600
I to have seen an increase in sunrpc scans coming from these ips:

65.26.195.191    (okc-65-26-195-191.mmcable.com)
64.123.19.28      (adsl-64-123-19-28.dsl.austtx.swbell.net)
64.2.219.110      (w110.z064002219.slc-ut.dsl.cnc.net)
66.20.108.106    (adsl-20-108-106.bna.bellsouth.net)
202.20.67.1        (ram1.ru.ac.th)
208.53.45.194    (host-2085345194.bluestar.net)
63.111.226.6      (smo01.volfirst.net)
63.202.145.170  (jjjjs.com)
24.42.168.87     (cr979351-a.bloor1.on.wave.home.com)
207.202.238.96  (ip96.usw20.rb1.bel.nwlink.com)
158.144.18.52    (looks like it's owned by !net-tifrnet (tifr.res.in))
211.5.191.200    (looks like it's owned by Nanbu Engineering Co, Ltd in
Osaka, Japan)
4.3.192.245       (lsanca1-192-245.dsl.gtei.net)

... the list goes on.. but that's just a sample of all the people scanning
for open sunrpc ports.



   .~. --------------------------------------------------
   /V\ James Bryan                        Brentwood, TN
  // \\ jhbryan () penguintowne com
 //   \\ http://www.penguintowne.com/
/(     )\ PGP Key: http://www.penguintowne.com/pgp.html
  ^`~'^  ------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: