Security Incidents mailing list archives

Rise in rpc scans - Honeynet Project

From: Lance Spitzner <lance () SPITZNER NET>
Date: Mon, 15 Jan 2001 18:52:28 -0600

The Honeynet Project has logged a large amount
of rpc.statd activity in the past three months.
Based on this activity we estimate the average
life span of a standard, unsecured Red Hat 6.2
system is two to three weeks.  We have had 6
unsecured linux honeypots compromised since
November.

Also, we have noticed a new trend among the
blackhat community, they are no longer determining
the OS type of the victim.  We have both Linux
and Solaris systems within our Honeynet. We
have consistently seen the Solaris honeypot
hit with Linux exploits.

/var/adm/messages
Dec 28 22:10:53 solaris rpc.statd[336]: gethostbyname error ...
Jan  4 00:49:03 solaris rpc.statd[1711]: gethostbyname error ...
Jan  5 14:07:48 solaris rpc.statd[1711]: gethostbyname error ...
Jan  7 07:18:39 solaris rpc.statd[1711]: gethostbyname error  ...
Jan  9 16:02:19 solaris rpc.statd[1711]: gethostbyname error ...


lance
http://project.honeynet.org

Current thread:

Re: FTP and RPC based worms [was anyone else ...], (continued)
- - - Re: FTP and RPC based worms [was anyone else ...] slim bones (Jan 16)
    - Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Mihai Moldovanu (Jan 16)
    - Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Jeffrey F. Lawhorn (Jan 16)
    - Re: Ramen worm . More details on it. ( found a password and e-mails crypted inside it) Daniel Martin (Jan 16)
    - Re: FTP and RPC based worms [was anyone else ...] Steve Clement (Jan 16)
- Re: anyone else seen an increase in sunrpc scans these days? thomas lakofski (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Niels Heinen (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Edward Mitchell (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Timothy Lyons (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Alfred Huger (Jan 15)
  - Rise in rpc scans - Honeynet Project Lance Spitzner (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? Ed Woodson (Jan 15)
- Re: anyone else seen an increase in sunrpc scans these days? James Bryan (Jan 15)