Security Incidents mailing list archives
Re: SNMP Scans
From: Eric Kimminau <root () KIMMINAU ORG>
Date: Wed, 14 Mar 2001 22:57:07 -0500
On Tue, 13 Mar 2001, Chris Schuler wrote:
Date: Tue, 13 Mar 2001 11:05:15 -0500 From: Chris Schuler <cschuler () MINDLEADERS COM> To: INCIDENTS () SECURITYFOCUS COM Subject: Re: SNMP Scans anyone else seeing port 111/rpc scans from this ip? 211.185.160.193 Ive seen at least two walks of my ip address space by this host. Mar 13 09:45:08 211.185.160.193:4671 -> xxx.xxx.xxx.xxx:111 SYN ******S* Mar 13 09:45:08 211.185.160.193:4670 -> xxx.xxx.xxx.xxx:111 SYN ******S* Mar 13 09:45:08 211.185.160.193:4672 -> xxx.xxx.xxx.xxx:111 SYN ******S*
IP SRC DST
205.147.54.72: UDP:916-111
207.254.37.100: UDP:714-111
UDP:715-111
UDP:716-111
210.68.55.97: UDP:1002-111
211.72.165.30: UDP:990-111
UDP:991-111
UDP:993-111
Mar 9 01:20:41 211.72.165.30:1448 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 01:20:38 211.72.165.30:1450 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 01:20:39 211.72.165.30:990 -> xxx.xxx.xxx.xxx:111 UDP
Mar 9 01:20:38 211.72.165.30:1452 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 01:20:39 211.72.165.30:991 -> xxx.xxx.xxx.xxx:111 UDP
Mar 9 01:20:41 211.72.165.30:1455 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 01:20:39 211.72.165.30:1451 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 01:20:41 211.72.165.30:1453 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 01:20:39 211.72.165.30:1454 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 01:20:44 211.72.165.30:993 -> xxx.xxx.xxx.xxx:111 UDP
Mar 9 23:45:17 207.254.37.100:3556 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 23:45:14 207.254.37.100:3558 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 23:45:14 207.254.37.100:714 -> xxx.xxx.xxx.xxx:111 UDP
Mar 9 23:45:14 207.254.37.100:3560 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 23:45:14 207.254.37.100:715 -> xxx.xxx.xxx.xxx:111 UDP
Mar 9 23:45:14 207.254.37.100:3563 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 23:45:14 207.254.37.100:3559 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 23:45:14 207.254.37.100:3561 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 23:45:14 207.254.37.100:3562 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 23:45:15 207.254.37.100:716 -> xxx.xxx.xxx.xxx:111 UDP
Mar 9 23:45:17 207.254.37.100:3561 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Mar 9 23:45:17 207.254.37.100:3563 -> xxx.xxx.xxx.xxx:111 SYN ******S*
Current thread:
- SNMP Scans Crist Clark (Mar 05)
- <Possible follow-ups>
- Re: SNMP Scans H Carvey (Mar 11)
- Re: SNMP Scans Omar Herrera (Mar 12)
- Re: SNMP Scans MadHat (Mar 13)
- Re: SNMP Scans Omar Herrera (Mar 12)
- Re: SNMP Scans Chris Schuler (Mar 13)
- Re: SNMP Scans John Oliver (Mar 14)
- Port 111 Scans (odd single IP# probes too) Bryan Andersen (Mar 14)
- Re: Port 111 Scans (odd single IP# probes too) Scott Nursten (Mar 15)
- Re: Port 111 Scans (odd single IP# probes too) Rob Kouwenberg (Mar 15)
- Re: SNMP Scans John (Mar 14)
- Re: SNMP Scans Eric Kimminau (Mar 14)
- Re: SNMP Scans Golden_Eternity (Mar 15)