Security Incidents mailing list archives
Re: more sunRCP scans from korea...
From: George Bakos <alpinista () BIGFOOT COM>
Date: Fri, 16 Mar 2001 14:12:48 -0500
What I'm finding particularly interesting is what appears to be slow scans of the IP world for port 111. Amidst all of the other run-of- the-mill boisterous portmapper activity, the following "lone wolves" have crept in. 03/02/01 01:52:26.408270 208.57.254.123.2966 > target.net.180.111: S 153424556:153424556(0) win 32120 (DF) (ttl 45, id 37275) 03/08/01 08:47:02.011377 209.241.220.67.2887 > target.net.163.111: S 2853452754:2853452754(0) win 32120 (DF) (ttl 49, id 38489) 03/08/01 10:31:38.610419 195.228.153.165.4495 > target.net.164.111: S 95827433:95827433(0) win 32120 (DF) (ttl 42, id 33125) 03/08/01 17:32:38.323822 211.185.230.98.2137 > target.net.170.111: S 997952802:997952802(0) win 32120 (DF) (ttl 48, id 58008) 03/14/01 01:47:11.469386 216.226.203.26.4769 > target.net.190.111: S 3202111847:3202111847(0) win 32120 (DF) (ttl 41, id 56129) 03/15/01 23:42:46.415366 216.29.66.222.2248 > target.net.190.111: S 1524907767:1524907767(0) win 32120 (DF) (ttl 52, id 32571) On 16 Mar 01, at 0:20, fire-eyes wrote:
I'm really getting tired of this. Mar 16 00:14:18 fire-eyes iplog[270]: TCP: sunrpc connection attempt to [deleted].net (xxx.xxx.xxx.xxx) from linux.cheju.ac.kr (203.253.198.101):4901
George Bakos - Security Engineer Electronic Warfare Associates Information & Infrastructure Technologies http://www.ewa.com To request PGP public key, mailto:alpinista () bigfoot com?subject=sendpubkey or http://pgpkeys.mit.edu:11371/
Current thread:
- more sunRCP scans from korea... fire-eyes (Mar 16)
- Re: more sunRCP scans from korea... George Bakos (Mar 17)