Re: more sunRCP scans from korea...

[George Bakos <alpinista () BIGFOOT COM>]

What I'm finding particularly interesting is what appears to be slow
scans of the IP world for port 111.  Amidst all of the other run-of-
the-mill boisterous portmapper activity, the following "lone wolves"
have crept in.

03/02/01 01:52:26.408270 208.57.254.123.2966 > target.net.180.111: S 153424556:153424556(0) win 32120  (DF) (ttl 45, id 
37275)
03/08/01 08:47:02.011377 209.241.220.67.2887 > target.net.163.111: S 2853452754:2853452754(0) win 32120  (DF) (ttl 49, 
id 38489)
03/08/01 10:31:38.610419 195.228.153.165.4495 > target.net.164.111: S 95827433:95827433(0) win 32120  (DF) (ttl 42, id 
33125)
03/08/01 17:32:38.323822 211.185.230.98.2137 > target.net.170.111: S 997952802:997952802(0) win 32120  (DF) (ttl 48, id 
58008)
03/14/01 01:47:11.469386 216.226.203.26.4769 > target.net.190.111: S 3202111847:3202111847(0) win 32120  (DF) (ttl 41, 
id 56129)
03/15/01 23:42:46.415366 216.29.66.222.2248 > target.net.190.111: S 1524907767:1524907767(0) win 32120  (DF) (ttl 52, 
id 32571)

On 16 Mar 01, at 0:20, fire-eyes wrote:

> I'm really getting tired of this.
>
> Mar 16 00:14:18 fire-eyes iplog[270]: TCP: sunrpc connection attempt
> to [deleted].net (xxx.xxx.xxx.xxx) from linux.cheju.ac.kr
> (203.253.198.101):4901
George Bakos - Security Engineer
Electronic Warfare Associates
Information & Infrastructure Technologies
http://www.ewa.com


 To request PGP public key,
 mailto:alpinista () bigfoot com?subject=sendpubkey
 or http://pgpkeys.mit.edu:11371/