Snort mailing list archives

rpc.statd

From: "skop d'skop" <skop () visto com>
Date: Tue, 05 Jun 2001 17:51:49 -0700

hi guys,
come across this alert lately for my network

[**] IDS10 - RPC - portmap-request-rstatd [**]

May 30 11:25:15 A.B.C.80:3348 -> X.Y.Z.9:111 SYN ******S*
May 30 11:25:16 A.B.C.80:726 -> X.Y.Z.9:111 UDP
May 20 11:25:15 A.B.C.80:3351 -> X.Y.Z.12:111 SYN ******S*
May 20 11:25:15 A.B.C.80:3352 -> X.Y.Z.13:111 SYN ******S*
May 20 11:25:16 208.131.80.80:727 -> X.Y.Z.13:111 UDP

and i'm wondering what kind of scanning / tool that trigger this alert.

i 've done with #rpcinfo -p hostname and #nmap -sU -sR  hostname , yet no similiar output.





-skop
___________________________________________________________________________
Visit http://www.visto.com/info, your free web-based communications center.
Visto.com. Life on the Dot.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

rpc.statd skop d'skop (Jun 05)
- Re: rpc.statd LEFEVRE David (Jun 06)
- <Possible follow-ups>
- Re: rpc.statd skop d'skop (Jun 06)
  - Re: rpc.statd Colin Wu (Jun 06)