Folks,

111/tcp and 111/udp are the Sun ONC RPC ports. Perhaps someone is running an
rpc service like rusers, NIS, NFS, etc, or querying RPC services using
rpcinfo.

john...

----- Original Message -----
From: "Alex Charalabidis" <alexwnm.net>
To: <efb-allvhwy.com>
Cc: <securityFreeBSD.ORG>; <efb-allcotdazr.org>
Sent: Wednesday, May 02, 2001 12:34 PM
Subject: Re: [GorrellCDphdnswc.navy.mil: ]

> On Tue, 1 May 2001, Everett F Batey wrote:
>
> > Dear FreeBSD Security Guru,
> >
> > I need some guidance. My employer with which I have had problems over
> > the past 5 years has suggested I (or my IP) am(/is) trying to attack
> > hisIP space on UPD 111, and sent me the below attached log file.
> >
> > >
> > > May 1 07:19:51 209.239.229.90:111 -> 137.24.124.222:65422 UDP
> > > May 1 07:19:51 209.239.229.90:111 -> 137.24.124.222:65423 UDP
>
> Oddly enough, I got a virtually identical complaint today regarding
> traffic to a Dutch network we've never had transactions with before,
> apparently originating from an unassigned IP address that was briefly used
> by a Linux test machine on our network.
>
> I haven't had time to investigate myself but a colleague mentioned the
> possibility of something meant to confuse/overload IDS systems as a
> smokescreen for real attacks.
>
> -ac
>
>
> --
> ===================================================================
> Alex Charalabidis Worldspice Technologies
> 5050 Poplar Ave. Memphis, TN, USA +1 901 432 6000
> Opinions expressed are mine alone but may be yours for a small fee.
> ===================================================================
>
>
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]