[edited for continuity]

Ordinarily, I ignore the scan of the day posts, but I have noticed a
large increase in activity in the last few days on port 111. I don't
think it's a virus, and it seems to be coming mostly from blocks of
addresses populated by dsl and cable modems (what a surprise).

> Alex Popa wrote:
>
> > In the last five days, the port scans to my entire class C have
> > dramatically increased, from one per two days on average, to four
> > yesterday and six today.

> > Is there a new exploit around, or is there some sort of new worm
> > out there?

> > I might just be paranoid, but here are the addreses that have been
> > looking for port 111 in the last 26 hours:

> > 24.26.121.156
> > 24.168.66.119
> > 64.31.226.156
> > 142.169.227.102
> > 193.226.15.15
> > 211.218.144.11

Jason Lewis wrote:
>
> I couldn't find any of those addresses, but I have similar scans in
> my logs.
>
> 63.91.6.36
> 64.32.209.213
> 64.21.114.2
> 66.22.62.2
> 216.98.160.251
>
> Last 24 hours....all the above IP's are looking for Sun RPC.

Here's some additional addresses. I suspect that most are not going to
see repeats of any particular IP. I sure haven't. Only about half of
these even resolve. A couple of them have tried another port when the
first doesn't work, either ftp or telnet. Since I usually see one or two
scans a week, seeing this many in the past 4 or 5 days seems quite
strange.

24.234.54.132 (who also tried to telnet)
63.99.41.4
63.146.69.10
64.0.58.45
202.64.36.211
206.21.170.5
208.145.221.204
209.10.208.105
210.124.110.251
211.23.186.125
211.117.61.57
212.85.245.77
216.78.193.58
216.199.92.4

--
I'm all for Gun Control.
Gun Control = Hitting your intended target.
               John Fraizer, EnterZone, Inc

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]