|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Niels Heinen (niels.heinen
UBIZEN.COM)Date: Sun Jan 14 2001 - 19:08:24 CST
Alex Popa wrote:
> In the last five days, the port scans to my entire class C have dramatically
> increased, from one per two days on average, to four yesterday and six today.
>
> Is there a new exploit around, or is there some sort of new worm out there?
>
> I might just be paranoid, but here are the addreses that have been looking
> for port 111 in the last 26 hours:
>
> 24.26.121.156
> 24.168.66.119
> 64.31.226.156
> 142.169.227.102
> 193.226.15.15
> 211.218.144.11
>
> ------------+------------------------------------------
> Alex Popa, | "Artificial Intelligence is
> razorldc.ro| no match for Natural Stupidity"
> ------------+------------------------------------------
> "It took the computing power of three C-64s to fly to the Moon.
> It takes a 486 to run Windows 95. Something is wrong here."
There are several automated rpc hacking tools circulating in the underground.
Most of them are modfied statdx.c exploits
with rpc scanners. The scanner keeps a record of hosts found with rpc enabled
and this list is used by the modified statdx
which will try to exploit them. It might be possible that some script kiddie is
using it against you not realising how noisy
these tools are.
Greets,
Niels
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]