|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Edward Mitchell (ed
XWING.CENTIGRAM.COM)Date: Mon Jan 15 2001 - 09:34:05 CST
The last 10 days have seen a total of 15 sunrpc scans/rpcinfo queries and
related exploit attempts against my network. Oddly, snort reports the
rpc exploits as x86 versions. I thought there was a sparc port for the
Solaris vulnerability, but maybe I'm mistaken. Either stupid people out
there can't tell an x86 from a sparc box, or snort's rule is flawed...
The other most common attack these days is against ftp, namely wu-ftpd
2.6.1(very patched).
*sigh*
On Mon, 15 Jan 2001, Alex Popa wrote:
> In the last five days, the port scans to my entire class C have dramatically
> increased, from one per two days on average, to four yesterday and six today.
>
> Is there a new exploit around, or is there some sort of new worm out there?
>
> I might just be paranoid, but here are the addreses that have been looking
> for port 111 in the last 26 hours:
>
> 24.26.121.156
> 24.168.66.119
> 64.31.226.156
> 142.169.227.102
> 193.226.15.15
> 211.218.144.11
>
> ------------+------------------------------------------
> Alex Popa, | "Artificial Intelligence is
> razorldc.ro| no match for Natural Stupidity"
> ------------+------------------------------------------
> "It took the computing power of three C-64s to fly to the Moon.
> It takes a 486 to run Windows 95. Something is wrong here."
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]