|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Digital Overdrive (digiover
DSINET.ORG)Date: Tue Jan 16 2001 - 03:58:15 CST
[requoted]
Cristian Dumitrescu wrote:
> On Mon, 15 Jan 2001, Alex Popa wrote:
>
> > In the last five days, the port scans to my entire class C have dramatically
> > increased, from one per two days on average, to four yesterday and six today.
> >
> > Is there a new exploit around, or is there some sort of new worm out there?
> >
> > I might just be paranoid, but here are the addreses that have been looking
> > for port 111 in the last 26 hours:
> >
> > 24.26.121.156
> > 24.168.66.119
> > 64.31.226.156
> > 142.169.227.102
> > 193.226.15.15
> > 211.218.144.11
>
> Hey
> I've been experiencing the same kind of scans in the last 2 weeks, with
> increased density in the last days, from these ip addreses:
>
> 211.120.63.136
> 213.154.132.122
> 210.205.6.215
> 24.114.48.24
> 62.83.125.82
> 193.231.199.4
> 193.40.223.66
> 65.3.3.83
> 193.230.227.234
Just one question: How do you detect these scans ?
I can't find anything in my logs, but I don't have programs like
portsentry running. What can you (all) advice me ?
Kind regards,
Jan
-- .~. Dutch Security Information Network : http://www.dsinet.org /V\ news:alt.hack.nl FAQ : http://www.dsinet.org/hackfaq /( )\ digiover
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]