|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: George Bakos (alpinista
BIGFOOT.COM)Date: Fri Mar 16 2001 - 13:12:48 CST
What I'm finding particularly interesting is what appears to be slow
scans of the IP world for port 111. Amidst all of the other run-of-
the-mill boisterous portmapper activity, the following "lone wolves"
have crept in.
03/02/01 01:52:26.408270 208.57.254.123.2966 > target.net.180.111: S 153424556:153424556(0) win 32120 (DF) (ttl 45, id 37275)
03/08/01 08:47:02.011377 209.241.220.67.2887 > target.net.163.111: S 2853452754:2853452754(0) win 32120 (DF) (ttl 49, id 38489)
03/08/01 10:31:38.610419 195.228.153.165.4495 > target.net.164.111: S 95827433:95827433(0) win 32120 (DF) (ttl 42, id 33125)
03/08/01 17:32:38.323822 211.185.230.98.2137 > target.net.170.111: S 997952802:997952802(0) win 32120 (DF) (ttl 48, id 58008)
03/14/01 01:47:11.469386 216.226.203.26.4769 > target.net.190.111: S 3202111847:3202111847(0) win 32120 (DF) (ttl 41, id 56129)
03/15/01 23:42:46.415366 216.29.66.222.2248 > target.net.190.111: S 1524907767:1524907767(0) win 32120 (DF) (ttl 52, id 32571)
On 16 Mar 01, at 0:20, fire-eyes wrote:
> I'm really getting tired of this.
>
> Mar 16 00:14:18 fire-eyes iplog[270]: TCP: sunrpc connection attempt
> to [deleted].net (xxx.xxx.xxx.xxx) from linux.cheju.ac.kr
> (203.253.198.101):4901
>
George Bakos - Security Engineer
Electronic Warfare Associates
Information & Infrastructure Technologies
http://www.ewa.com
To request PGP public key,
mailto:alpinistabigfoot.com?subject=sendpubkey
or http://pgpkeys.mit.edu:11371/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]