|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Increase of attempts on port 635 in last couple days
From: Jeff Lane (crash
pinehurst.net)
Date: Wed Apr 02 2003 - 09:45:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Has anyone else had an increase of scans on port 635 in the last
couple days? For me the attacks started showing up on almost an hourly
basis since Monday night. Here are some log snippets from portsentry:
Apr 2 20:30:40 raq1 portsentry[938]: attackalert: Connect from host: pool-151-204-101-103.ny325.east.verizon.net/151.204.101.103 to TCP port: 635
Apr 2 16:55:29 raq1 portsentry[938]: attackalert: Possible stealth scan from unknown host to TCP port: 635 (accept failed)
There are several of these from "unknown host" and a few from actual resolved hosts. AFAIK, the only thing on 635 is old rpc.mountd but I wasnt sure if there was something else going on that I dont know about (theres a lot that i dont know about, so that would not be too surprising).
Also, I have noticed that these seem to be targeted at three specific machines, as none of the others have been reporting any issues regarding this port (just the normal scans, pings, and connect attempts).
Cheers
Jeff
----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]