[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Active System Attack Query

Subject: Re: [cobalt-users] Active System Attack Query
From: Justin Seton-Browne <justin@xxxxxxxxxxxxxxxxxx>
Date: Tue Mar 13 11:01:37 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Port 111 is for RPC, and there are various attacks out there on the netthat use vunerabilities to hit rpc.statd on unix platforms. I am gettingmany scans on this port and on 1080 (known firewall vunerabilities on thisone) as well. I run utilities to stop these are they are detected.


check out the CERT Advisory below:
http://www.cert.org/advisories/CA-2000-17.html

Justin

At 01:09 PM 3/13/01, you wrote:

I'm in the process of compiling a standard email to be sent to
the owners of the IP's that scan me. I realize that theor systems
may have been taken over but at least they should be informed.

(One of the Haqr's (I jst luv that !!)  had an IP that traced to Ulan Bator,
outer Mongolia !?!?!?

I am currently getting 1 or 2 scans a day - always to TCP Port 111
Does anyone know what they are trying and why this port ?

Blessings
Revd Leonard

References:
- [cobalt-users] Active System Attack Query
  - From: Revd leonard payne

Prev by Date: Re: [cobalt-users] Re-directing Root's mail to admin (or a.n.other address)
Next by Date: RE: [cobalt-users] Frontpage does not accept my login
Previous by thread: [cobalt-users] Active System Attack Query
Next by thread: Re: [cobalt-users] Active System Attack Query

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index