Hi, Same here. Me thinks it has to do with the different Linux based worms running 'round on the Internet. They scan for vulnerabilities in BIND (53), LPD (515) en statd which is serviced by the portmapper (111). Are they just regular syn/stealth scans or do they contain a payload as well ? The higher ports are most probably backdoor related ports. Grtz, Arthur On Thu, Apr 19, 2001 at 12:58:55AM -0400, Chris Arnold wrote: > A severe increase as well as a major increase in ports in the 32k range. > > Chris > > -----Original Message----- > From: Jason Lewis > To: INCIDENTSat_private > Sent: 4/18/01 11:28 PM > Subject: Increase in Sun RPC Scans > > Anyone else seeing an increase in SunRPC (port 111) scans? Several > networks > I manage are getting scanned from lots of different hosts. > > The scans are random IP's on the same subnet, I guess to evade IDS? > > Jason Lewis > http://www.rivalpath.com > "All you can do is manage the risks. There is no security." -- /* Disclaimer : you hire my skills, not my opinions, those are mine ! */ /* email : arthurat_private Security 'Me ? I'm not me ! I'm just a */ /* phone : (+31) 50 549 2701 is not a computer simulation of me' */ /* URL http://www.reseau.nl dirty word Red Dwarf, First Episode */
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 09:40:20 PDT