WiredNews (http://www.wired.com/news/politics/0,1283,43134,00.html) is reporting that Chinese hackers are preparing for a week-login crack attack (nicknamed "Red Tide" or the "Labor Day Strike", depending on who is speaking) against U.S. websites in retaliation for the "spy-plane incident". The attack is supposed to last from May 1st to the 7th, peaking on "Youth Day", May 4th. I submit these port scans are possible reconnaissance in preparation for the “Red Tide” attacks to come. (Read DDoS attacks.) Opinions? ----- Original Message ----- From: "Jason Lewis" <jlewisat_private> To: <INCIDENTSat_private> Sent: Wednesday, April 18, 2001 11:28 PM Subject: Increase in Sun RPC Scans > Anyone else seeing an increase in SunRPC (port 111) scans? Several networks > I manage are getting scanned from lots of different hosts. > > The scans are random IP's on the same subnet, I guess to evade IDS? > > Jason Lewis > http://www.rivalpath.com > "All you can do is manage the risks. There is no security." >
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 10:12:19 PDT