If you trace it back -- and even telnet to the address of the "offending" machine then you will see they are running Red Hat linux... and oh yes -- that particular distro are affected by a number of "features" aka Ramen and/or Lion. Kev > -----Original Message----- > From: Jason Olsen [mailto:ferenat_private] > Sent: Tuesday, April 24, 2001 4:06 AM > To: INCIDENTSat_private > Subject: Re: Increase in Sun RPC Scans > > > > Anyone else seeing an increase in SunRPC (port > 111) scans? Several networks > > I manage are getting scanned from lots of different > hosts. > > > > The scans are random IP's on the same subnet, I > guess to evade IDS? > > I saw a scan come in today on my home network (I > have DSL with a /27 subnet). My firewall intercepted > it and blackholed the packets, and my routine log > analysis showed me a trend. I tracked it back to a > Media One IP address, and am taking action by > complaining to MO. I doubt they'll do anything, but I'm > going to make sure that they understand I'm not > happy about it. >
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 10:03:07 PDT