I have recently noticed an SGI machine on our network which is broadcasting UDP packets from port 1025 to port 111 at a pretty regular 5 second interval. I have looked online and have found a couple windows exploits that do this, and one article mentioned port 1025 used for SGI's mountd. I am not familiar with the neuances of SGI. I do know though that none of the other SGI's on the network are doing this. Has anyone else seen this? I've included this small snippet of the snot log. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] RPC portmap request rstatd [**] 06/06-15:19:30.121285 xxx.xxx.xxx.xxx:1025 -> xxx.xxx.xxx.xxx:111 UDP TTL:60 TOS:0x0 ID:58382 IpLen:20 DgmLen:136 Len: 116 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] RPC portmap request rstatd [**] 06/06-15:19:35.211285 xxx.xxx.xxx.xxx:1025 -> xxx.xxx.xxx.xxx:111 UDP TTL:60 TOS:0x0 ID:58485 IpLen:20 DgmLen:136 Len: 116 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] RPC portmap request rstatd [**] 06/06-15:19:40.251285 xxx.xxx.xxx.xxx:1025 -> xxx.xxx.xxx.xxx:111 UDP TTL:60 TOS:0x0 ID:58519 IpLen:20 DgmLen:136 Len: 116 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Thanks in advance -Chris
This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 12:04:08 PDT