Kai wrote:
> Jun 20 10:52:36 www portsentry[1003]: attackalert: Unknown Type:
> Packet Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0
> from host: 195.101.179.1/195.101.179.1 to TCP port: 111
Someone's doing a SYN-FIN scan looking for system running portmapper on port
111. If you are, expect to see some cruft in /var/log/messages regarding NFS
and/or portmapper errors. Port 111 - otherwise known as SunRPC - has had an
awful lot of successful explouts aimed at it over the years :(
If you don't need to use NFS or RPC services, switch them off.
And I bet the source host is cracked...
Graeme
--
Graeme Fowler
System Administrator
Host Europe Group PLC
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
