They are trying to pound on yer rpcportmapper, prolly looking for a
vulnerable version of the deamion to attempt a compromise of yer
security.
Thanks,
Ron DuFresne
On Thu, 21 Oct 1999, Chiaki Ishikawa wrote:
> X-PMC-CI-e-mail-id: 11593
>
> I guess one of these days it is getting harder to keep track of what
> each port scan is doing.
> But, here it goes.
>
> Over the last few days, our DMZ hosts were scanned for UDP port 161 from multiple
>sites..
> My guess is some kind of trojan or something.
>
> Here it goes. Only a portion of the probe is listed.
>
> 1 packets: 203.97.101.36(20480) ->202.218.93.62(161), : Oct 16 09:40:23
> 1 packets: 203.97.101.36(20480) ->202.218.93.7(161), : Oct 16 09:40:30
> 1 packets: 203.97.101.36(20480) ->202.218.93.8(161), : Oct 16 09:40:30
> 1 packets: 203.97.101.36(20480) ->202.218.93.9(161), : Oct 16 09:40:30
> 1 packets: 209.46.83.2(61258) ->202.218.93.3(161), : Oct 20 18:59:45
> 1 packets: 209.46.83.2(62408) ->202.218.93.4(161), : Oct 20 19:45:04
> 1 packets: 209.46.83.2(63008) ->202.218.93.2(161), : Oct 20 18:14:08
>
>
> Does anyone know what this probe is?
>
> I might just want to label such port for potential known trojan name
> in our log summary.
>
> --
> Ishikawa, Chiaki [EMAIL PROTECTED] or
> (family name, given name) [EMAIL PROTECTED]
> Personal Media Corp. ** Remove .NoSpam at the end before use **
> Shinagawa, Tokyo, Japan 142-0051
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
