Smells like "Windows Services for Unix" (a.k.a. "SFUX") to me.
A very oddball product that never made any real market penetration. Check to see if it's installed in Add/Remove Programs. Then hose it. On 12/22/05, wilder_jeff Wilder <[EMAIL PROTECTED]> wrote: > > All, > > I have a Windows 2000 terminal server that is consistantly sending out > broadcasts to 255.255.255.255:111... below is a capture from a snort box I > have running. In the last 18 hours I have had about 2000 packets from this > box to this address about every 30 seconds. Snort reports the signature as > a RPC portmap proxy attempt UDP. I have not been able to find much > information on this event. I have run a current AV scan against the box, it > did come up clean. Can anyone give me a bit of direction as to these > events? > > -Jeff > > RPC portmap proxy attempt UDP 10.74.32.31:3300/udp > 255.255.255.255:111/udp 07:50:35 > RPC portmap proxy attempt UDP 10.74.32.31:3291/udp > 255.255.255.255:111/udp 07:50:05 > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
