Kevin I investigated an event very similar to this a few years back, turned out to be AIX servers being installed onto the network and their first breath of network life.
I'm not saying this is what is occurring on your network, but it may be worth considering it as a possible cause take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "kevin levrone" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 26, 2003 10:58 AM Subject: [ISSForum] RPC_CALLIT_Request > > Hi everybody! > > I detect a lot of RPC_CALLIT_Request in our LAN. > > It is mentioned, that the occurance is normal in a LAN. > > But the source Adress is 0.0.0.0, now what does that realy mean? I guess it is an malicious activity. DST Port is 111 (sunrpc) and 7938 (legatoportmapper). what can I do here? Woul'd any of you consider this as attack? > > best wishes and god bless > > > CHO-Chief Hacking Officer > > Wir ertrinken in Information, aber hungern nach WISSEN! > > > --------------------------------- > Gesendet von http://mail.yahoo.de. > Tagesgeld mit 3,5% Zinsen + Tankgutschein �ber 25 Euro - > Jetzt Kontoer�ffnen! _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
