Re: Ramen worm & port activity

Michael H. Warfield Mon, 22 Jan 2001 07:48:07 -0800
On Mon, Jan 22, 2001 at 09:20:22AM -0500, Burke, Thomas G. wrote:
> I'm not questioning that, and I upgraded them as soon as the fixes were
> posted, but I'm just curious if anyone thinks there might be a link between
> all these machines hitting these two ports in particular, as I normally get
> a lot, but not so specifcally targeted from so many machines...

        Yes, there is a link.  Yes, Ramen appears to be responsible for
the recent upswing in port 21 and port 111 activity.

> > -----Original Message-----
> > From:       Nitebirdz [SMTP:[EMAIL PROTECTED]]
> > Sent:       Monday, January 22, 2001 8:54 AM
> > To: '[EMAIL PROTECTED]'
> > Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> > Subject:    Re: Ramen worm & port activity
> > 
> > On Mon, 22 Jan 2001, Burke, Thomas G. wrote:
> > 
> > > Date: Mon, 22 Jan 2001 08:13:50 -0500
> > > From: "Burke, Thomas G." <[EMAIL PROTECTED]>
> > > Reply-To: [EMAIL PROTECTED]
> > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
> > >      " '[EMAIL PROTECTED]'"
> > <[EMAIL PROTECTED]>,
> > >      " '[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> > > Subject: Ramen worm & port activity
> > >
> > > Ya know....
> > >
> > > I've been noticing a _lot_ of scans against ports 21 & 111 in the last
> > > couple of weeks.  Do ya think this might be the result of the ramen
> > worm?
> > >
> > 
> > 
> > The services behind those two ports are very well known for having quite
> > a few security holes.  I've seen scans of those ports on my systems ever
> > since I started running UNIX/Linux and I could actually see what's going
> > on.  Both FTP and NFS/SunRPC are somehow weak services in the security
> > sense
> > of the world, and patches have been released for a long time now to
> > upgrade them.
> > 
> > 
> > -- 
> > ------------------------------------------------------
> > Nitebirdz
> > ------------------------------------------------------
> > http://www.linuxnovice.org
> > News, tips, articles, links...
> > 
> > 
> > 
> > _______________________________________________
> > Redhat-list mailing list
> > [EMAIL PROTECTED]
> > https://listman.redhat.com/mailman/listinfo/redhat-list
> 
> 
> 
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list

-- 
 Michael H. Warfield    |  (770) 985-6132   |  [EMAIL PROTECTED]
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Ramen worm & port activity

Reply via email to
