In my area, Comcast security hits my router everyhour on Port 111. Why? I
don't know. You'd think if they were looking for illegal servers (what! Me
running smtp?) they'd use a more common port.
mw
Ryan McAdams wrote:
>
> Im no genious but this is what snort has listed in its rules database:
>
> http://www.snort.org/Files/03152001/rpc.rules
>
> You might find that a bit interesting to help... Maybe not... I would
> suggest running snort it will give you some details as to what they are
> trying to do :)
>
> -Ryan
>
> -----Original Message-----
> From: Ward William E DLDN [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 17, 2001 3:33 PM
> To: '[EMAIL PROTECTED]'
> Subject: Port Scan on Port 111
>
> Hey folks, I'm getting portscanned constantly on tcp Port Scanned on
> Port 111 on a machine I have as a firewall.
>
> /etc/services lists that as sunrpc 111/tcp portmapper (RPC 4.0
> portmapper).
>
> Ok... it's not open that I can tell, so I'm not in danger... but I find
> it curious that's the port everyone wants to handle.
>
> Anyone know what well known Trojan/backdoor/virus/whatever uses 111, or
> what well known exploit on the sunrpc exists?
>
> Thanks!
>
> Bill Ward
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
