[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Port scans on 593?

To: James Lay <jlay@xxxxxxxxxxxx>, "Full-Disclosure (E-mail)" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Port scans on 593?
From: Bradford Shedwick <bjshedwick@xxxxxxxxx>
Date: Sun, 29 Feb 2004 18:49:55 -0800 (PST)

Hey man,
 
Thats another RPC Epmap port.  Someone's looking for an rpc exploit
 
Napoleon

James Lay <jlay@xxxxxxxxxxxx> wrote:
Anyone else seeing these?

Feb 28 13:58:28 homebox kernel: New,invalid TCP:IN=eth0 OUT=
MAC=00:60:08:16:39:30:00:08:20:cb:04:a8:08:00 SRC=24.161.91.200
DST=24.116.*.* LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=23604 DF PROTO=TCP
SPT=4300 DPT=593 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204021801010402)

Saw a few yesterday...more today....different hosts...ODD. Sans says it's
http-rpc-epmap.

James Lay
Network Manager/Security Officer
AmeriBen Solutions/IEC Group
Semper Vigilans!!!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Bradford Shedwick
American by birth, Patriot by choice

---------------------------------
Do you Yahoo!?
Get better spam protection with Yahoo! Mail

Prev by Date: [Full-Disclosure] Re: Re:RE: laptop security
Next by Date: Re: [Full-Disclosure] Re: Knocking Microsoft
Previous by thread: [Full-Disclosure] Re: Re:RE: laptop security
Next by thread: Re: [Full-Disclosure] Re: Knocking Microsoft
Index(es):
- Date
- Thread