[MLUG] lots of big port scans suddenly

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG membership <EMAIL:PROTECTED>
Subject: [MLUG] lots of big port scans suddenly
From: Mike Miller <EMAIL:PROTECTED>
Date: Mon, 7 May 2001 00:27:18 -0500 (CDT)
Reply-To: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED

Starting yesterday, we're getting lots of port scans on campus that look
like the thing below.  The 'pcserver' thing is distinctive because I don't
think I've seen it before Friday.  Since then we've had two or three per
night that look like this.  So there must be some hot new exploit that
everyone wants to try out.

Mike


May  6 14:46:16 TCP: sunrpc connection attempt from mail.yomogi.or.jp:55725
May  6 16:29:41 TCP: sunrpc connection attempt from mail.yomogi.or.jp:818
May  6 16:29:41 TCP: pcserver connection attempt from mail.yomogi.or.jp:57913
May  6 16:29:41 UDP: dgram to sunrpc from mail.yomogi.or.jp:51165 (56 data bytes)
May  6 16:29:41 UDP: dgram to port 32773 from mail.yomogi.or.jp:51165 (1412 data bytes)
May  6 16:29:41 TCP: pcserver connection attempt from mail.yomogi.or.jp:58066
May  6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51166 (56 data bytes)
May  6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51166 (1412 data bytes)
May  6 16:29:44 TCP: pcserver connection attempt from mail.yomogi.or.jp:58069
May  6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51167 (56 data bytes)
May  6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51167 (1412 data bytes)
May  6 16:29:44 TCP: pcserver connection attempt from mail.yomogi.or.jp:58322
May  6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51168 (56 data bytes)
May  6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51168 (1412 data bytes)
May  6 16:29:44 TCP: pcserver connection attempt from mail.yomogi.or.jp:58324
May  6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51169 (56 data bytes)
May  6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51169 (1412 data bytes)
May  6 16:29:44 TCP: pcserver connection attempt from mail.yomogi.or.jp:58476
May  6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51170 (56 data bytes)
May  6 16:29:46 UDP: dgram to port 32773 from mail.yomogi.or.jp:51170 (1412 data bytes)
May  6 16:29:46 TCP: pcserver connection attempt from mail.yomogi.or.jp:58532
May  6 16:29:46 UDP: dgram to sunrpc from mail.yomogi.or.jp:51171 (56 data bytes)
May  6 16:29:46 UDP: dgram to port 32773 from mail.yomogi.or.jp:51171 (1412 data bytes)
May  6 16:29:46 TCP: pcserver connection attempt from mail.yomogi.or.jp:58535
May  6 16:29:46 UDP: scan/flood detected from mail.yomogi.or.jp
May  6 16:29:46 TCP: pcserver connection attempt from mail.yomogi.or.jp:58538
May  6 16:29:46 TCP: pcserver connection attempt from mail.yomogi.or.jp:58693
May  6 16:29:48 TCP: pcserver connection attempt from mail.yomogi.or.jp:58750
May  6 16:29:48 TCP: pcserver connection attempt from mail.yomogi.or.jp:58753
May  6 16:29:48 TCP: pcserver connection attempt from mail.yomogi.or.jp:59011
May  6 16:29:48 TCP: port scan detected from mail.yomogi.or.jp
May  6 16:31:35 TCP: port scan mode expired for mail.yomogi.or.jp - received a total of 63 packets (1512 bytes).
May  6 16:31:35 UDP: scan/flood mode expired for mail.yomogi.or.jp - received a total of 116 packets (81808 bytes).

--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

Follow-Ups:
- Re: [MLUG] lots of big port scans suddenly
  - From: Scott Greathouse <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG] Re: [MLUG - DISCUSSION] directory listings?
Next by Date: Re: [MLUG] lots of big port scans suddenly
Previous by thread: Re: [MLUG] Re: [MLUG - DISCUSSION] directory listings?
Next by thread: Re: [MLUG] lots of big port scans suddenly
Index(es):
- Date
- Thread