Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Looks like mail.yomogi.or.jp has been compromised. Right?
Are you going to email the sysadmin for yomogi.or.jp?
Scott Greathouse
Research Analyst, System Administrator
Behavioral Health Concepts, Inc.
Columbia, MO
On Mon, 7 May 2001, Mike Miller wrote:
> Starting yesterday, we're getting lots of port scans on campus that look
> like the thing below. The 'pcserver' thing is distinctive because I don't
> think I've seen it before Friday. Since then we've had two or three per
> night that look like this. So there must be some hot new exploit that
> everyone wants to try out.
>
> Mike
>
>
> May 6 14:46:16 TCP: sunrpc connection attempt from mail.yomogi.or.jp:55725
> May 6 16:29:41 TCP: sunrpc connection attempt from mail.yomogi.or.jp:818
> May 6 16:29:41 TCP: pcserver connection attempt from mail.yomogi.or.jp:57913
> May 6 16:29:41 UDP: dgram to sunrpc from mail.yomogi.or.jp:51165 (56 data bytes)
> May 6 16:29:41 UDP: dgram to port 32773 from mail.yomogi.or.jp:51165 (1412 data bytes)
> May 6 16:29:41 TCP: pcserver connection attempt from mail.yomogi.or.jp:58066
> May 6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51166 (56 data bytes)
> May 6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51166 (1412 data bytes)
> May 6 16:29:44 TCP: pcserver connection attempt from mail.yomogi.or.jp:58069
> May 6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51167 (56 data bytes)
> May 6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51167 (1412 data bytes)
> May 6 16:29:44 TCP: pcserver connection attempt from mail.yomogi.or.jp:58322
> May 6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51168 (56 data bytes)
> May 6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51168 (1412 data bytes)
> May 6 16:29:44 TCP: pcserver connection attempt from mail.yomogi.or.jp:58324
> May 6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51169 (56 data bytes)
> May 6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51169 (1412 data bytes)
> May 6 16:29:44 TCP: pcserver connection attempt from mail.yomogi.or.jp:58476
> May 6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51170 (56 data bytes)
> May 6 16:29:46 UDP: dgram to port 32773 from mail.yomogi.or.jp:51170 (1412 data bytes)
> May 6 16:29:46 TCP: pcserver connection attempt from mail.yomogi.or.jp:58532
> May 6 16:29:46 UDP: dgram to sunrpc from mail.yomogi.or.jp:51171 (56 data bytes)
> May 6 16:29:46 UDP: dgram to port 32773 from mail.yomogi.or.jp:51171 (1412 data bytes)
> May 6 16:29:46 TCP: pcserver connection attempt from mail.yomogi.or.jp:58535
> May 6 16:29:46 UDP: scan/flood detected from mail.yomogi.or.jp
> May 6 16:29:46 TCP: pcserver connection attempt from mail.yomogi.or.jp:58538
> May 6 16:29:46 TCP: pcserver connection attempt from mail.yomogi.or.jp:58693
> May 6 16:29:48 TCP: pcserver connection attempt from mail.yomogi.or.jp:58750
> May 6 16:29:48 TCP: pcserver connection attempt from mail.yomogi.or.jp:58753
> May 6 16:29:48 TCP: pcserver connection attempt from mail.yomogi.or.jp:59011
> May 6 16:29:48 TCP: port scan detected from mail.yomogi.or.jp
> May 6 16:31:35 TCP: port scan mode expired for mail.yomogi.or.jp - received a total of 63 packets (1512 bytes).
> May 6 16:31:35 UDP: scan/flood mode expired for mail.yomogi.or.jp - received a total of 116 packets (81808 bytes).
>
> --
> To manage your subscription, go to http://mlug.missouri.edu/members/edit.php
>
> Archives are available at http://mlug.missouri.edu/list-archives/
>
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact