MLUG: Mizzou Linux Users GroupHome | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact
MLUG: RE: [MLUG] lots of big port scans suddenly
RE: [MLUG] lots of big port scans suddenly
Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
I noticed the same thing on my linux box...I had four similar attempts
yesterday.

-----Original Message-----
From: Mike Miller [mailto:EMAIL:PROTECTED]
Sent: Monday, May 07, 2001 12:27 AM
To: MLUG membership
Subject: [MLUG] lots of big port scans suddenly


Starting yesterday, we're getting lots of port scans on campus that look
like the thing below.  The 'pcserver' thing is distinctive because I don't
think I've seen it before Friday.  Since then we've had two or three per
night that look like this.  So there must be some hot new exploit that
everyone wants to try out.

Mike


May  6 14:46:16 TCP: sunrpc connection attempt from mail.yomogi.or.jp:55725
May  6 16:29:41 TCP: sunrpc connection attempt from mail.yomogi.or.jp:818
May  6 16:29:41 TCP: pcserver connection attempt from
mail.yomogi.or.jp:57913
May  6 16:29:41 UDP: dgram to sunrpc from mail.yomogi.or.jp:51165 (56 data
bytes)
May  6 16:29:41 UDP: dgram to port 32773 from mail.yomogi.or.jp:51165 (1412
data bytes)
May  6 16:29:41 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58066
May  6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51166 (56 data
bytes)
May  6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51166 (1412
data bytes)
May  6 16:29:44 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58069
May  6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51167 (56 data
bytes)
May  6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51167 (1412
data bytes)
May  6 16:29:44 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58322
May  6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51168 (56 data
bytes)
May  6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51168 (1412
data bytes)
May  6 16:29:44 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58324
May  6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51169 (56 data
bytes)
May  6 16:29:44 UDP: dgram to port 32773 from mail.yomogi.or.jp:51169 (1412
data bytes)
May  6 16:29:44 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58476
May  6 16:29:44 UDP: dgram to sunrpc from mail.yomogi.or.jp:51170 (56 data
bytes)
May  6 16:29:46 UDP: dgram to port 32773 from mail.yomogi.or.jp:51170 (1412
data bytes)
May  6 16:29:46 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58532
May  6 16:29:46 UDP: dgram to sunrpc from mail.yomogi.or.jp:51171 (56 data
bytes)
May  6 16:29:46 UDP: dgram to port 32773 from mail.yomogi.or.jp:51171 (1412
data bytes)
May  6 16:29:46 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58535
May  6 16:29:46 UDP: scan/flood detected from mail.yomogi.or.jp
May  6 16:29:46 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58538
May  6 16:29:46 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58693
May  6 16:29:48 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58750
May  6 16:29:48 TCP: pcserver connection attempt from
mail.yomogi.or.jp:58753
May  6 16:29:48 TCP: pcserver connection attempt from
mail.yomogi.or.jp:59011
May  6 16:29:48 TCP: port scan detected from mail.yomogi.or.jp
May  6 16:31:35 TCP: port scan mode expired for mail.yomogi.or.jp - received
a total of 63 packets (1512 bytes).
May  6 16:31:35 UDP: scan/flood mode expired for mail.yomogi.or.jp -
received a total of 116 packets (81808 bytes).

--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
Questions? Comments? Feel free to contact MLUG.
DMCA and other copyright information.