lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040301024955.71818.qmail@web42001.mail.yahoo.com>
From: bjshedwick at yahoo.com (Bradford Shedwick)
Subject: Port scans on 593?

Hey man,
 
Thats another RPC Epmap port.  Someone's looking for an rpc exploit
 
Napoleon

James Lay <jlay@...riben.com> wrote:
Anyone else seeing these?

Feb 28 13:58:28 homebox kernel: New,invalid TCP:IN=eth0 OUT=
MAC=00:60:08:16:39:30:00:08:20:cb:04:a8:08:00 SRC=24.161.91.200
DST=24.116.*.* LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=23604 DF PROTO=TCP
SPT=4300 DPT=593 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204021801010402)

Saw a few yesterday...more today....different hosts...ODD. Sans says it's
http-rpc-epmap.

James Lay
Network Manager/Security Officer
AmeriBen Solutions/IEC Group
Semper Vigilans!!!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Bradford Shedwick
American by birth, Patriot by choice

---------------------------------
Do you Yahoo!?
Get better spam protection with Yahoo! Mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040229/28ae7e0f/attachment.html

Powered by blists - more mailing lists