| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040301024955.71818.qmail@web42001.mail.yahoo.com> From: bjshedwick at yahoo.com (Bradford Shedwick) Subject: Port scans on 593? Hey man, Thats another RPC Epmap port. Someone's looking for an rpc exploit Napoleon James Lay <jlay@...riben.com> wrote: Anyone else seeing these? Feb 28 13:58:28 homebox kernel: New,invalid TCP:IN=eth0 OUT= MAC=00:60:08:16:39:30:00:08:20:cb:04:a8:08:00 SRC=24.161.91.200 DST=24.116.*.* LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=23604 DF PROTO=TCP SPT=4300 DPT=593 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204021801010402) Saw a few yesterday...more today....different hosts...ODD. Sans says it's http-rpc-epmap. James Lay Network Manager/Security Officer AmeriBen Solutions/IEC Group Semper Vigilans!!! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Bradford Shedwick American by birth, Patriot by choice --------------------------------- Do you Yahoo!? Get better spam protection with Yahoo! Mail -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040229/28ae7e0f/attachment.html
Powered by blists - more mailing lists