lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Dec 22 17:32:52 2005
From: thegesus at gmail.com (TheGesus)
Subject: Broadcast storm in my network/ any ideas

Smells like "Windows Services for Unix" (a.k.a. "SFUX") to me.

A very oddball product that never made any real market penetration.

Check to see if it's installed in Add/Remove Programs.  Then hose it.

On 12/22/05, wilder_jeff Wilder <wilder_jeff@....com> wrote:
>
> All,
>
> I have a Windows 2000 terminal server that is consistantly sending out
> broadcasts to 255.255.255.255:111... below is a capture from a snort box I
> have running. In the last 18 hours I have had about 2000 packets from this
> box to this address about every 30 seconds.  Snort reports the signature as
> a RPC portmap proxy attempt UDP.  I have not been able to find much
> information on this event.  I have run a current AV scan against the box, it
> did come up clean.  Can anyone give me a bit of direction as to these
> events?
>
> -Jeff
>
> RPC portmap proxy attempt UDP  10.74.32.31:3300/udp
> 255.255.255.255:111/udp 07:50:35
> RPC portmap proxy attempt UDP  10.74.32.31:3291/udp
> 255.255.255.255:111/udp 07:50:05
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ