[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] attackalert: Unknown Type
- Subject: RE: [cobalt-security] attackalert: Unknown Type
- From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
- Date: Fri, 22 Jun 2001 09:13:11 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Kai wrote:
> Jun 20 10:52:36 www portsentry[1003]: attackalert: Unknown Type:
> Packet Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0
> from host: 195.101.179.1/195.101.179.1 to TCP port: 111
Someone's doing a SYN-FIN scan looking for system running portmapper on port
111. If you are, expect to see some cruft in /var/log/messages regarding NFS
and/or portmapper errors. Port 111 - otherwise known as SunRPC - has had an
awful lot of successful explouts aimed at it over the years :(
If you don't need to use NFS or RPC services, switch them off.
And I bet the source host is cracked...
Graeme
--
Graeme Fowler
System Administrator
Host Europe Group PLC