[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] attackalert: Unknown Type

Subject: RE: [cobalt-security] attackalert: Unknown Type
From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
Date: Fri, 22 Jun 2001 09:13:11 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Kai wrote:

> Jun 20 10:52:36 www portsentry[1003]: attackalert: Unknown Type:
> Packet Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0
> from host: 195.101.179.1/195.101.179.1 to TCP port: 111

Someone's doing a SYN-FIN scan looking for system running portmapper on port
111. If you are, expect to see some cruft in /var/log/messages regarding NFS
and/or portmapper errors. Port 111 - otherwise known as SunRPC - has had an
awful lot of successful explouts aimed at it over the years :(

If you don't need to use NFS or RPC services, switch them off.

And I bet the source host is cracked...

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Prev by Date: RE: [cobalt-security] attackalert: Unknown Type
Next by Date: SV: [cobalt-security] attackalert: Unknown Type
Previous by thread: SV: [cobalt-security] attackalert: Unknown Type
Next by thread: [cobalt-security] kernel: VM: do_try_to_free_pages failed for ... ?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index