Im no genious but this is what snort has listed in its rules database:
http://www.snort.org/Files/03152001/rpc.rules
You might find that a bit interesting to help... Maybe not... I would
suggest running snort it will give you some details as to what they are
trying to do :)
-Ryan
-----Original Message-----
From: Ward William E DLDN [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 17, 2001 3:33 PM
To: '[EMAIL PROTECTED]'
Subject: Port Scan on Port 111
Hey folks, I'm getting portscanned constantly on tcp Port Scanned on
Port 111 on a machine I have as a firewall.
/etc/services lists that as sunrpc 111/tcp portmapper (RPC 4.0
portmapper).
Ok... it's not open that I can tell, so I'm not in danger... but I find
it curious that's the port everyone wants to handle.
Anyone know what well known Trojan/backdoor/virus/whatever uses 111, or
what well known exploit on the sunrpc exists?
Thanks!
Bill Ward
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
