[EMAIL PROTECTED] wrote:
>
> I have been noticing an unusual number of probes to these ports recently.
> I am guessing the 515 target is a solaris printer service overflow bug
> mentioned on www.securityfocus.com last week, but I am not sure what is
> attracting so many to the 111 (sunrpc) port.
On Thu, 28 Jun 2001, Billy Jacobs wrote:
> I have been seeing the same thing as of late. Just went through my
> email reports, and it seems like I am getting hit mostly from the
> following addresses on ports 111 and 515:
>
> (sorted / uniq-ed)
> 24.93.164.129:2555 ---> my.ip.add.ress:111
a1-1
Billy Jacobs wrote:
> I have been seeing the same thing as of late. Just went through my
> email reports, and it seems like I am getting hit mostly from the
> following addresses on ports 111 and 515:
Port 111 is the RPC port, which hosts things like NIS (security risk)
and NFS (security risk).
I have been seeing the same thing as of late. Just went through my
email reports, and it seems like I am getting hit mostly from the
following addresses on ports 111 and 515:
(sorted / uniq-ed)
24.93.164.129:2555 ---> my.ip.add.ress:111
61.129.68.18:2913 ---> my.ip.add.ress:111
61.159.62.12:5151
I get those since I installed my LRP & cablemodem some months ago. Always
wanted to ask what they (?) are trying to do, never found myself actually
sending the message out :-). Besides those ports 515 & 111, I also have
people trying out port 21 at about the same frequenty as the other two
ports.
