RE: Strange network activity

• Previous message: Roach4: "Strange network activity"
• In reply to: Roach4: "Strange network activity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <incidents@securityfocus.com>
Date: Fri, 16 Apr 2004 14:53:12 -0400

> -----Original Message-----
> From: Roach4 [mailto:ml@undergroundportal.com]
> Sent: Friday, April 16, 2004 10:39 AM
> To: incidents@securityfocus.com
> Subject: Strange network activity
>
>
> Hi,
>
> Yesterday we noticed some strange traffic from some internal machines
> trying to contact Japan IP addresses on the port 54875 like 300 times a
> second. We left the office without worrying too much and we came back this
> morning to see that there was external Japan IP addresses which was
> querying internal machines for the RPC vulnerability.
[...]

"noticed...internal machines trying to contact...like 300 times a second."
"left the office without worrying too much"

Please tell me you left out a line line in your message like "so we
firewalled off the internal machines from contacting (inbound and outbound)
the suspect networks."

If so, please disregard the remainder of this note.

If not...
Pardon me for throwing decorum (and sane-sounding responses) out the window,
but WHAT IN THE HOLY HELL WERE YOU PEOPLE FREAKIN' THINKING WHEN YOU JUST UP
AND LEFT??!! I mean really... 300 times a second and this didn't set off
any bells in your heads that there just *might* be a wee bit of a problem on
your network?!?

[Shaking my head in disbelief]
-dsp

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Roach4: "Strange network activity"
• In reply to: Roach4: "Strange network activity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]