RPC Probes
From: George Burns (adr@lanline.com)
Date: 03/03/03
- Next message: phn@icke-reklam.ipsec.nu: "Re: RPC Probes"
- Previous message: Bill Unruh: "Re: Info for Crack 5.0"
- Next in thread: phn@icke-reklam.ipsec.nu: "Re: RPC Probes"
- Reply: phn@icke-reklam.ipsec.nu: "Re: RPC Probes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "George Burns" <adr@lanline.com> Date: 3 Mar 2003 11:43:19 -0600
Hello All,
Here are log-entries showing probes to Port 111. I'm actually not too
worried about them. What really caught my eye was the timing. The probes are
in pairs; each 6, 12 and 24 seconds apart. I was wondering if anyone had any
insight into that.
Very Grateful,
George
Mar 2 18:48:01 XXX kernel: auditIN=eth0 OUT= MAC=XXX SRC=216.130.186.207
DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=9943 DF PROTO=TCP SPT=2814
DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0
Mar 2 18:48:01 XXX kernel: PUB_IN DROP 4 IN=eth0 OUT= MAC=XXX
SRC=216.130.186.207 DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=9943 DF
PROTO=TCP SPT=2814 DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0
Mar 2 18:48:07 XXX kernel: auditIN=eth0 OUT= MAC=XXX SRC=216.130.186.207
DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=10904 DF PROTO=TCP SPT=2814
DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0
Mar 2 18:48:07 XXX kernel: PUB_IN DROP 4 IN=eth0 OUT= MAC=XXX
SRC=216.130.186.207 DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=10904 DF
PROTO=TCP SPT=2814 DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0
Mar 2 18:48:19 XXX kernel: auditIN=eth0 OUT= MAC=XXX SRC=216.130.186.207
DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=11809 DF PROTO=TCP SPT=2814
DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0
Mar 2 18:48:19 XXX kernel: PUB_IN DROP 4 IN=eth0 OUT= MAC=XXX
SRC=216.130.186.207 DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=11809 DF
PROTO=TCP SPT=2814 DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0
Mar 2 18:48:43 XXX kernel: auditIN=eth0 OUT= MAC=XXX SRC=216.130.186.207
DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=12671 DF PROTO=TCP SPT=2814
DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0
Mar 2 18:48:43 XXX kernel: PUB_IN DROP 4 IN=eth0 OUT= MAC=XXX
SRC=216.130.186.207 DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=12671 DF
PROTO=TCP SPT=2814 DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0
- Next message: phn@icke-reklam.ipsec.nu: "Re: RPC Probes"
- Previous message: Bill Unruh: "Re: Info for Crack 5.0"
- Next in thread: phn@icke-reklam.ipsec.nu: "Re: RPC Probes"
- Reply: phn@icke-reklam.ipsec.nu: "Re: RPC Probes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
