Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Intrusion Detection Systems: Probing RPC

Probing RPC

From: Subba Rao <subba9_at_home.com>
Date: Fri, 18 May 2001 08:09:51 +0000

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner_at_uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo_at_uow.edu.au
-----------------------------------------------------------------------------
I was analyzing at my TCPDUMP logs from yesterday and found this entry,

----------------------------
(0)root_at_myhost:/backup/net-log.d => tcpdump -r tcpdump-051701 'dst port 111 and not src host 1.1.1.1'

23:32:46.554793 h24-67-209-122.du.shawcable.net.4407 > cb202558-a.rmvll1.il.home.com.sunrpc: S 2955654859:2955654859(0) win 32120 <mss 1460,sackOK,timestamp 114022005[|tcp]> (DF)
----------------------------

I have changed my address in the tcpdump filter. Someone here is probing
someelse's machine and why did this get to my machine? Is there anything else
I need to look at in the tcpdump logs?

Thank you in advance for any help. 

-- 
Subba Rao
subba9_at_home.com
http://members.home.net/subba9/
GPG public key ID 27FC9217
Received on May 18 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos