Security Incidents: Re: Port 111 Scans (odd single IP# probes too)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Port 111 Scans (odd single IP# probes too)

From: Rob Kouwenberg <rob () KOUWENBERG COM>
Date: Thu, 15 Mar 2001 17:51:37 +0100

Hi,


Here is a list of the IP's that have done repeated (ie more than 1)
rpc scans on our networks:
Abuse / Tech contacts have been informed. Quite a few from the .kr
region with no response / usual response.


In comp.security.unix these .kr blocks were mentioned :

202.6.95.0/24
202.14.103.0/24
202.14.165.0/24
202.20.82.0/24
202.20.84.0/24
202.20.86.0/24
202.20.99.0/24
202.20.119.0/24
202.20.128.0/17
202.20.0.0/21
202.30.0.0/15
203.224.0.0/11
210.90.0.0/15
210.92.0.0/14
210.96.0.0/11
210.178.0.0/15
210.180.0.0/14
210.204.0.0/14
210.216.0.0/13
211.32.0.0/11
211.104.0.0/13
211.112.0.0/13
211.168.0.0/13
211.176.0.0/12
211.192.0.0/12

Use it to your own advantage ...

By Date By Thread

Current thread:

Re: SNMP Scans, (continued)
- Re: SNMP Scans Chris Schuler (Mar 13)
  - Re: SNMP Scans John Oliver (Mar 14)
  - Port 111 Scans (odd single IP# probes too) Bryan Andersen (Mar 14)
    - Re: Port 111 Scans (odd single IP# probes too) Scott Nursten (Mar 15)
    - Re: Port 111 Scans (odd single IP# probes too) Rob Kouwenberg (Mar 15)
  - Re: SNMP Scans John (Mar 14)
  - Re: SNMP Scans Eric Kimminau (Mar 14)
  - Re: SNMP Scans Golden_Eternity (Mar 15)