Security Incidents: Re: Aggresive RPC & DNS scans from Korean hosts

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Aggresive RPC & DNS scans from Korean hosts

From: dano <dano () PHINK ORG>
Date: Tue, 20 Mar 2001 11:22:37 -0500

On Mon, 19 Mar 2001, Joseph Nicholas Yarbrough wrote:

In the spirit of owned korean hosts, a we have been getting aggresive scans
from 203.232.4.4 on tcp/53 and tcp/111. (perhaps more)

-Nick


We've been getting scanned by that same ip for port 53 since Saturday, avg
about one system every 15 mins.  Think it finally stopped an hour ago.

Last system scanned indicates that they hit ports 53, 111, 515, 3128.

--Dano

By Date By Thread

Current thread:

Strange accumulation of scans from Korea (KORNET/HANANET) Ralf G. R. Bergs (Mar 09)
- Re: Strange accumulation of scans from Korea (KORNET/HANANET) John (Mar 09)
  - Re: Strange accumulation of scans from Korea (KORNET/HANANET) Ralf G. R. Bergs (Mar 14)
    - Aggresive RPC & DNS scans from Korean hosts Joseph Nicholas Yarbrough (Mar 20)
    - Re: Aggresive RPC & DNS scans from Korean hosts dano (Mar 20)
    - Re: Aggresive RPC & DNS scans from Korean hosts Matt W. (Mar 20)