Intrusion Detection Systems mailing list archives

Probing RPC

From: Subba Rao <subba9 () home com>
Date: Fri, 18 May 2001 08:09:51 +0000

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
I was analyzing at my TCPDUMP logs from yesterday and found this entry,

----------------------------
(0)root@myhost:/backup/net-log.d => tcpdump -r tcpdump-051701 'dst port 111 and not src host 1.1.1.1'

23:32:46.554793 h24-67-209-122.du.shawcable.net.4407 > cb202558-a.rmvll1.il.home.com.sunrpc: S 2955654859:2955654859(0) 
win 32120 <mss 1460,sackOK,timestamp 114022005[|tcp]> (DF)
----------------------------

I have changed my address in the tcpdump filter. Someone here is probing
someelse's machine and why did this get to my machine? Is there anything else
I need to look at in the tcpdump logs?

Thank you in advance for any help.

-- 

Subba Rao
subba9 () home com
http://members.home.net/subba9/

GPG public key ID 27FC9217

Current thread:

Probing RPC Subba Rao (May 18)