Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

portmap 11/tcp scan every 30 seconds, source port 4435

From: Golden_Eternity <bhodi () BIGFOOT COM>
Date: Tue, 20 Mar 2001 20:15:50 -0800
I've was scanned today exactly every 30 seconds for more than 12 hours. The
source port has remined 4435 for every connection and the target was 111/tcp
(portmap/sunrpc).

I'm guessing that nobody is going to be so bored and anal that they'd do
this manually, so its gotta be a scanner. I didn't see any other connections
during this time; it limited itself to 111. Does anyone recognize this
behavior?

Mar 19 21:28:14 roto-router kernel: Packet log: input DENY eth1 PROTO=17
207.175.251.62:4435 255.255.255.255:111 L=84 S=0x00 I=2431 F=0x0000 T=128
(#1)
Mar 19 21:28:44 roto-router kernel: Packet log: input DENY eth1 PROTO=17
207.175.251.62:4435 255.255.255.255:111 L=84 S=0x00 I=7807 F=0x0000 T=128
(#1)
Mar 19 21:29:14 roto-router kernel: Packet log: input DENY eth1 PROTO=17
207.175.251.62:4435 255.255.255.255:111 L=84 S=0x00 I=9344 F=0x0000 T=128
(#1)
Mar 19 21:29:44 roto-router kernel: Packet log: input DENY eth1 PROTO=17
207.175.251.62:4435 255.255.255.255:111 L=84 S=0x00 I=10880 F=0x0000 T=128
(#1)
Previous By Date Next
Previous By Thread Next

Current thread: