From owner-freebsd-security  Fri Feb  9  0: 7:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hq1.tyfon.net (hq1.tyfon.net [217.27.162.35])
	by hub.freebsd.org (Postfix) with ESMTP id 6787A37B491
	for <freebsd-security@freebsd.org>; Fri,  9 Feb 2001 00:07:11 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hq1.tyfon.net (Postfix) with ESMTP id DC55E1C7EC
	for <freebsd-security@freebsd.org>; Fri,  9 Feb 2001 09:07:08 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by hq1.tyfon.net (Postfix) with ESMTP id 09A8F1C7D8
	for <freebsd-security@freebsd.org>; Fri,  9 Feb 2001 09:07:03 +0100 (CET)
Date: Fri, 9 Feb 2001 09:07:02 +0100 (CET)
From: Dan Larsson <dl@tyfon.net>
To: <freebsd-security@freebsd.org>
Subject: Lots of attempts to connect to sunrpc port
Message-ID: <Pine.BSF.4.32.0102090853410.58451-100000@hq1.tyfon.net>
Organization: Tyfon Svenska AB
X-NCC-NIC: DL1999-RIPE
X-NCC-RegID: se.tyfon
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by hq1.tyfon.net
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I assume that there was/is a bug in the sunrpc daemon. Exploting that bug
might render access to the computer in some way. Fortunately there's
nothing listening on that port on the attacked computer.

Is this something to take seriously or am I looking at the effects of
script kiddies?

Log snippet:

Deny TCP 211.184.221.34:1870 xxx.xxx.xxx.xxx:111 in via fxp0
Deny TCP 211.184.221.34:1870 xxx.xxx.xxx.xxx:111 in via fxp0
Deny TCP 200.47.77.226:1855 xxx.xxx.xxx.xxx:111 in via fxp0
Deny TCP 211.216.53.156:4629 xxx.xxx.xxx.xxx:111 in via fxp0
Deny TCP 64.94.79.200:2912 xxx.xxx.xxx.xxx:111 in via fxp0
Deny TCP 64.94.79.200:2912 xxx.xxx.xxx.xxx:111 in via fxp0
Deny TCP 211.174.58.101:111 xxx.xxx.xxx.xxx:111 in via fxp0
Deny TCP 217.13.4.50:1774 xxx.xxx.xxx.xxx:111 in via fxp0
Deny TCP 64.56.207.76:1137 xxx.xxx.xxx.xxx:111 in via fxp0
Deny TCP 212.184.103.11:4622 xxx.xxx.xxx.xxx:111 in via fxp0
Deny TCP 211.219.84.99:2779 xxx.xxx.xxx.xxx:111 in via fxp0


Regards
+------
Dan Larsson      | Tel:   +46 8 550 120 21
Tyfon Svenska AB | Fax:   +46 8 550 120 02
GPG and PGP keys | finger dl@hq1.tyfon.net






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message