Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 22 Apr 2001 21:41:15 -0400
From:      "Michael Scheidell" <scheidell@fdma.com>
To:        <freebsd-security@freebsd.org>
Subject:   Re: Connection attempts
Message-ID:  <003a01c0cb96$8d660420$0503a8c0@fdma.com>
References:  <20010423111824.A11827@gumbynet.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

all those darn linux 6.2 system.  They should be replaced with rocks.

----- Original Message -----
From: "Tim Kent" <saboteur@saboteur.cx>
Newsgroups: local.freebsd.security
Sent: Sunday, April 22, 2001 9:18 PM
Subject: Connection attempts


> Hey all,
>
> Over the last few days I have noticed many people trying to connect to
port 111 (portmapper).
> I don't run portmapper but I have log in vain enabled. Are these people
going crazy with rpcinfo or what?
>
> I have attached the related output from dmesg but have changed my IP:

You can look up the 'attackers'  to see if they have attacked others at:

http://www.mynetwatchman.com/mynetwatchman/SearchOpenIncidents.asp

you can DL a copy of the freebsd / ipfw also.
>
> Connection attempt to TCP phoenix:111 from 213.236.151.240:4912
had attacked at least 7 other computers since the 13th.

> Connection attempt to TCP phoenix:111 from 203.250.123.237:3278
One other on the 20th.

> Connection attempt to TCP phoenix:111 from 203.197.150.162:63525
> Connection attempt to TCP phoenix:111 from 203.197.150.162:63525
> Connection attempt to TCP phoenix:111 from 203.197.150.162:64156
persistent bugger, eh?  no others listed
(if you ran the mnwclient, then nynetwatchman would have larted the isp for
you)

> Connection attempt to TCP phoenix:111 from 24.182.49.154:4078
@home cable user, attacked someone on the 18th and @home sent email on the
19th.

> Connection attempt to TCP phoenix:111 from 210.207.57.166:4719
bora.net: lots of attacks must be infected

> Connection attempt to TCP phoenix:111 from 208.53.106.140:3845

look up any others.  you would be amazed how far and wide these hack attacks
range.

80% of them are compromised linux systems (that went unreported... hint...
hint) and are now hacking into other systems.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003a01c0cb96$8d660420$0503a8c0>