[37220] in North American Network Operators' Group
Re: black hat .cn networks
daemon@ATHENA.MIT.EDU (Justin Hinderliter)
Mon May 7 16:55:17 2001
Message-ID: <005f01c0d72d$6236c2b0$8f6746cf@interaccess.com>
From: "Justin Hinderliter" <justin@interaccess.com>
To: "Dan Hollis" <goemon@anime.net>
Cc: <linneweh@concentric.net>,
"Elias Halldor Agustsson" <elias@skyrr.is>, <nanog@merit.edu>
Date: Mon, 7 May 2001 14:39:08 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
> The past week i've seen attacks increase 5-fold, mostly 111/udp attacks
> mixed with some lpr and ftp on the side. Also lots of http scanning, which
> I havent seen in quite a while.
Yep, I'd seen them try port 111 scans as well from different hosts, but
since I never run RPC services, they didn't get anything off those. I
usually don't run http services either, but in this case got caught with my
pants down on a temporary exception. I was a few versions behind on apache,
however, as I just found out, which I'm sure didn't help the situation.
Well, back to the autopsy.
Take care and be well.
Justin
