Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
scans to port 111
  • From: "OKDesign oHG Security Webmaster" <security@xxxxxxxxxxx>
  • Date: Thu, 12 Jul 2001 17:10:54 +0200
  • Message-id: <DDEPICOAGDIMJDJDGLLOKEBDCBAA.security@xxxxxxxxxxx>
Hi folks,

our servers keep logging system-scans on port 111 for some months now.
Obviously some people try to find systems accepting connections on port 111
(sunrpc).
Besides of the traffix generated by this (okay, one scan means very little
traffic, but up to 10 scans per day, and this every day on every IP we
accept sums up to enough traffic to be concerned) and besides of the fact
that our servers are no playground for script-kiddies *sigh*, my question
is: Do I have to be alarmed ? And what can I do against it ? I already run
portsentry, but our /etc/hosts.deny keeps growing day by day.
Whats up with this port 111 ?
I know the normal pubscans and proxy-scans, but these are done on port 20,21
and 1080, not on 111...
I'm a little confused now, because these scans grow. It began with 2-5 scans
per week and now we log (as I already said) up to 10 scans per day.
Can someone please explain what's going on there and if there is a way to
stop it ?

Thanks in advance.

---
--------------------------------------------
Stephan M. Ott // OKDesign oHG .............
Internet-Providing und Netzwerkmanagement ..
smo@xxxxxxxxxxx ..... http://www.okdesign.de
fon. +49 961 3814139 .. fax. +49 961 3814140
in dringenden faellen: mobil. 0171-7858064 .
--------------------------------------------


< Previous Next >
Follow Ups