[Snort-users] OT: increased activoty on port 111, anyone?

Martijn Heemels martijn at ...1873...
Wed Sep 26 09:23:02 EDT 2001

Hash: SHA1

Hi all,

During the last week the portsentry boobytrap on port 111 (portmap)
on my linux box has been hit a lot more than usual. Port 111 is one
of the ports that i use to blackhole portscanners (i know how many of
you feel about automatic firewalling, but this is a small homeserver
and the risk of a dos attack by spoofing is acceptable to me).

Also, during the same period i've been getting a lot of 'Lame server'
warnings from my nameserver (runs on the same host), while before I
hardly ever got one.

The timing is a little suspect, in the light of the Nimda worm, so I
wondered whether any of you have a clue.

Any idea on what could cause this?

Thanks, Martijn

P.S. This is a low-traffic LAN connected to the net via Cable with a
redhat masquerading firewall. The box runs about a dozen servers.

- -- 
.: M. Heemels .:. webdesigner :.
.: Eindhoven, NL, martijn at ...1736... :.
.: PGP of S/MIME encrypted e-mail preferred :.

Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3206 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010926/9bdfb22a/attachment.bin>

More information about the Snort-users mailing list