[Snort-users] OT: increased activoty on port 111, anyone?
martijn at ...1873...
Wed Sep 26 09:23:02 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
During the last week the portsentry boobytrap on port 111 (portmap)
on my linux box has been hit a lot more than usual. Port 111 is one
of the ports that i use to blackhole portscanners (i know how many of
you feel about automatic firewalling, but this is a small homeserver
and the risk of a dos attack by spoofing is acceptable to me).
Also, during the same period i've been getting a lot of 'Lame server'
warnings from my nameserver (runs on the same host), while before I
hardly ever got one.
The timing is a little suspect, in the light of the Nimda worm, so I
wondered whether any of you have a clue.
Any idea on what could cause this?
P.S. This is a low-traffic LAN connected to the net via Cable with a
redhat masquerading firewall. The box runs about a dozen servers.
.: M. Heemels .:. webdesigner :.
.: Eindhoven, NL, martijn at ...1736... :.
.: PGP of S/MIME encrypted e-mail preferred :.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3206 bytes
Desc: not available
More information about the Snort-users