Incidents 02-18-02 10:44am


Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Feb 18 10:44:36 greatwall snort: [1:0:0] TCP to 111 sunrpc {TCP}
 63.66.22.142:4936 -> 12.82.142.34:111
Feb 18 10:44:39 greatwall snort: [1:0:0] TCP to 111 sunrpc {TCP}
 63.66.22.142:4936 -> 12.82.142.34:111


Feb 18 10:44:36 greatwall kernel: Packet log: input DENY ppp0 PROTO=6
 63.66.22.142:4936 12.82.142.34:111
 L=60 S=0x00 I=33574 F=0x4000 T=50 SYN (#64)
Feb 18 10:44:39 greatwall kernel: Packet log: input DENY ppp0 PROTO=6
 63.66.22.142:4936 12.82.142.34:111
 L=60 S=0x00 I=36735 F=0x4000 T=50 SYN (#64)


Mon Feb 18 10:44:36 2002 63.66.22.142 [15 hops]: Linux 2.2.9 - 2.2.18
 63.66.22.142:4936 -> 12.82.142.34:111 (timestamp: 696846865 @1014057876)
Mon Feb 18 10:44:39 2002 63.66.22.142 [15 hops]: Linux 2.2.9 - 2.2.18
 63.66.22.142:4936 -> 12.82.142.34:111 (timestamp: 696847166 @1014057879)


BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
 1999-2001 William E. Weinman 

UUNET Technologies, Inc. 
(NETBLK-UUNET63) UUNET63   63.64.0.0 - 63.127.255.255

Data Tracking Associ (NETBLK-UU-63-66-22-128) UU-63-66-22-128
   63.66.22.128 - 63.66.22.255


Data Tracking Associ (NETBLK-UU-63-66-22-128)
   4200 Montrose Blvd.
   Houston, TX 77006
   US

Netname: UU-63-66-22-128
   Netblock: 63.66.22.128 - 63.66.22.255    

Coordinator:
      Wallis, David  (DW268-ARIN)  david@DTAHOU.COM
      713-630-0079
Pretty common stuff: a probe of tcp:111 sunrpc/portmapper; several exploits/vulnerabilities exist..
This page last preened by Webmaster jsage@finchhaven.com on:
Last modified: Mon Feb 18 15:33:47 2002