[Dshield] Rapid increase in port 113 probes

Bruce Lilly blilly at erols.com
Thu Jun 20 19:22:09 GMT 2002

Port 113 (auth protocol) has had a number of problems with
exploits of severs in the past, and also has some serious privacy
issues.  I've seen a dramatic rise in the number of TCP port
113 probes recently, including from sites in disparate parts of
the IP address space, and including at times when there was no
local activity (and therefore the port 113 probes could not be
"legitimate" auth requests (if there is such a thing)).  Has
anybody else seen this?

More information about the list mailing list