portmapper scans and Linux hacking

Anderson Johnston andy at umbc.edu
Sat Aug 11 20:34:30 GMT 2001

Around ten days ago it seemed like the daily scans of our campus were
tending towards 111 scans.  During this last week I've found four
un-patched Linux systems - the hacks seem recent.  Also, all the systems
I've had post-mortem access to so far were running PsyBNC.  Three of them
were actively scanning the Internet for port 111, as well.

Anyone else seeing this?  It's like someone has remembered the portmapper
bug and is digging out all our unpatched Linux boxen.  (It's one way to
find them, I guess.)

				- andy

** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
** Distributed Systems Manager            * PGP key:(afj2000) 1024/F67035E1 **
** Office of Information Technology, UMBC *        5D 44 1E 2E A6 7C 91 7A  **
** 410-455-2583 (v)/410-455-1065 (f)      *        C4 66 5F D5 BA B9 F6 58  **

More information about the unisog mailing list