black hat .cn networks

Justin Hinderliter justin at
Mon May 7 19:39:08 UTC 2001

> The past week i've seen attacks increase 5-fold, mostly 111/udp attacks
> mixed with some lpr and ftp on the side. Also lots of http scanning, which
> I havent seen in quite a while.

Yep, I'd seen them try port 111 scans as well from different hosts, but
since I never run RPC services, they didn't get anything off those.  I
usually don't run http services either, but in this case got caught with my
pants down on a temporary exception.  I was a few versions behind on apache,
however, as I just found out, which I'm sure didn't help the situation.

Well, back to the autopsy.

Take care and be well.


More information about the NANOG mailing list