Vraag & Antwoord

Beveiliging & privacy

stealth scan op port 111. Iets te traceren???

6 antwoorden
  • De opzet: Linux OS CentOS4.0 met portsentry/logcheck geconfigureerd. Elk uur krijg ik een melding over hetgeen zich afspeelt op en rond mijn pc. Zie output: [code:1:c5089b5f65]May 31 07:01:01 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:22 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:23 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:24 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:24 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:25 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:25 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:26 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:30 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:30 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:31 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:31 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:33:59 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:00 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:05 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:05 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:09 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:10 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:37 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:37 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:52 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:34:55 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:47:46 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:49:20 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:53:45 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:54:45 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:59:23 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 19:59:34 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 20:00:01 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 20:00:02 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 20:01:01 fedora portsentry[2248]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) Security Violations =-=-=-=-=-=-=-=-=-= May 31 07:01:01 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:22 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:23 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:24 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:24 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:25 fedora shutdown: shutting down for system halt May 31 07:46:25 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:25 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:26 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:30 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:30 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:31 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed) May 31 07:46:31 fedora portsentry[2261]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept [/code:1:c5089b5f65] Is er iets van die persoon te traceren?? Port 111 blijkt een vulnerability te zijn in Linux. Bij mij staat deze gewoon stealth. Dank
  • niemand.. tja,, julie hebben het natuurlijk te druk om alle mensen met een hijack te helpen :wink: hehe,, zal voortaan zulke problemen in Sectie Linux zetten.
  • Dit is weer andere materie, en daar ben ik niet zo in thuis.
  • Het is lang geleden dat ik voor het laatst portsentry heb gebruikt. Maar tenzij je in bijv. een logbestand van portsentry het ip-adres van die persoon kan vinden kan je weinig traceren. Overigens kan ik in mijn logbestand geen connection attempts op poort 111 vinden. Heb je misschien een linkje naar die vulnerability?
  • scanners zullen er altijd zijn, zodra er weer een vulnerability bekend is zullen hele ip ranges gescanned worden. Echter zal dit bijna altijd vanaf een andere gehackte pc gebeuren, dus het ip adres wat je misschien vindt is nooit van de dader zelf.
  • Port 111 is a security vulnerability for UNIX systems due to the number of vulnerabilities discovered for the portmapper and related RPC services Deze port is een "standaard" port die iedere exploitscanner zal proberen, afhankelijk of je scans op deze port logt of niet zal je deze dus terug zien, is mijn inziens verder niks om aandacht aan te besteden.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.