hkewell

Well-Known Member
May 17, 2002
170
0
316
what is this ?? i can do what ??

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jun 24 18:54:40 earth portsentry[1402]: attackalert: Connect from host: 202.99.192.118/202.99.192.118 to TCP port: 111
Jun 24 18:54:40 earth portsentry[1402]: attackalert: Connect from host: 202.99.192.118/202.99.192.118 to TCP port: 111
Jun 24 18:54:40 earth portsentry[1402]: attackalert: Host: 202.99.192.118 is already blocked. Ignoring
Jun 24 18:54:40 earth portsentry[1402]: attackalert: Connect from host: 202.99.192.118/202.99.192.118 to TCP port: 111
Jun 24 18:54:40 earth portsentry[1402]: attackalert: Host: 202.99.192.118 is already blocked. Ignoring
Jun 24 18:54:40 earth portsentry[1402]: attackalert: Connect from host: 202.99.192.118/202.99.192.118 to TCP port: 111
Jun 24 18:54:40 earth portsentry[1402]: attackalert: Host: 202.99.192.118 is already blocked. Ignoring
 

masood

Well-Known Member
Jun 14, 2002
78
0
156
[quote:bbc00b3520][i:bbc00b3520]Originally posted by hkewell[/i:bbc00b3520]
Host: 202.99.192.118 is already blocked. Ignoring
[/quote:bbc00b3520]

Its already blocked. So do not worry :)
 

itf

Well-Known Member
May 9, 2002
624
0
316
We have lots of attacks on all of our servers each day until you see Host: 202.99.192.118 is already blocked. Ignoring
There is no problem also use WHM -& security -& Quick Security Scan you should get failed for assurance; but if you want to know what they are seeking for read this:

RPC information located at Port 111 is a place to find out where services are running. Numerous vulnerabilities exist, along with exploits ready and waiting for services such as rpcbind and rpcmountd. Network File Service (NFS) has a known rpc-update exploit, the Network Information Service (NIS) update daemon rpc.ypupdated contains vulnerabilities in how it passes commands to certain function calls. This could allow a remote attacker to trick the service into executing arbitrary commands on the system with root privileges. Additionally, client server environments that use remote program calls and port 111 to register and make themselves available, are unfortunately also listing their availability to the less-than nice people who are trying to crack your system. For the unprotected systems that have portmapper running on port 111, a simple &rpcinfo& request is adequate for the potential exploiter to obtain a list of all services running.