The Unix workstations in your work environment are running what is called "NIS". This allows for machines to collectively share information between one another, like password files, disks, etc. I would ask around to see if your machine is in 'netgroups'. Netgroups is basically a list of trusted machines on your NIS server, somewhat of a domain controller. If you are in that list, other machines will request information from yours. I would not be weary over these 'attacks' as they are most likely not from users, but just NIS broadcasts from related programs/daemons that run from boot-up. Our Sun machines run NIS+, basically the same as NIS, but more secure. My linux box is not in netgroups and I don't get such broadcasts to my machine.
Dennis -- dpk <[EMAIL PROTECTED]>, Systems/Network | work: 353.4844 Division of Enginnering Computing Services | page: 222.5875 On Wed, 10 Sep 1997, James D. Freels wrote: > This is probably not the right forum for this question, but I am > running on a Debian/GNU machine. If there is a better mailing list > or news group for the question, please let me know. > > I am trying to setup my machine as a 'less open' in my corporate > environment. I have started by having the entry 'ALL: ALL' in my > hosts.deny file. Then I add individual entries in the hosts.allow > file to gain access to my machine. This all works as planned. > > However, what I have found is a tremendous number of attempts to gain > access to my machine that I was unaware of. Some of them are what I > was trying to prevent (in less than a day, about 10 www attempts when > I'm not even set up as an httpd server for example). But, the large > majority of the attempts I don't know much about. Attempts at access > via daemons ypserv, mountd, 300004, and 300214 with most trying > ypserv. These appear to be from SGIs and SUNs which are themselves > running some type of network protocol which periodically probes the > network. > > I would like to eliminate these problems, but don't know where to > start. I can add back the problem machines to my hosts.allow file to > remove the error messages from my log file. This confirms that they > are the problems, but doesn't fix the problem. > > -- > /------------------------------------------------------------------\ > | James D. Freels, P.E._i, Ph.D. | Phone: (423)576-8645 | | L | > | Oak Ridge National Laboratory | FAX: (423)574-9172 | H | I | > | Research Reactors Division | work e-m: [EMAIL PROTECTED] | F | N | > | P. O. Box 2008 | home e-m: [EMAIL PROTECTED] | I | U | > | Oak Ridge, Tennessee 37831-6392 | world's best neutrons! | R | X | > \------------------------------------------------------------------/ > > > -- > TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to > [EMAIL PROTECTED] . > Trouble? e-mail to [EMAIL PROTECTED] . > > -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
