After much discussion on this list about portmap and fam_sig, I turned portmap back on to see what would happen. I have not had port 111 requests in my logs for a long time, but guess what, someone wants to look at my portmap:
[EMAIL PROTECTED] root]# grep DPT=111 /var/log/packets Aug 5 19:43:55 www kernel: tcp_try IN=eth0 OUT= MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=220.66.80.99 DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=58208 DF PROTO=TCP SPT=3816 DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0 Aug 8 05:17:03 www kernel: tcp_try IN=eth0 OUT= MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=198.77.133.120 DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=7973 DF PROTO=TCP SPT=4060 DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0 Just love firewalls!! -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
