On Sat, 9 Aug 2003 09:55:39 -0500, MKlinke wrote > On Saturday 09 August 2003 09:31, Mike Vanecek wrote: > > After much discussion on this list about portmap and fam_sig, I > > turned portmap back on to see what would happen. I have not had port > > 111 requests in my logs for a long time, but guess what, someone > > wants to look at my portmap: > > > > [EMAIL PROTECTED] root]# grep DPT=111 /var/log/packets > > Aug 5 19:43:55 www kernel: tcp_try IN=eth0 OUT= > > MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=220.66.80.99 > > DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=58208 DF > > PROTO=TCP SPT=3816 DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0 > > Aug 8 05:17:03 www kernel: tcp_try IN=eth0 OUT= > > MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=198.77.133.120 > > DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=7973 DF > > PROTO=TCP SPT=4060 DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0 > > > > Just love firewalls!! > > There are several exploits that use port 111 that run almost > constantly on the Internet. A good resource is dshield.org: > > http://www.dshield.org/port_report.php?port=111&recax=1&tarax=2&srcax=2&percent=N&days=40
Thanks for the cite although that was my assumption. I just found it strange that I had not seen a dropped port 111 packet in my iptables logs for quite a while. The minute I discuss them and open that port up locally, in pop two dropped port 111 packets. Who knows, maybe someone reading this list decided to test it out. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
