On Saturday 09 August 2003 09:31, Mike Vanecek wrote: > After much discussion on this list about portmap and fam_sig, I > turned portmap back on to see what would happen. I have not had port > 111 requests in my logs for a long time, but guess what, someone > wants to look at my portmap: > > [EMAIL PROTECTED] root]# grep DPT=111 /var/log/packets > Aug 5 19:43:55 www kernel: tcp_try IN=eth0 OUT= > MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=220.66.80.99 > DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=58208 DF > PROTO=TCP SPT=3816 DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0 > Aug 8 05:17:03 www kernel: tcp_try IN=eth0 OUT= > MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=198.77.133.120 > DST=192.168.1.95 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=7973 DF > PROTO=TCP SPT=4060 DPT=111 WINDOW=32120 RES=0x00 SYN URGP=0 > > Just love firewalls!!
There are several exploits that use port 111 that run almost constantly on the Internet. A good resource is dshield.org: http://www.dshield.org/port_report.php?port=111&recax=1&tarax=2&srcax=2&percent=N&days=40 Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
