Robert Canary wrote:
> Hi,
>
> I got these messages in the log files and can't figure out what they
> are, I believe strongly it is a failed attack, but on what sort of
> exploit, and what are they trying to accomplish inorder to get root
> access? or Dos?
>
> Mar 2 19:54:01 mchn3 portmap[27354]: connect from 210.65.216.151 to
> dump(): request from unauthorized host
>From a quick Deja search I found that the dump() function of portmap is to
provide a list of all available RPC services. To see what that would
return, run `/usr/sbin/rpcinfo -p localhost`.
The message about the "unauthorized host" indicates that the request was
successfully blocked.
However, from further reading, having portmapper running on a machine
connected to the net is not a Good Thing. The recommendation I read was
that 1) if you're not using NFS turn it off, and 2) if you need to be
running portmapper, put the machine behind a firewall. Another suggestion
was to simply use ipchains to DENY requests to port 111.
-W-
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
