Thanks Wayne,
I found this about two hours after I had made the post. Everything is secured
according to the info I had read.
thanks--
Wayne Dyer wrote:
> Robert Canary wrote:
> > Hi,
> >
> > I got these messages in the log files and can't figure out what they
> > are, I believe strongly it is a failed attack, but on what sort of
> > exploit, and what are they trying to accomplish inorder to get root
> > access? or Dos?
> >
> > Mar 2 19:54:01 mchn3 portmap[27354]: connect from 210.65.216.151 to
> > dump(): request from unauthorized host
>
> >From a quick Deja search I found that the dump() function of portmap is to
> provide a list of all available RPC services. To see what that would
> return, run `/usr/sbin/rpcinfo -p localhost`.
>
> The message about the "unauthorized host" indicates that the request was
> successfully blocked.
>
> However, from further reading, having portmapper running on a machine
> connected to the net is not a Good Thing. The recommendation I read was
> that 1) if you're not using NFS turn it off, and 2) if you need to be
> running portmapper, put the machine behind a firewall. Another suggestion
> was to simply use ipchains to DENY requests to port 111.
>
> -W-
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
robert canary
system services
OhioCounty.Net
[EMAIL PROTECTED]
(270)298-9331 Office
(270)298-7449 Fax
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
