Hey there. Just today I installed a server at a customer's place (RedHat 7.2), for use as an internet box. I'd already set it up over here over the last week with the usual suspects (named, dhcpd, squid, iptables, sendmail, fetchmail, pppd, portsentry etc.).
As soon as I threw it onto the customer's network (before I even got to dial out using ppp), portsentry started complaining to the effect of 'possible stealth scan from unknown on port 111'. It did not do it while it was here. Port 111 is listed as sunrpc. I've checked google and some things I find say it's an RPC thing, some say it's a possible attack. Either way, I'm confused. I've tried 'tcpdump -a -i eth0 port 111' but that doesn't bring anything up (mind you, I'm a newbie when it comes to the tcpdump command so it could be wrong). There IS a Windows XP box on the network which I believe has some sort of RPC services running. Am I chasing my tail here? Should I be worried by the messages? Or, as usual being overly cautious? I should mention that the customer wanted a Linux box because of the amount of virii and trojans that seemed to be magically appearing from everywhere, and he wanted a firewall configuration to stop that kind of stuff. I'm just worried one of the 'trojans' has stuck behind even though I checked the running processes on all boxes on the network. Regards, -- Edward Dekkers (Director) Triple D Computer Services Pty. Ltd. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list