hi,
>* Edward Dekkers ([EMAIL PROTECTED]) wrote:
> 'possible stealth scan from unknown on port 111'. It did not do it while it
> was here.
>
> Am I chasing my tail here? Should I be worried by the messages? Or, as
> usual being overly cautious? I should mention that the customer wanted a
> Linux box because of the amount of virii and trojans that seemed to be
> magically appearing from everywhere, and he wanted a firewall configuration
> to stop that kind of stuff. I'm just worried one of the 'trojans' has stuck
> behind even though I checked the running processes on all boxes on the
> network.
$ cat /etc/services | grep -e "111"
gives you detail about the service. port 111 is a wellknown port for
crackers. its is required only for applications using RPC(remote procedure calls)
like NFS (network file sharing).
stop the rpc service immediately . you should never activate this service
on gateway/firewall machines. its allright using it in local network but never on
internet.
# /etc/init.d/portmap stop
# chkconfig --del portmap
-cheers-
rk
--
---------------------------------------------
Ramakrishna | [EMAIL PROTECTED]
Exocore Consulting | http://www.exocore.com
Bangalore, India | +91 (80) 344-0397
---------------------------------------------
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
