Security Incidents mailing list archives

Re: Fw: Critical data found in log files.

From: spaceork () DHP COM (spaceork)
Date: Tue, 23 May 2000 17:01:18 -0400


On Tue, 23 May 2000, Chris West wrote:

Lately I have been seeing quite a few messages like those below.  Could
someone please enlighten me as to what this means.

Thanks
Chris

May 22 17:31:23 ns2 portmap[30423]: connect from 160.12.167.102 to dump():

request from unauthorized host

 May 22 17:31:23 ns2 portmap[30424]: connect from 160.12.167.102 to

dump(): request from unauthorized host

 May 22 17:31:26 ns2 portmap[30425]: connect from 160.12.167.102 to

dump(): request from unauthorized host

 May 22 17:31:26 ns2 portmap[30426]: connect from 160.12.167.102 to

dump(): request from unauthorized host


Looks like someone ran "rpcinfo -p" against your machine. This simply
prints out the rpc programs registered with portmapper, and is very
usefull for attackers to glean system vulnerabilties from.

        -spaceork

"Anyone who considers arithmetical methods of
 producing random digits is, of course, in a
 state of sin."
 -John Von Neumann
---------------------------------------------
spaceork () dhp com
http://www.dhp.com/~spaceork

Current thread:

Fw: Critical data found in log files. Chris West (May 23)
- Re: Fw: Critical data found in log files. spaceork (May 23)