Security Incidents mailing list archives
Re: Fw: Critical data found in log files.
From: spaceork () DHP COM (spaceork)
Date: Tue, 23 May 2000 17:01:18 -0400
On Tue, 23 May 2000, Chris West wrote:
Lately I have been seeing quite a few messages like those below. Could someone please enlighten me as to what this means. Thanks Chris
May 22 17:31:23 ns2 portmap[30423]: connect from 160.12.167.102 to dump():request from unauthorized hostMay 22 17:31:23 ns2 portmap[30424]: connect from 160.12.167.102 todump(): request from unauthorized hostMay 22 17:31:26 ns2 portmap[30425]: connect from 160.12.167.102 todump(): request from unauthorized hostMay 22 17:31:26 ns2 portmap[30426]: connect from 160.12.167.102 todump(): request from unauthorized host
Looks like someone ran "rpcinfo -p" against your machine. This simply prints out the rpc programs registered with portmapper, and is very usefull for attackers to glean system vulnerabilties from. -spaceork "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -John Von Neumann --------------------------------------------- spaceork () dhp com http://www.dhp.com/~spaceork
Current thread:
- Fw: Critical data found in log files. Chris West (May 23)
- Re: Fw: Critical data found in log files. spaceork (May 23)