Security Incidents mailing list archives
Re: odd message showing up logs...
From: jlgaddis () BLUERIVER NET (Jeremy Gaddis)
Date: Sat, 6 May 2000 22:39:52 -0500
At 11:38 PM 5/3/00 -0800, Josh Burroughs wrote:
May 3 22:14:12 discworld portmap[2371]: connect from 24.237.52.26 to callit(390109): request from unauthorized host
Ok discworld is the name of my server, it's a linux box, RH6.1, has a pretty tight firewall plus uses tcp wrappers, only machines inside my little private network have access to most serives, http is open and a handful of hosts have ftp access. I am running NFS and I do have port 111 tcp/udp block in the firewall. This entry just strikes me as odd and I was hoping someone could explain what it means. Thanks in advance.
It means your firewall isn't "pretty tight". If only machines inside your private network have access to most services, why was 24.237.52.26 not blocked by your firewall? You shouldn't ever see a connection in the logs, you should see a log entry where the packets to establish the connection were denied by your firewall (when properly configured, that is). May I suggest the usual method of firewalling? Deny everything, then allow only what you explicitly need, from specific hosts. If 24.237.52.26 isn't allowed to access portmap, why did the packets make it through the firewall? You may want to reconsider your firewall configuration. -jg -- Jeremy L. Gaddis <jlgaddis () blueriver net>
Current thread:
- Re: odd message showing up logs... Jeremy Gaddis (May 06)