Security Incidents mailing list archives
Re: funky syslog entry
From: Erich.Meier () INFORMATIK UNI-ERLANGEN DE (Erich Meier)
Date: Wed, 28 Jun 2000 11:58:43 +0200
On Mon, Jun 26, 2000 at 05:44:25PM -0400, klug wrote:
While searching through syslog entries I found this little tid bit. Others and I, believe its some sort of scan. Any ideas are welcome. Portmap has sense been removed from this server. klug Jun 24 14:39:10 * portmap[27279]: connect from 193.40.245.45 to dump(): request from unauthorized host
Someone ran "rpcinfo -p <yourhost>" and tried to dump a list of your RPC services. It seems you're running Wietse Venema's portmapper with TCP wrapping enabled. Look in /etc/hosts.allow and /etc/hosts.deny which hosts are allowed or denied portmap access. You should find a line similar to portmap: X.Y.Z.0/255.255.255.0 where X.Y.Z.0 is your local network (assuming a 24-bit netmask). YMMV. Erich -- Erich Meier Erich.Meier () informatik uni-erlangen de http://www4.informatik.uni-erlangen.de/~meier/ "People are starving to death in this world and somebody had time for this..." http://webpages.mr.net/bobz/ttyquake/
Current thread:
- Re: Connections to port 635 ??, (continued)
- Re: Connections to port 635 ?? Robert Graham (Jun 23)
- Nike Site taken over F_SecurityList Jo (Jun 21)
- Re: Nike Site taken over Steve (Jun 22)
- Re: Nike Site taken over Ex Machina (Jun 22)
- Re: Nike Site taken over Joel de la Garza (Jun 23)
- Re: Nike Site taken over Aviram Jenik (Jun 24)
- Re: Nike Site taken over Valdis Kletnieks (Jun 26)
- funky syslog entry klug (Jun 26)
- Re: funky syslog entry Valdis Kletnieks (Jun 27)
- Re: funky syslog entry Jens Hektor (Jun 27)
- Re: funky syslog entry Erich Meier (Jun 28)
- Re: funky syslog entry Sean Michael Whipkey (Jun 28)
- blind forwards Keith McCammon (Jun 28)
- Re: blind forwards Ex Machina (Jun 29)
- Re: blind forwards Brock Norvell (Jun 29)
- Re: blind forwards John Hall (Jun 29)
- Re: blind forwards David Pick (Jun 30)
- Re: funky syslog entry UnixGeek (Jun 29)
- Re: funky syslog entry Chris West (Jun 29)
- wuftp exploit Toby Miller (Jun 28)
- Re: wuftp exploit Daniel Jacobowitz (Jun 28)