Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: funky syslog entry

From: Erich.Meier () INFORMATIK UNI-ERLANGEN DE (Erich Meier)
Date: Wed, 28 Jun 2000 11:58:43 +0200

On Mon, Jun 26, 2000 at 05:44:25PM -0400, klug wrote:

While searching through syslog entries I found this little tid bit.
Others and I, believe its some sort of scan. Any ideas are welcome.
Portmap has sense been removed from this server.

klug

Jun 24 14:39:10 * portmap[27279]:
connect from 193.40.245.45 to dump(): request from unauthorized host


Someone ran "rpcinfo -p <yourhost>" and tried to dump a list of your RPC
services.

It seems you're running Wietse Venema's portmapper with TCP wrapping enabled.
Look in /etc/hosts.allow and /etc/hosts.deny which hosts are allowed or denied
portmap access. You should find a line similar to
        portmap: X.Y.Z.0/255.255.255.0
where X.Y.Z.0 is your local network (assuming a 24-bit netmask).

YMMV.

Erich

--
Erich Meier                              Erich.Meier () informatik uni-erlangen de
                                 http://www4.informatik.uni-erlangen.de/~meier/
 "People are starving to death in this world and somebody had time for this..."
                                      http://webpages.mr.net/bobz/ttyquake/
Previous By Date Next
Previous By Thread Next

Current thread: