Security Incidents mailing list archives
Re: odd message showing up logs...
From: bugtraq () NETWORKICE COM (Robert Graham)
Date: Sun, 7 May 2000 18:24:33 -0700
http://www.robertgraham.com/pubs/firewall-seen.html#rpc390109 The system 24.237.52.26 is probably a Sun machine running Solstice Backup. It is located on your same cable-modem segment. It sends out periodic UDP broadcasts using the standard 'callit' portmapper feature. This is part of the "background radiation" on such segments. I'll bet that your firewall isn't as tight as it seems. I'll bet that your IPCHAINS rules are letting broadcasts through. Rob. -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On Behalf Of Josh Burroughs Sent: Thursday, May 04, 2000 12:39 AM To: INCIDENTS () securityfocus com Subject: odd message showing up logs... I'm getting odd log entry: May 3 22:14:12 discworld portmap[2371]: connect from 24.237.52.26 to callit(390109): request from unauthorized host Ok discworld is the name of my server, it's a linux box, RH6.1, has a pretty tight firewall plus uses tcp wrappers, only machines inside my little private network have access to most serives, http is open and a handful of hosts have ftp access. I am running NFS and I do have port 111 tcp/udp block in the firewall. This entry just strikes me as odd and I was hoping someone could explain what it means. Thanks in advance. "The only difference between me and a madman is that I am not mad." - Salvador Dali Josh Burroughs
Current thread:
- Re: Lots netbios scans (udp 137) Ben Laws (May 01)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 03)
- Re: Lots netbios scans (udp 137) Bryan Andersen (May 03)
- odd message showing up logs... Josh Burroughs (May 04)
- Re: odd message showing up logs... Rick Redman (May 06)
- amd exploit(ed)? Paulo Ribeiro (May 07)
- Re: amd exploit(ed)? Mike Murray (May 08)
- Re: amd exploit(ed)? Erich Meier (May 09)
- Re: amd exploit(ed)? Jim Zajkowski (May 09)
- Re: odd message showing up logs... Robert Graham (May 07)
- Port 109 Scans Eric Maiwald (May 04)
- Re: Port 109 Scans Stone (May 06)
- Re: Lots netbios scans (udp 137) Erich Meier (May 04)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 04)
- Oversized packets Paulo Ribeiro (May 04)
- Re: Oversized packets Keith Owens (May 06)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 03)