Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: odd message showing up logs...

From: bugtraq () NETWORKICE COM (Robert Graham)
Date: Sun, 7 May 2000 18:24:33 -0700

http://www.robertgraham.com/pubs/firewall-seen.html#rpc390109

The system 24.237.52.26 is probably a Sun machine running Solstice Backup.
It is located on your same cable-modem segment. It sends out periodic UDP
broadcasts using the standard 'callit' portmapper feature. This is part of
the "background radiation" on such segments.

I'll bet that your firewall isn't as tight as it seems. I'll bet that your
IPCHAINS rules are letting broadcasts through.

Rob.

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On
Behalf Of Josh Burroughs
Sent: Thursday, May 04, 2000 12:39 AM
To: INCIDENTS () securityfocus com
Subject: odd message showing up logs...

I'm getting odd log entry:

May  3 22:14:12 discworld portmap[2371]: connect from 24.237.52.26 to
callit(390109): request from unauthorized host

Ok discworld is the name of my server, it's a linux box, RH6.1, has a
pretty tight firewall plus uses tcp wrappers, only machines inside my
little private network have access to most serives, http is open and a
handful of hosts have ftp access. I am running NFS and I do have port 111
tcp/udp block in the firewall. This entry just strikes me as odd and I was
hoping someone could explain what it means. Thanks in advance.

"The only difference between me and a madman is that I am not mad."
- Salvador Dali

Josh Burroughs
Previous By Date Next
Previous By Thread Next

Current thread: