On Wed, 23 May 2001, Togan Muftuoglu wrote:
tm> * S.Toms [010523 21:07]:
tm> > Hey all,
tm> > Quick question, every once in a while (via portsentry) I see the
tm> > following appear in /var/log/messages
tm> >
tm> > May 20 13:34:25 pipedream kernel: Packet log: input DENY eth0 PROTO=6
tm> > 203.133.11.2:1543 xxx.xxx.xx.xxx:111 L=60 S=0x00 I=41515 F=0x4000 T=47 SYN (#66)
tm> > May 20 14:08:05 pipedream kernel: Packet log: input DENY eth0 PROTO=6
tm> > 136.145.187.100:1442 xx.xx.xxx.xxx:111 L=60 S=0x00 I=40735 F=0x4000 T=49 SYN (#66)
tm> >
tm>
tm> Excuse me but the only thing I see here is 203.133.11.2 from
tm> source port 1543 is trying to reach your ip to destionation port 111
tm> which is according to /etc/services is sunrpc request.
tm>
Yeah, I was looking in the wrong place, I forgot the port comes directly
after the address. :)
tm> AFAIK requests to port 111 is very common unless you have in your logs
tm> to other ports as you say there may be other probes but this is
tm> clearly rpc request good you are denying
tm>
yep :) hey, I noticed in /etc/services that 0 is reserved, what eactly
is it reserved for? It's just commented out with reserved following. I
ask cause I got hits on that port as well.
--
S.Toms - smotrs@mindspring.com - www.mindspring.com/~smotrs
SuSE Linux v7.0+ - Kernel 2.2.18
Acid -- better living through chemistry.