"Darren R. Weber"
I have noticed a number of attempts to connect to my "dump()" port in my logs. I haven't worried much because
dump() is not a port, it is a request to the portmapper to show a list of all registered RPC services.
they all seem unsuccessful,
That's good :) You probably have appropriate entries in /etc/hosts.allow and /etc/hosts.deny, then the portmapper doesn't answer this request and logs them with "dump(): request from unauthorized host".
but I am curious why people are trying, what that port is and what it is used for? The attempts are pretty random as far as the offenders IP and how often. As I said I'm just curious if anyone knows?
The people might be trying to find out which RPC services (e.g., mountd, rusersd, rstatd, ypserv, ...) you are running. This information could help to find out something about a system, it's users and possibly vulnerable services it is running. So such a request could be the first step of an attempted attack, but your system seems to be safe against *this* method. Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/