No, the port here is 111, which is portmap. Someone is trying to get to your sunrpc services, and they're being denied. Perfectly normal, I get about two dozen of those a day. Regards Anders On Wednesday 23 May 2001 20:01, S.Toms wrote:
Hey all, Quick question, every once in a while (via portsentry) I see the following appear in /var/log/messages
May 20 13:34:25 pipedream kernel: Packet log: input DENY eth0 PROTO=6 203.133.11.2:1543 xxx.xxx.xx.xxx:111 L=60 S=0x00 I=41515 F=0x4000 T=47 SYN (#66) May 20 14:08:05 pipedream kernel: Packet log: input DENY eth0 PROTO=6 136.145.187.100:1442 xx.xx.xxx.xxx:111 L=60 S=0x00 I=40735 F=0x4000 T=49 SYN (#66)
it's being denied, but am I right in believing that's port 66 which is for Oracle SQL? or is it something else. The other ones I see is 11, and occasionally 69 I only get maybe a few of these a day, similar addresses each day, but nothing else from them, no other probes or queries show up. I checked the addresses and their definately not my DHCP server or servers I've used.