Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] ports
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 23 May 2001 21:15:00 +0300
  • Message-id: <20010523211500.A18249@xxxxxxxxxxxxxxxxxx>
* S.Toms <smotrs@xxxxxxxxxxxxxx> [010523 21:07]:
> Hey all,
> Quick question, every once in a while (via portsentry) I see the
> following appear in /var/log/messages
>
> May 20 13:34:25 pipedream kernel: Packet log: input DENY eth0 PROTO=6
> 203.133.11.2:1543 xxx.xxx.xx.xxx:111 L=60 S=0x00 I=41515 F=0x4000 T=47 SYN (#66)
> May 20 14:08:05 pipedream kernel: Packet log: input DENY eth0 PROTO=6
> 136.145.187.100:1442 xx.xx.xxx.xxx:111 L=60 S=0x00 I=40735 F=0x4000 T=49 SYN (#66)
>
> it's being denied, but am I right in believing that's port 66 which is for
> Oracle SQL? or is it something else. The other ones I see is 11, and
> occasionally 69 I only get maybe a few of these a day, similar addresses
> each day, but nothing else from them, no other probes or queries show up.


Excuse me but the only thing I see here is 203.133.11.2 from
source port 1543 is trying to reach your ip to destionation port 111
which is according to /etc/services is sunrpc request.

AFAIK requests to port 111 is very common unless you have in your logs
to other ports as you say there may be other probes but this is
clearly rpc request good you are denying




--
Togan Muftuoglu


< Previous Next >
Follow Ups
References