Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: ports
  • From: "S.Toms" <smotrs@xxxxxxxxxxxxxx>
  • Date: Wed, 23 May 2001 11:51:58 -0700 (PDT)
  • Message-id: <Pine.LNX.4.21.0105231135290.29252-100000@xxxxxxxxxxxxxxxxxxx>
On Wed, 23 May 2001, Togan Muftuoglu wrote:

tm> * S.Toms <smotrs@xxxxxxxxxxxxxx> [010523 21:07]:
tm> > Hey all,
tm> > Quick question, every once in a while (via portsentry) I see the
tm> > following appear in /var/log/messages
tm> >
tm> > May 20 13:34:25 pipedream kernel: Packet log: input DENY eth0 PROTO=6
tm> > 203.133.11.2:1543 xxx.xxx.xx.xxx:111 L=60 S=0x00 I=41515 F=0x4000 T=47 SYN (#66)
tm> > May 20 14:08:05 pipedream kernel: Packet log: input DENY eth0 PROTO=6
tm> > 136.145.187.100:1442 xx.xx.xxx.xxx:111 L=60 S=0x00 I=40735 F=0x4000 T=49 SYN (#66)
tm> >
tm>
tm> Excuse me but the only thing I see here is 203.133.11.2 from
tm> source port 1543 is trying to reach your ip to destionation port 111
tm> which is according to /etc/services is sunrpc request.
tm>

Yeah, I was looking in the wrong place, I forgot the port comes directly
after the address. :)

tm> AFAIK requests to port 111 is very common unless you have in your logs
tm> to other ports as you say there may be other probes but this is
tm> clearly rpc request good you are denying
tm>

yep :) hey, I noticed in /etc/services that 0 is reserved, what eactly
is it reserved for? It's just commented out with reserved following. I
ask cause I got hits on that port as well.

--
S.Toms - smotrs@xxxxxxxxxxxxxx - www.mindspring.com/~smotrs
SuSE Linux v7.0+ - Kernel 2.2.18

Acid -- better living through chemistry.


< Previous Next >
References