I know the normal pubscans and proxy-scans, but these are done on port 20,21 and 1080, not on 111... I'm a little confused now, because these scans grow. It began with 2-5 scans per week and now we log (as I already said) up to 10 scans per day. Can someone please explain what's going on there and if there is a way to stop it ?
If your firewall keeps denying these connection attempts, and if you don't use any remote procedure services (like NFS) on your host(s), your problem seems to be the growing sizes of your logs. If you do not offer rpc services it seems to be valid to switch off logging of these scans/connection attempts.
...or you could add those files to SuSE's log rotation file and let it rotate the logs for you. Jeremy Buchmann [jeremy@wellsgaming.com]