What does this mean ?
Hi List, I'm not quite sure, if this means anything, but perhaps somebody could explain to me, what was happening, Tanks in advance. This is, what the log says : sshd[17874]: connect from 61.139.252.156 sshd[17874]: log: Connection from 61.139.252.156 port 2953 sshd[17874]: log: Could not reverse map address 61.139.252.156. sshd[17874]: fatal: Did not receive ident string. kernel: lockd: connect from unprivileged port: 61.139.252.156:2983<4>lockd: accept failed (err 11)! kernel: lockd: accept failed (err 11)! scanlogd: 61.139.252.156 to 131.220.220.51 ports 22, 80, 443, 1024, 1080, 1313, 1352, 1433, 1494, ..., ???p?uxy, TTL 39 @11:26:00 sshd[17875]: connect from 61.139.252.156 sshd[17875]: log: Connection from 61.139.252.156 port 3099 sshd[17875]: log: Could not reverse map address 61.139.252.156. sshd[17875]: fatal: Did not receive ident string. kernel: lockd: connect from unprivileged port: 61.139.252.156:3129<4>lockd: accept failed (err 11)! kernel: lockd: accept failed (err 11)! scanlogd: 61.139.252.156 to 131.220.220.53 ports 22, 80, 1024, 1080, 1313, 1352, 1433, 1494, 1498, 1524, ..., ???p?uxy @11:26:11 sshd[226]: log: Generating new 768 bit RSA key. sshd[226]: log: RSA key generation complete.
At 11:18 PM 20/06/2001, you wrote:
Hi List,
I'm not quite sure, if this means anything, but perhaps somebody could explain to me, what was happening, Tanks in advance.
This is, what the log says :
sshd[17874]: connect from 61.139.252.156 sshd[17874]: log: Connection from 61.139.252.156 port 2953 sshd[17874]: log: Could not reverse map address 61.139.252.156. sshd[17874]: fatal: Did not receive ident string. kernel: lockd: connect from unprivileged port: 61.139.252.156:2983<4>lockd: accept failed (err 11)! kernel: lockd: accept failed (err 11)! scanlogd: 61.139.252.156 to 131.220.220.51 ports 22, 80, 443, 1024, 1080, 1313, 1352, 1433, 1494, ..., ???p?uxy, TTL 39 @11:26:00 sshd[17875]: connect from 61.139.252.156 sshd[17875]: log: Connection from 61.139.252.156 port 3099 sshd[17875]: log: Could not reverse map address 61.139.252.156. sshd[17875]: fatal: Did not receive ident string. kernel: lockd: connect from unprivileged port: 61.139.252.156:3129<4>lockd: accept failed (err 11)! kernel: lockd: accept failed (err 11)! scanlogd: 61.139.252.156 to 131.220.220.53 ports 22, 80, 1024, 1080, 1313, 1352, 1433, 1494, 1498, 1524, ..., ???p?uxy @11:26:11 sshd[226]: log: Generating new 768 bit RSA key. sshd[226]: log: RSA key generation complete.
You have been port scanned. It also looks like you machine is running a little too much.. You are running lockd which is only needed if you use NFS. Do you use NFS? do a "netstat -nap | grep LISTEN" as root and check that you actually NEED all the stuff you have running. If not, turn it off. Port scans are nothing to worry about as long as you are fully patched.. Viel Spaß Nix - nix@susesecurity.com http://www.susesecurity.com
participants (2)
-
Andreas Meinerzhagen -
Peter Nixon