* S.Toms
Hey all, Quick question, every once in a while (via portsentry) I see the following appear in /var/log/messages
May 20 13:34:25 pipedream kernel: Packet log: input DENY eth0 PROTO=6 203.133.11.2:1543 xxx.xxx.xx.xxx:111 L=60 S=0x00 I=41515 F=0x4000 T=47 SYN (#66) May 20 14:08:05 pipedream kernel: Packet log: input DENY eth0 PROTO=6 136.145.187.100:1442 xx.xx.xxx.xxx:111 L=60 S=0x00 I=40735 F=0x4000 T=49 SYN (#66)
it's being denied, but am I right in believing that's port 66 which is for Oracle SQL? or is it something else. The other ones I see is 11, and occasionally 69 I only get maybe a few of these a day, similar addresses each day, but nothing else from them, no other probes or queries show up.
Excuse me but the only thing I see here is 203.133.11.2 from source port 1543 is trying to reach your ip to destionation port 111 which is according to /etc/services is sunrpc request. AFAIK requests to port 111 is very common unless you have in your logs to other ports as you say there may be other probes but this is clearly rpc request good you are denying -- Togan Muftuoglu