Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] scans to port 111
  • From: Jeremy Buchmann <jeremy@xxxxxxxxxxxxxxx>
  • Date: Thu, 12 Jul 2001 09:11:45 -0700
  • Message-id: <200107121611.JAA10719@xxxxxxxxxxxxxxxxxxx>
I know the normal pubscans and proxy-scans, but these are done on port 20,21
and 1080, not on 111...
I'm a little confused now, because these scans grow. It began with 2-5 scans
per week and now we log (as I already said) up to 10 scans per day.
Can someone please explain what's going on there and if there is a way to
stop it ?

If your firewall keeps denying these connection attempts, and if you don't use
any remote procedure services (like NFS) on your host(s), your problem seems to
be the growing sizes of your logs. If you do not offer rpc services it seems to
be valid to switch off logging of these scans/connection attempts.

...or you could add those files to SuSE's log rotation file and let it rotate the logs for you.

Jeremy Buchmann [jeremy@xxxxxxxxxxxxxxx]

< Previous Next >
References