Hi folks, our servers keep logging system-scans on port 111 for some months now. Obviously some people try to find systems accepting connections on port 111 (sunrpc). Besides of the traffix generated by this (okay, one scan means very little traffic, but up to 10 scans per day, and this every day on every IP we accept sums up to enough traffic to be concerned) and besides of the fact that our servers are no playground for script-kiddies *sigh*, my question is: Do I have to be alarmed ? And what can I do against it ? I already run portsentry, but our /etc/hosts.deny keeps growing day by day. Whats up with this port 111 ? I know the normal pubscans and proxy-scans, but these are done on port 20,21 and 1080, not on 111... I'm a little confused now, because these scans grow. It began with 2-5 scans per week and now we log (as I already said) up to 10 scans per day. Can someone please explain what's going on there and if there is a way to stop it ? Thanks in advance. --- -------------------------------------------- Stephan M. Ott // OKDesign oHG ............. Internet-Providing und Netzwerkmanagement .. smo@okdesign.de ..... http://www.okdesign.de fon. +49 961 3814139 .. fax. +49 961 3814140 in dringenden faellen: mobil. 0171-7858064 . --------------------------------------------