Thanks, that is what I wanted to know. That is about what I thought was going on. I did set up hosts.allow and hosts.deny a long time ago to limit the few services I do run. The log entry you list is exactly what I have seen. I have just about everything turned off on here, and in another week or so I am going to move this machine behind an LRP router and firewall, so their attempts will be even more difficult. :-) Thanks for the info. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Darren R. Weber drw@linuxfan.com ICQ# 2849193 http://drw.penguinpowered.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On Wed, 26 Apr 2000, Eilert Brinkmann wrote:
"Darren R. Weber"
wrote: I have noticed a number of attempts to connect to my "dump()" port in my logs. I haven't worried much because
dump() is not a port, it is a request to the portmapper to show a list of all registered RPC services.
they all seem unsuccessful,
That's good :) You probably have appropriate entries in /etc/hosts.allow and /etc/hosts.deny, then the portmapper doesn't answer this request and logs them with "dump(): request from unauthorized host".
but I am curious why people are trying, what that port is and what it is used for? The attempts are pretty random as far as the offenders IP and how often. As I said I'm just curious if anyone knows?
The people might be trying to find out which RPC services (e.g., mountd, rusersd, rstatd, ypserv, ...) you are running. This information could help to find out something about a system, it's users and possibly vulnerable services it is running. So such a request could be the first step of an attempted attack, but your system seems to be safe against *this* method.
Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/