Off the top of my head, I'd suspect UDP portmapper, port 111 - check your
services file to verify. From that, I'd infer the standard NFS/RPC exploit
attempts.
Lisa Napier
Product Security Incident Response Team
Cisco Systems
At 07:50 PM 11/25/1999 -0500, Steve Cody wrote:
>I had the same thing today. Someone tried to connect to the portmap port.
>
>At Thu Nov 25 15:20:08 EST 1999 , [EMAIL PROTECTED] attempted to connect
>to the portmap deamon on unknown.
>
>Any idea? This IP address resolves to delaxiom.org.
>What can a person gain by connecting to this port?
>
>Steve Cody
>
>-----Original Message-----
>From: Mark E. Drummond
>To: [EMAIL PROTECTED]
>Sent: 11/24/99 9:20 PM
>Subject: portmap connection
>
>I got this in my logs a few minutes ago:
>
>Nov 24 20:30:30 xxxx.xxxx.xxxx portmap[11210]: connect from
>xxx.xxx.xxx.xxx to dump():
>request from unauthorized host
>
>What might this have been?
>
>--
>Gang Warily
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
