Le Sat, Dec 23, 2000 at 12:17:02AM -0800,
Peter M ([EMAIL PROTECTED])
a �crit:
> Hey All,
>
yoh, les gars de la marine.
> I've been pussled lately, I've been getting this TCP request many tiems
>lately and its becomeing a worry instead of a annoyance :) I always get a TCP request
>for port 111... I know this is a portmap but should i worry?
>
> I'm running win 98 ;) Here is the log ;)
It could be a serious attack if you run in unix world (popularity=10,
simplicity=9, impact=10, risk level=9,7) RPC remote procedure call
[root@bermude html]# rpcinfo -p bermude.dnsalias.net
rpcinfo: ne peut contacter l'aiguilleur de ports: RPC: erreur syst�me sur
l'h�te cible - Connexion refus�e
[root@bermude html]# grep sunrpc /var/log/ippl/all.log
Dec 23 09:56:58 sunrpc connection attempt from [EMAIL PROTECTED]
[213.228.18.253] (213.228.18.253:634->213.228.18.253:111)
and so NFS (8;9;8;8,3)
[root@bermude html]# showmount -e bermude.dnsalias.net
mount clntudp_create: RPC: �chec de conversion de ports - RPC: incapable
d'effectuer la r�ception
oof! I'm sure, now not have the entire computer on the Internet.
>
> 2000/12/23 3:06:40 AM GMT -0500: Linksys LNEPCI II..[0000][No matching rule]
>Blocking incoming TCP: src=24.8.22.37, dst=my.ip.ish.ere, sport=1563, dport=111.
>
[root@bermude html]# nslookup
Default Server: smtp1.free.fr
Address: 212.27.32.5
> 24.8.22.37
Server: smtp1.free.fr
Address: 212.27.32.5
Name: c596233-b.lakwod1.co.home.com
Address: 24.8.22.37
> exit
[root@bermude html]# good luck with tracrt
> THe person whos requesting port 111 is always diffrent? I don't know what this could
>be...
>
Under win98, I don't know. but in unix, they attempt to have a contact.
gilles.
--
"Les femmes sont comme des miroirs,
elles r�fl�chissent mais ne pensent pas" Schopenhauer
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
