Tom Cook écrivait :
What the
What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
Nothing wrong with it! :)
It tells you precisely what's attempting to connect...
Yes, except in his case there is no connection since there is no installed
daemon on this port, only some connection
On Monday 28 October 2002 11:59 pm, Jean Christophe ANDRÉ wrote:
Tom Cook écrivait :
What the
What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
Nothing wrong with it! :)
It tells you precisely what's attempting to connect...
Yes, except in his case there is no connection since
Hi,
ben écrivait :
way overkill. 16001 isn't being scanned and 111 is the most common target
after 25. you're suggesting that the guy turn his server into a
honeypot--to what end? disable portmap and nothing can get at 111. there's
a difference between simply securing a box and
On Tuesday 29 October 2002 01:02 am, Jean Christophe ANDRÉ wrote:
Hi,
ben écrivait :
way overkill. 16001 isn't being scanned and 111 is the most common target
after 25. you're suggesting that the guy turn his server into a
honeypot--to what end? disable portmap and nothing can get at 111.
On 0, Jean Christophe ANDR? [EMAIL PROTECTED] wrote:
Tom Cook ?crivait :
What the
What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
Nothing wrong with it! :)
It tells you precisely what's attempting to connect...
Yes, except in his case there is no connection since there
Tom Cook écrivait :
What the
What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
Nothing wrong with it! :)
It tells you precisely what's attempting to connect...
Yes, except in his case there is no connection since there is no installed
daemon on this port, only some connection
On Monday 28 October 2002 11:59 pm, Jean Christophe ANDRÉ wrote:
Tom Cook écrivait :
What the
What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
Nothing wrong with it! :)
It tells you precisely what's attempting to connect...
Yes, except in his case there is no connection since
Hi,
ben écrivait :
way overkill. 16001 isn't being scanned and 111 is the most common target
after 25. you're suggesting that the guy turn his server into a
honeypot--to what end? disable portmap and nothing can get at 111. there's
a difference between simply securing a box and
On Tuesday 29 October 2002 01:02 am, Jean Christophe ANDRÉ wrote:
Hi,
ben écrivait :
way overkill. 16001 isn't being scanned and 111 is the most common target
after 25. you're suggesting that the guy turn his server into a
honeypot--to what end? disable portmap and nothing can get at 111.
On 0, Jean Christophe ANDR? [EMAIL PROTECTED] wrote:
Tom Cook ?crivait :
What the
What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
Nothing wrong with it! :)
It tells you precisely what's attempting to connect...
Yes, except in his case there is no connection since there
Jean Christophe ANDRÉ [EMAIL PROTECTED] wrote:
You said what would try to connect to my system's port [...] 111
from within my own system. I would answer something that is
configured to do so?
Jussi Ekholm écrivait :
Yup, but what?
I suggest you to make a little program listening that
On 0, Jean Christophe ANDR? [EMAIL PROTECTED] wrote:
[snip]
You may do something like that (needs apt-get install netcat) :
- create a little script /root/spy.sh (just use netstat) :
#!/bin/sh
(
echo =
date
netstat -lnp
) /root/spy.txt
# yes, I
Jean Christophe ANDRÉ [EMAIL PROTECTED] wrote:
You said what would try to connect to my system's port [...] 111
from within my own system. I would answer something that is
configured to do so?
Jussi Ekholm écrivait :
Yup, but what?
I suggest you to make a little program listening that
On 0, Jean Christophe ANDR? [EMAIL PROTECTED] wrote:
[snip]
You may do something like that (needs apt-get install netcat) :
- create a little script /root/spy.sh (just use netstat) :
#!/bin/sh
(
echo =
date
netstat -lnp
) /root/spy.txt
# yes, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Noah L. Meyerhans [EMAIL PROTECTED] wrote:
On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote:
The same answer as a luser and as a root. What should I deduct from
this? It's just so weird as I'm not running NFS, NIS or any other
thingie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jean Christophe ANDRÉ [EMAIL PROTECTED] wrote:
Jussi Ekholm écrivait :
The same answer as a luser and as a root. What should I deduct from
this? It's just so weird as I'm not running NFS, NIS or any other
thingie that should use this port...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Olaf Dietsche olaf.dietsche#[EMAIL PROTECTED] wrote:
Jussi Ekholm [EMAIL PROTECTED] writes:
rpcinfo: can't contact portmapper: RPC: Remote system error \
- Connection refused
The same answer as a luser and as a root. What should I
Greetings,
Yes, portmapper has something to do with NIS. If you want to stop it
from running edit /etc/init.d/mountnfs.sh and comment out the line that
starts it.
As always, my generic advise about setting up IPTABLES applied here.
Once you have set up iptables you can block what services are
On Sat, 2002-10-26 at 22:19, Jussi Ekholm wrote:
Olaf Dietsche olaf.dietsche#[EMAIL PROTECTED] wrote:
Jussi Ekholm [EMAIL PROTECTED] writes:
rpcinfo: can't contact portmapper: RPC: Remote system error \
- Connection refused
This means portmap isn't running. Connection refused
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Noah L. Meyerhans [EMAIL PROTECTED] wrote:
On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote:
The same answer as a luser and as a root. What should I deduct from
this? It's just so weird as I'm not running NFS, NIS or any other
thingie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jean Christophe ANDRÉ [EMAIL PROTECTED] wrote:
Jussi Ekholm écrivait :
The same answer as a luser and as a root. What should I deduct from
this? It's just so weird as I'm not running NFS, NIS or any other
thingie that should use this port...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Olaf Dietsche [EMAIL PROTECTED] wrote:
Jussi Ekholm [EMAIL PROTECTED] writes:
rpcinfo: can't contact portmapper: RPC: Remote system error \
- Connection refused
The same answer as a luser and as a root. What should I deduct from
Greetings,
Yes, portmapper has something to do with NIS. If you want to stop it
from running edit /etc/init.d/mountnfs.sh and comment out the line that
starts it.
As always, my generic advise about setting up IPTABLES applied here.
Once you have set up iptables you can block what services are
On Sat, 2002-10-26 at 22:19, Jussi Ekholm wrote:
Olaf Dietsche [EMAIL PROTECTED] wrote:
Jussi Ekholm [EMAIL PROTECTED] writes:
rpcinfo: can't contact portmapper: RPC: Remote system error \
- Connection refused
This means portmap isn't running. Connection refused means nothing
Jussi Ekholm écrivait :
The same answer as a luser and as a root. What should I deduct from
this? It's just so weird as I'm not running NFS, NIS or any other
thingie that should use this port...
You said what would try to connect to my system's port [...] 111
from within my own system. I would
Jussi Ekholm [EMAIL PROTECTED] writes:
Olaf Dietsche olaf.dietsche#[EMAIL PROTECTED] wrote:
Jussi Ekholm [EMAIL PROTECTED] writes:
So, what would try to connect to my system's port 16001 and 111
from within my own system? Should I be concerned? Should I expect
the worst? Any insight
Jussi Ekholm écrivait :
The same answer as a luser and as a root. What should I deduct from
this? It's just so weird as I'm not running NFS, NIS or any other
thingie that should use this port...
You said what would try to connect to my system's port [...] 111
from within my own system. I would
Jussi Ekholm [EMAIL PROTECTED] writes:
Olaf Dietsche [EMAIL PROTECTED] wrote:
Jussi Ekholm [EMAIL PROTECTED] writes:
So, what would try to connect to my system's port 16001 and 111
from within my own system? Should I be concerned? Should I expect
the worst? Any insight on this issue would
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Grape [EMAIL PROTECTED] wrote:
15 Oct 2002, Jussi Ekholm wrote:
Still, the connection attempt from localhost to port 111 puzzles me...
Of the top of my head: Do you have any nfs services running on the
machine? I seem to remember sunrpc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Olaf Dietsche olaf.dietsche#[EMAIL PROTECTED] wrote:
Jussi Ekholm [EMAIL PROTECTED] writes:
So, what would try to connect to my system's port 16001 and 111
from within my own system? Should I be concerned? Should I expect
the worst? Any insight
On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote:
The same answer as a luser and as a root. What should I deduct from
this? It's just so weird as I'm not running NFS, NIS or any other
thingie that should use this port...
What do you get from:
netstat -ntlp | grep 16001
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Grape [EMAIL PROTECTED] wrote:
15 Oct 2002, Jussi Ekholm wrote:
Still, the connection attempt from localhost to port 111 puzzles me...
Of the top of my head: Do you have any nfs services running on the
machine? I seem to remember sunrpc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Olaf Dietsche [EMAIL PROTECTED] wrote:
Jussi Ekholm [EMAIL PROTECTED] writes:
So, what would try to connect to my system's port 16001 and 111
from within my own system? Should I be concerned? Should I expect
the worst? Any insight on this issue
On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote:
The same answer as a luser and as a root. What should I deduct from
this? It's just so weird as I'm not running NFS, NIS or any other
thingie that should use this port...
What do you get from:
netstat -ntlp | grep 16001
--
would try to use that to the outer world. And even more I'd
like to know about the connection attempts about port 111 -- maybe
because I saw FBI ranking RPC services the most dangerous ones. :-)
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tom Cook [EMAIL PROTECTED] wrote:
On 0, Jussi Ekholm [EMAIL PROTECTED] wrote:
So, what would try to connect to my system's port 16001 and 111
Good afternoon (from Australia). It's a beautiful, sunny 26 degrees
here...
Hih, it's snowing here
15 Oct 2002, Jussi Ekholm wrote:
Still, the connection attempt from localhost to port 111 puzzles me...
Of the top of my head: Do you have any nfs services running on the machine?
I seem to remember sunrpc beeing used by the nfs-server ...
--
/Martin Grape
Network and System Admin
Trema
El mar, 15 de oct de 2002, a las 09:47 +0200,
Martin decía que:
15 Oct 2002, Jussi Ekholm wrote:
Of the top of my head: Do you have any nfs services running on the machine?
I seem to remember sunrpc beeing used by the nfs-server ...
-- Fin del mensaje original --
NIS too.
--
On Tue, 15 Oct 2002, Jussi Ekholm wrote:
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I be concerned? Should I expect the worst?
port 16001 means that you are running gnome, and is perfectly normal. Port
111 is the portmapper, which means
Hi there (from Germany),
Jussi Ekholm [EMAIL PROTECTED] writes:
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I be concerned? Should I expect the worst?
Any insight on this issue would calm me down...
Port 111 is used by portmap. If you
Specifically, port 16001 is ESD (ESound) IIRC..
On Tue, 2002-10-15 at 10:55, Giacomo Mulas wrote:
On Tue, 15 Oct 2002, Jussi Ekholm wrote:
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I be concerned? Should I expect the worst?
port
that to the outer world. And even more I'd
like to know about the connection attempts about port 111 -- maybe
because I saw FBI ranking RPC services the most dangerous ones. :-)
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I be concerned? Should I expect
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jussi Ekholm [EMAIL PROTECTED] wrote:
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I be concerned? Should I expect the worst?
Any insight on this issue would calm me down...
Oh, and I forgot
would try to use that to the outer world. And even more I'd
like to know about the connection attempts about port 111 -- maybe
because I saw FBI ranking RPC services the most dangerous ones. :-)
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tom Cook [EMAIL PROTECTED] wrote:
On 0, Jussi Ekholm [EMAIL PROTECTED] wrote:
So, what would try to connect to my system's port 16001 and 111
Good afternoon (from Australia). It's a beautiful, sunny 26 degrees
here...
Hih, it's snowing here
15 Oct 2002, Jussi Ekholm wrote:
Still, the connection attempt from localhost to port 111 puzzles me...
Of the top of my head: Do you have any nfs services running on the machine?
I seem to remember sunrpc beeing used by the nfs-server ...
--
/Martin Grape
Network and System Admin
Trema
El mar, 15 de oct de 2002, a las 09:47 +0200,
Martin decía que:
15 Oct 2002, Jussi Ekholm wrote:
Of the top of my head: Do you have any nfs services running on the machine?
I seem to remember sunrpc beeing used by the nfs-server ...
-- Fin del mensaje original --
NIS too.
--
On Tue, 15 Oct 2002, Jussi Ekholm wrote:
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I be concerned? Should I expect the worst?
port 16001 means that you are running gnome, and is perfectly normal. Port
111 is the portmapper, which means
Hi there (from Germany),
Jussi Ekholm [EMAIL PROTECTED] writes:
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I be concerned? Should I expect the worst?
Any insight on this issue would calm me down...
Port 111 is used by portmap. If you
Specifically, port 16001 is ESD (ESound) IIRC..
On Tue, 2002-10-15 at 10:55, Giacomo Mulas wrote:
On Tue, 15 Oct 2002, Jussi Ekholm wrote:
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I be concerned? Should I expect the worst?
port
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jussi Ekholm [EMAIL PROTECTED] wrote:
So, what would try to connect to my system's port 16001 and 111 from
within my own system? Should I be concerned? Should I expect the worst?
Any insight on this issue would calm me down...
Oh, and I forgot
51 matches
Mail list logo