Thanks to everyone who answered my last Paranoid Security
Rambling(tm). Here's another one. :)
Ok, I've been pondering this for ages. WTF is portmap, and why
do/don't I need it? It was installed when I set up this Debian box 2
years back, so I thought that it might be useful. (Then again, telnetd
and lots of other braindead stuff was also installed, so now I'm
wondering. :)
Anyhow, I'm checking logcheck reports, and I'm seeing the following
alert (repeated 3-4 times, though it hasn't happened in a few days):
Aug 13 22:20:31 ethereal portmap[30435]: connect from 195.74.211.71 to dump(): request
from unauthorized host
Should this concern me? I really don't know much about RPC and what it
is, so I'm honestly not sure.
I have the following in my /etc/hosts.deny:
portmap: ALL EXCEPT 127.0.0.1
so I'm thinking that if portmap is important, I can still access it
locally while nobody else can, and I'm wondering if that is why
195.74.211.71 was rejected. But, I might not even have this configured
correctly, according to the following snippet from my /etc/hosts.deny:
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper.
So, I'm not sure if EXCEPT is valid there.
Anyhow, is portmap pointless? If so, can I just disable it in
inetd.conf and save myself the headaches, lost sleep, etc.? :)
Thanks a bunch in advance.
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
