[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: portmap messages under /var/log/messages
- From: "Mike Starr" <starr homemail com>
- To: <linux-security redhat com>
- Subject: Re: portmap messages under /var/log/messages
- Date: Fri, 11 Feb 2000 19:28:18 -0500
Thanks to everyone who's responded. I've been asked to sumarize the
responses that I've received to this inquery.
I should have caught the fact that the message was referring to the portmap
service, which is unnecessary (and a security risk) if the server is not
using the NFS services. I have since disabled the portmap service on that
server.
Apparently the dump() message is generated whenever a call to rpcinfo -p is
made to that port.
I had a couple of people suggest that this might be an attempt to flood ping
my server. However, I hope this server is resistant to this type of attack,
since the server is not "pingable", configured via "echo "1" >
/proc/sys/net/ipv4/icmp_echo_ignore_all".
Thanks to all.
-------------
> I am running Redhat 6.1 as a firewall between a cable modem and my home
> network.
>
> Occasionally, I see messages such as these under /var/log/messages:
> Jan 17 13:38:16 saturn5 portmap[3726]: connect from 24.28.77.200 to
dump():
> request from unauthorized host
> Jan 18 14:00:34 saturn5 portmap[1544]: connect from 204.151.148.146 to
> dump(): request from unauthorized host
>
> My assumption is that the service is fulfilling its purpose of rejecting
> unauthorized traffic. However, I'm curious. Search as I will, I have
been
> unable to find any information about dump() that apparently is being
probed
> on random IP addresses.
>
> Can anyone clue me into this?
>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]