[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: portmap messages under /var/log/messages



Thanks to everyone who's responded.  I've been asked to sumarize the
responses that I've received to this inquery.

I should have caught the fact that the message was referring to the portmap
service, which is unnecessary (and a security risk) if the server is not
using the NFS services.  I have since disabled the portmap service on that
server.

Apparently the dump() message is generated whenever a call to rpcinfo -p is
made to that port.

I had a couple of people suggest that this might be an attempt to flood ping
my server.  However, I hope this server is resistant to this type of attack,
since the server is not "pingable", configured via "echo "1" >
/proc/sys/net/ipv4/icmp_echo_ignore_all".

Thanks to all.
-------------
> I am running Redhat 6.1 as a firewall between a cable modem and my home
> network.
>
> Occasionally, I see messages such as these under /var/log/messages:
> Jan 17 13:38:16 saturn5 portmap[3726]: connect from 24.28.77.200 to
dump():
> request from unauthorized host
> Jan 18 14:00:34 saturn5 portmap[1544]: connect from 204.151.148.146 to
> dump(): request from unauthorized host
>
> My assumption is that the service is fulfilling its purpose of rejecting
> unauthorized traffic.  However, I'm curious.  Search as I will, I have
been
> unable to find any information about dump() that apparently is being
probed
> on random IP addresses.
>
> Can anyone clue me into this?
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]