[2306] in linux-security and linux-alert archive
[linux-security] Re: portmap messages under /var/log/messages
daemon@ATHENA.MIT.EDU (Mike Starr)
Sat Feb 12 06:48:08 2000
Message-ID: <008701bf74f0$108fdd20$0100a8c0@triad.rr.com>
From: "Mike Starr" <starr@homemail.com>
To: <linux-security@redhat.com>
Date: Fri, 11 Feb 2000 19:28:18 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Resent-From: linux-security@redhat.com
Thanks to everyone who's responded. I've been asked to sumarize the
responses that I've received to this inquery.
I should have caught the fact that the message was referring to the portmap
service, which is unnecessary (and a security risk) if the server is not
using the NFS services. I have since disabled the portmap service on that
server.
Apparently the dump() message is generated whenever a call to rpcinfo -p is
made to that port.
I had a couple of people suggest that this might be an attempt to flood ping
my server. However, I hope this server is resistant to this type of attack,
since the server is not "pingable", configured via "echo "1" >
/proc/sys/net/ipv4/icmp_echo_ignore_all".
Thanks to all.
-------------
> I am running Redhat 6.1 as a firewall between a cable modem and my home
> network.
>
> Occasionally, I see messages such as these under /var/log/messages:
> Jan 17 13:38:16 saturn5 portmap[3726]: connect from 24.28.77.200 to
dump():
> request from unauthorized host
> Jan 18 14:00:34 saturn5 portmap[1544]: connect from 204.151.148.146 to
> dump(): request from unauthorized host
>
> My assumption is that the service is fulfilling its purpose of rejecting
> unauthorized traffic. However, I'm curious. Search as I will, I have
been
> unable to find any information about dump() that apparently is being
probed
> on random IP addresses.
>
> Can anyone clue me into this?
>
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
