On Mon, Dec 09, 2002 at 09:00:45 +0300, "Igor L. Balusov " <[EMAIL PROTECTED]> wrote: > Anybody could explain me what it's means?
You are apparently running RPC services. If you aren't intentionally running these (NFS, YP, etc), you should consider turning off these services (or if you are, atleast firewalling). > From /etc/messages > kernel: lockd: connect from unprivileged > port:xxx.xx.xxx.xx:4206<4>lockd: accept failed (err 11)! > kernel: lockd: accept failed (err 11)! Lockd - NFS lock daemon. Someone has connected to it from an unprivileged port (>1023). There have been numerous issues with this in the past, search Securityfocus for more details. Also (fyi), just portscanning over the port lockd is listening on will cause this behaviour. > > From /etc/daemon.log > portmap[7408]: connect from xxx.xx.xx.xx to dump(): request from > unauthorized host Someone asked your portmap daemon for a list of all RPC services you are offering. It's also possible someone queried portmap first for the lockd port before connecting to it (though, that's just a thought and has nothing to do with the portmap log above). Judging from the two responses above, assuming there was nothing else in the logs, I'd say no useful information was gleaned out of you. -- /jh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
