Hi, ben écrivait : > way overkill. 16001 isn't being scanned and 111 is the most common target > after 25. you're suggesting that the guy turn his server into a > honeypot--to what end? disable portmap and nothing can get at 111. there's > a difference between simply securing a box and assuming a role as > cyber-detective. the former solves the problem, the latter has no end.
Please read the full thread before posting (or even only the first post). He actually *is* asking for tracking the *internal* process trying to connect *localy* to its port 111. He knows about such attempts because he had filtered them. But he can't guess which process attempt to connect to it. And he just *want* to know. Tracking connection attempts *is* part of security, since it allow you to know how things work, and better tune it once you understand it. Regards, J.C.
