On Tuesday 29 October 2002 02:31 am, Jean Christophe ANDRÉ wrote: > Hi Ben, > > ben écrivait : > > you're missing the point. running a portmap daemon is the only > > vulnerability that the 111 port scans are attempting to exploit. > > We are not looking for vulnerability. > We are looking for what is attempting to connect to port 111. > We just want to know which internal process is trying to connect. > > > that attempted exploit is part of the weather of being hooked up, > > in the same way that 25 is attempted to be used as a mail relay. > > I know this very well, since I have multiple servers around the World... > > > there are--to the best of my knowledge--no internal apps or daemons > > that will cause the fashion of log alarm that the op is concerned to > > address. > > Except if *his* concern is really to know which process is doing logs, > not to be alarmed, but to have the knowledge of what's doing what. > > > you're assuming that internal apps attempt external connections. > > Nope. Please read first mail of this thread. > > > for that to be a possibility, you'd have to have a mighty weird local > > setup. if you, or anybody, can give me a real example to justify your > > hypothesis, please do. > > Please, just take a look at these: > > http://www.mail-archive.com/debian-security@;lists.debian.org/msg07363.html > http://www.mail-archive.com/debian-security@;lists.debian.org/msg07529.html >
however you derived the impression that i hadn't followed the thread from the start, i just don't see where anything i've written in response to the issue fails to adress its substance. as i said previously, if you have an example to justify your hypothesis, please let me know. i would, honestly, appreciate that information. i mean this, sincerely. ben -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
