Dear all, I've been seeing entries like below in my logs for a while.
Aug 24 12:38:01 bilbo portmap[27641]: connect from 172.16.x.y to callit(390109): request from unauthorized host Aug 24 12:38:04 bilbo portmap[27641]: connect from 172.16.x.y to callit(390109): request from unauthorized host and Aug 24 12:43:34 bilbo portmap[27659]: connect from 172.16.a.b to getport(300598): request from unauthorized host I've implemented a default deny-all policy in /etc/hosts.deny with ALL : ALL My /etc/hosts.allow effectively reads nmbd smbd : 172.16. >From the log messages I assume that the portmap connect attempts fail (as per policy), but what do these connect attempts mean? Is someone trying to crack my server or something? I did challenge our network admin ... -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
