they're trying to overflow nfsd. As long as you have the updated
nfs-tools package you should be fine. There is a way I found to be able
to block these attempts though. I put this in hosts.deny
portmap:ALL
and in hosts.allow
ALL: whatever IP address you want to allow to mount NFS
On Tue, 17 Apr 2001, Ward William E DLDN wrote:
> Hey folks, I'm getting portscanned constantly on tcp Port Scanned
> on Port 111 on a machine I have as a firewall.
>
> /etc/services lists that as sunrpc 111/tcp portmapper (RPC 4.0 portmapper).
>
> Ok... it's not open that I can tell, so I'm not in danger... but I find
> it curious that's the port everyone wants to handle.
>
> Anyone know what well known Trojan/backdoor/virus/whatever uses 111,
> or what well known exploit on the sunrpc exists?
>
> Thanks!
>
> Bill Ward
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
