|
Security Incidents
mailing list archives
Strange RPC? service entries.
From: tony.molloy () UL IE (Tony Molloy)
Date: Thu, 9 Mar 2000 12:16:22 +0000
Recently I've lots of messages like the following appearing in
several of my server logs. Several megabytes a day each.
Mar 8 18:57:33 server portmap[24722]: connect from xxx.xxx.xxx.xxx
to callit(300214): request from unauthorized host
Mar 9 07:59:44 server portmap[14761]: connect from xxx.xxx.xxx.xxx
to callit(390109): request from unauthorized host
I've seen similar messages when machines occasionally try to contact
services like ypserv or mountd. The requests are denied and I'm sure
the problem is misconfigured machines in one lab which I have no
control over. Before I contact the administrator of that lab does
anybody know which services 300214 and 390109 represent. Could they
be locally defined services which the machines are configured to
broadcast for.
Regards,
Tony.
---------------------------------------------------------------------
Tony Molloy. e-mail: tony.molloy () ul ie
Systems Manager. Dept. of CSIS.
Phone: +353-61-202778 (DL) Univ. of Limerick.
+353-61-333644 ext. 2778 Ireland.
Fax: +353-61-330876
---------------------------------------------------------------------
 By Date 
By Thread
Current thread:
| 
Intro
