On Mon, 19 Mar 2001, Peter M spewed into the ether:
> Hey All,
>
> Latetly, During the week, once/twice a day, I've been receiving 2 attempts at TCP
> Port 111. Does anyone know anything about this? Possible Trojan Scan? What does TCP
> port 111 have in common with any software? Any suggestions Comments are welcome.
/etc/services is your friend.
Port 111 is for the rpc.statd daemon, required for NFS and related
services.
There was a rash of rpc.statd exploits sometime back (hint bugtraq).
If you don't run rpc.statd (portmap), you have no need to worry
about this.
Devdas Bhagat
--
We all agree on the necessity of compromise. We just can't agree on
when it's necessary to compromise.
-- Larry Wall
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
