On Thu, 30 Nov 2000, Svante Signell wrote:
> Is this an attack? Successful?
> Version: portmap-4.0-28
>
> Nov 30 00:47:05 em2 portmap[16190]: connect from 202.8.227.42 to dump(): request
>from unauthorized host
Yes a probe -- not successful from what you show here.
Either you lack a firesall, or your admin haas it set rather
loose. This is unsafe,
It looks to be Asian -- see:
http://www.arin.net/whois/arinwhois.html -- but does not
reverse or traceroute -- ask your firewall admin to backhole
202.8.227.0/24
If you don't understand the message, most likely you are not
using services requiring the portmapper. Please make you host
more secure and run:
rpm -e portmap
It will show any Dependant packages present -- do an rpm -qi
for each, and I imagine you'll find that NONE are is use by
you -- Earlier RH versions shipped rather insecure.
A good security policy analysis is:
Remove unused packages -- you can trivially reinstall
them ftp by ftp or from CD if you find later that you need
them.
-- Russ Herrold
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
