On 0, Jean Christophe ANDR? <[EMAIL PROTECTED]> wrote:
> Tom Cook ?crivait :
> > What the
> > What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
>
> Nothing wrong with it! :)
>
> > It tells you precisely what's attempting to connect...
>
> Yes, except in his case there is no connection
On Tuesday 29 October 2002 01:02 am, Jean Christophe ANDRÉ wrote:
> Hi,
>
> ben écrivait :
> > way overkill. 16001 isn't being scanned and 111 is the most common target
> > after 25. you're suggesting that the guy turn his server into a
> > honeypot--to what end? disable portmap and nothing can get
Hi,
ben écrivait :
> way overkill. 16001 isn't being scanned and 111 is the most common target
> after 25. you're suggesting that the guy turn his server into a
> honeypot--to what end? disable portmap and nothing can get at 111. there's
> a difference between simply securing a box and ass
On 0, Jean Christophe ANDR? <[EMAIL PROTECTED]> wrote:
> Tom Cook ?crivait :
> > What the
> > What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
>
> Nothing wrong with it! :)
>
> > It tells you precisely what's attempting to connect...
>
> Yes, except in his case there is no connection
On Monday 28 October 2002 11:59 pm, Jean Christophe ANDRÉ wrote:
> Tom Cook écrivait :
> > What the
> > What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
>
> Nothing wrong with it! :)
>
> > It tells you precisely what's attempting to connect...
>
> Yes, except in his case there is no conne
Tom Cook écrivait :
> What the
> What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
Nothing wrong with it! :)
> It tells you precisely what's attempting to connect...
Yes, except in his case there is no connection since there is no installed
daemon on this port, only some connection atte
On Tuesday 29 October 2002 01:02 am, Jean Christophe ANDRÉ wrote:
> Hi,
>
> ben écrivait :
> > way overkill. 16001 isn't being scanned and 111 is the most common target
> > after 25. you're suggesting that the guy turn his server into a
> > honeypot--to what end? disable portmap and nothing can get
Hi,
ben écrivait :
> way overkill. 16001 isn't being scanned and 111 is the most common target
> after 25. you're suggesting that the guy turn his server into a
> honeypot--to what end? disable portmap and nothing can get at 111. there's
> a difference between simply securing a box and ass
On Monday 28 October 2002 11:59 pm, Jean Christophe ANDRÉ wrote:
> Tom Cook écrivait :
> > What the
> > What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
>
> Nothing wrong with it! :)
>
> > It tells you precisely what's attempting to connect...
>
> Yes, except in his case there is no conne
Tom Cook écrivait :
> What the
> What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
Nothing wrong with it! :)
> It tells you precisely what's attempting to connect...
Yes, except in his case there is no connection since there is no installed
daemon on this port, only some connection atte
On 0, Jean Christophe ANDR? <[EMAIL PROTECTED]> wrote:
[snip]
> You may do something like that (needs apt-get install netcat) :
>
> - create a little script /root/spy.sh (just use netstat) :
> #!/bin/sh
> (
> echo "="
> date
> netstat -lnp
> ) >> /root/spy.txt
>
On 0, Jean Christophe ANDR? <[EMAIL PROTECTED]> wrote:
[snip]
> You may do something like that (needs apt-get install netcat) :
>
> - create a little script /root/spy.sh (just use netstat) :
> #!/bin/sh
> (
> echo "="
> date
> netstat -lnp
> ) >> /root/spy.txt
>
> Jean Christophe ANDRÉ <[EMAIL PROTECTED]> wrote:
> > You said "what would try to connect to my system's port [...] 111
> > from within my own system". I would answer "something that is
> > configured to do so"?
Jussi Ekholm écrivait :
> Yup, but what?
I suggest you to make a little program list
> Jean Christophe ANDRÉ <[EMAIL PROTECTED]> wrote:
> > You said "what would try to connect to my system's port [...] 111
> > from within my own system". I would answer "something that is
> > configured to do so"?
Jussi Ekholm écrivait :
> Yup, but what?
I suggest you to make a little program list
On Sat, 2002-10-26 at 22:19, Jussi Ekholm wrote:
> Olaf Dietsche <[EMAIL PROTECTED]> wrote:
> > Jussi Ekholm <[EMAIL PROTECTED]> writes:
> >>rpcinfo: can't contact portmapper: RPC: Remote system error \
> >> - Connection refused
> > This means portmap isn't running. Connection refused me
Greetings,
Yes, portmapper has something to do with NIS. If you want to stop it
from running edit /etc/init.d/mountnfs.sh and comment out the line that
starts it.
As always, my generic advise about setting up IPTABLES applied here.
Once you have set up iptables you can block what services are
ac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Olaf Dietsche <[EMAIL PROTECTED]> wrote:
> Jussi Ekholm <[EMAIL PROTECTED]> writes:
>> rpcinfo: can't contact portmapper: RPC: Remote system error \
>>- Connection refused
>>
>> The same answer as a luser and as a root. What should I deduc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jean Christophe ANDRÉ <[EMAIL PROTECTED]> wrote:
> Jussi Ekholm écrivait :
>> The same answer as a luser and as a root. What should I deduct from
>> this? It's just so weird as I'm not running NFS, NIS or any other
>> thingie that should use this port.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Noah L. Meyerhans <[EMAIL PROTECTED]> wrote:
> On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote:
>> The same answer as a luser and as a root. What should I deduct from
>> this? It's just so weird as I'm not running NFS, NIS or any other
>>
On Sat, 2002-10-26 at 22:19, Jussi Ekholm wrote:
> Olaf Dietsche wrote:
> > Jussi Ekholm <[EMAIL PROTECTED]> writes:
> >>rpcinfo: can't contact portmapper: RPC: Remote system error \
> >> - Connection refused
> > This means portmap isn't running. Connection refused means nothing
> > lis
Greetings,
Yes, portmapper has something to do with NIS. If you want to stop it
from running edit /etc/init.d/mountnfs.sh and comment out the line that
starts it.
As always, my generic advise about setting up IPTABLES applied here.
Once you have set up iptables you can block what services are
ac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Olaf Dietsche wrote:
> Jussi Ekholm <[EMAIL PROTECTED]> writes:
>> rpcinfo: can't contact portmapper: RPC: Remote system error \
>>- Connection refused
>>
>> The same answer as a luser and as a root. What should I deduct from
>> this? It'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jean Christophe ANDRÃ <[EMAIL PROTECTED]> wrote:
> Jussi Ekholm écrivait :
>> The same answer as a luser and as a root. What should I deduct from
>> this? It's just so weird as I'm not running NFS, NIS or any other
>> thingie that should use this por
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Noah L. Meyerhans <[EMAIL PROTECTED]> wrote:
> On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote:
>> The same answer as a luser and as a root. What should I deduct from
>> this? It's just so weird as I'm not running NFS, NIS or any other
>>
Jussi Ekholm <[EMAIL PROTECTED]> writes:
> Olaf Dietsche <[EMAIL PROTECTED]> wrote:
>> Jussi Ekholm <[EMAIL PROTECTED]> writes:
>>> So, what would try to connect to my system's port 16001 and 111
>>> from within my own system? Should I be concerned? Should I expect
>>> the worst? Any insight on t
Jussi Ekholm <[EMAIL PROTECTED]> writes:
> Olaf Dietsche wrote:
>> Jussi Ekholm <[EMAIL PROTECTED]> writes:
>>> So, what would try to connect to my system's port 16001 and 111
>>> from within my own system? Should I be concerned? Should I expect
>>> the worst? Any insight on this issue would cal
Jussi Ekholm écrivait :
> The same answer as a luser and as a root. What should I deduct from
> this? It's just so weird as I'm not running NFS, NIS or any other
> thingie that should use this port...
You said "what would try to connect to my system's port [...] 111
from within my own system". I w
Jussi Ekholm écrivait :
> The same answer as a luser and as a root. What should I deduct from
> this? It's just so weird as I'm not running NFS, NIS or any other
> thingie that should use this port...
You said "what would try to connect to my system's port [...] 111
from within my own system". I w
On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote:
> The same answer as a luser and as a root. What should I deduct from
> this? It's just so weird as I'm not running NFS, NIS or any other
> thingie that should use this port...
What do you get from:
netstat -ntlp | grep 16001
--
On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote:
> The same answer as a luser and as a root. What should I deduct from
> this? It's just so weird as I'm not running NFS, NIS or any other
> thingie that should use this port...
What do you get from:
netstat -ntlp | grep 16001
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Olaf Dietsche <[EMAIL PROTECTED]> wrote:
> Jussi Ekholm <[EMAIL PROTECTED]> writes:
>> So, what would try to connect to my system's port 16001 and 111
>> from within my own system? Should I be concerned? Should I expect
>> the worst? Any insight on th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Grape <[EMAIL PROTECTED]> wrote:
> 15 Oct 2002, Jussi Ekholm wrote:
>> Still, the connection attempt from localhost to port 111 puzzles me...
>
> Of the top of my head: Do you have any nfs services running on the
> machine? I seem to remember
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Olaf Dietsche wrote:
> Jussi Ekholm <[EMAIL PROTECTED]> writes:
>> So, what would try to connect to my system's port 16001 and 111
>> from within my own system? Should I be concerned? Should I expect
>> the worst? Any insight on this issue would calm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Grape <[EMAIL PROTECTED]> wrote:
> 15 Oct 2002, Jussi Ekholm wrote:
>> Still, the connection attempt from localhost to port 111 puzzles me...
>
> Of the top of my head: Do you have any nfs services running on the
> machine? I seem to remember
Specifically, port 16001 is ESD (ESound) IIRC..
On Tue, 2002-10-15 at 10:55, Giacomo Mulas wrote:
> On Tue, 15 Oct 2002, Jussi Ekholm wrote:
>
> > So, what would try to connect to my system's port 16001 and 111 from
> > within my own system? Should I be concerned? Should I expect the worst?
>
>
Specifically, port 16001 is ESD (ESound) IIRC..
On Tue, 2002-10-15 at 10:55, Giacomo Mulas wrote:
> On Tue, 15 Oct 2002, Jussi Ekholm wrote:
>
> > So, what would try to connect to my system's port 16001 and 111 from
> > within my own system? Should I be concerned? Should I expect the worst?
>
>
Hi there (from Germany),
Jussi Ekholm <[EMAIL PROTECTED]> writes:
> So, what would try to connect to my system's port 16001 and 111 from
> within my own system? Should I be concerned? Should I expect the worst?
> Any insight on this issue would calm me down...
Port 111 is used by portmap. If you
On Tue, 15 Oct 2002, Jussi Ekholm wrote:
> So, what would try to connect to my system's port 16001 and 111 from
> within my own system? Should I be concerned? Should I expect the worst?
port 16001 means that you are running gnome, and is perfectly normal. Port
111 is the portmapper, which means t
Hi there (from Germany),
Jussi Ekholm <[EMAIL PROTECTED]> writes:
> So, what would try to connect to my system's port 16001 and 111 from
> within my own system? Should I be concerned? Should I expect the worst?
> Any insight on this issue would calm me down...
Port 111 is used by portmap. If yo
On Tue, 15 Oct 2002, Jussi Ekholm wrote:
> So, what would try to connect to my system's port 16001 and 111 from
> within my own system? Should I be concerned? Should I expect the worst?
port 16001 means that you are running gnome, and is perfectly normal. Port
111 is the portmapper, which means
El mar, 15 de oct de 2002, a las 09:47 +0200,
Martin decía que:
> 15 Oct 2002, Jussi Ekholm wrote:
> Of the top of my head: Do you have any nfs services running on the machine?
> I seem to remember sunrpc beeing used by the nfs-server ...
-- Fin del mensaje original --
NIS too.
--
Albe
15 Oct 2002, Jussi Ekholm wrote:
> Still, the connection attempt from localhost to port 111 puzzles me...
Of the top of my head: Do you have any nfs services running on the machine?
I seem to remember sunrpc beeing used by the nfs-server ...
--
/Martin Grape
Network and System Admin
Trema (Euro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tom Cook <[EMAIL PROTECTED]> wrote:
> On 0, Jussi Ekholm <[EMAIL PROTECTED]> wrote:
>> So, what would try to connect to my system's port 16001 and 111
>
> Good afternoon (from Australia). It's a beautiful, sunny 26 degrees
> here...
Hih, it's snowin
On 0, Jussi Ekholm <[EMAIL PROTECTED]> wrote:
> Hash: SHA1
>
> Good morning (from Finland).
>
> I can't remember if I've already asked this here, but this concerns me
> quite a bit, so I'll ask anyway. So, 'iplogger' shows me, that there
> has been connection attempts to port 16001 from inside m
El mar, 15 de oct de 2002, a las 09:47 +0200,
Martin decía que:
> 15 Oct 2002, Jussi Ekholm wrote:
> Of the top of my head: Do you have any nfs services running on the machine?
> I seem to remember sunrpc beeing used by the nfs-server ...
-- Fin del mensaje original --
NIS too.
--
Alb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jussi Ekholm <[EMAIL PROTECTED]> wrote:
> So, what would try to connect to my system's port 16001 and 111 from
> within my own system? Should I be concerned? Should I expect the worst?
> Any insight on this issue would calm me down...
Oh, and I forgot
15 Oct 2002, Jussi Ekholm wrote:
> Still, the connection attempt from localhost to port 111 puzzles me...
Of the top of my head: Do you have any nfs services running on the machine?
I seem to remember sunrpc beeing used by the nfs-server ...
--
/Martin Grape
Network and System Admin
Trema (Eur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tom Cook <[EMAIL PROTECTED]> wrote:
> On 0, Jussi Ekholm <[EMAIL PROTECTED]> wrote:
>> So, what would try to connect to my system's port 16001 and 111
>
> Good afternoon (from Australia). It's a beautiful, sunny 26 degrees
> here...
Hih, it's snowi
On 0, Jussi Ekholm <[EMAIL PROTECTED]> wrote:
> Hash: SHA1
>
> Good morning (from Finland).
>
> I can't remember if I've already asked this here, but this concerns me
> quite a bit, so I'll ask anyway. So, 'iplogger' shows me, that there
> has been connection attempts to port 16001 from inside
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jussi Ekholm <[EMAIL PROTECTED]> wrote:
> So, what would try to connect to my system's port 16001 and 111 from
> within my own system? Should I be concerned? Should I expect the worst?
> Any insight on this issue would calm me down...
Oh, and I forgo
50 matches
Mail list logo
