I've noticed a strange established TCP connection (from unknown
host) to portmaper which lasts for hours, but apparently there
is no traffic. My portmapper is tcp-wrapped, so the connection
should be rejected. I can see the following:
# netstat -t
tcp 0 0 MYHOST:sunrpc 220.127.116.11:691 ESTABLISHED
portmap 158 root 5u IPv4 110899 TCP MYHOST:sunrpc->18.104.22.168:691 (ESTABLISHED)
# nmap -P0 -O 22.214.171.124
Warning: No TCP ports found open on this machine,
OS detection will be MUCH less reliable
All 1523 scanned ports on (126.96.36.199) are: filtered
Too many fingerprints match this host for me to give an accurate OS guess
Nmap run completed -- 1 IP address (1 host up) scanned in 212 seconds
# tcpdump -n -i eth0 dst port 111 and not src net MYNET
shows no traffic.
Also, ippl doesn't log anything. Can anybody enlighten me what's up?