[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: port 16001 and 111



Jussi Ekholm <ekhowl@goa-head.org> writes:

> Olaf Dietsche <olaf.dietsche#list.debian-security@t-online.de> wrote:
>> Jussi Ekholm <ekhowl@goa-head.org> writes:
>>> So, what would try to connect to my system's port 16001 and 111
>>> from within my own system? Should I be concerned? Should I expect
>>> the worst?  Any insight on this issue would calm me down...
>> 
>> Port 111 is used by portmap. If you don't use RPC services, you can
>> stop it. I don't use it on my desktop machine. Try "rpcinfo -p" to
>> see, wether there's anything running on your computer.
>
> Well, at least knowingly I don't use any RPC services. :-) And this is
> what 'rpcinfo -p' gives me:
>
> 	rpcinfo: can't contact portmapper: RPC: Remote system error \
> 	  - Connection refused
>
> (I split it in two lines)
>
> The same answer as a luser and as a root. What should I deduct from
> this? It's just so weird as I'm not running NFS, NIS or any other
> thingie that should use this port...

This means portmap isn't running. Connection refused means nothing
listens on port 111. So, whatever is trying to contact port 111,
there's no reason to be concerned.

This could be valid requests from programs trying to contact NIS
before DNS, however. Look at /etc/nsswitch.conf, wether NIS is
mentioned.

Regards, Olaf.



Reply to: