Re: kernel: lockd: connect from unprivileged port

[jh <jh@pentasafe.com>]

On Mon, Dec 09, 2002 at 09:00:45 +0300, "Igor L. Balusov " <balusov@rambler.ru> wrote:
> Anybody could explain me what it's means?

You are apparently running RPC services. If you aren't intentionally
running these (NFS, YP, etc), you should consider turning off these
services (or if you are, atleast firewalling).

> From /etc/messages
>      kernel: lockd: connect from unprivileged
>      port:xxx.xx.xxx.xx:4206<4>lockd: accept failed (err 11)!
>      kernel: lockd: accept failed (err 11)!

Lockd - NFS lock daemon. Someone has connected to it from an unprivileged
port (>1023). There have been numerous issues with this in the past,
search Securityfocus for more details. Also (fyi), just portscanning
over the port lockd is listening on will cause this behaviour.

> 
> From /etc/daemon.log
>      portmap[7408]: connect from xxx.xx.xx.xx to dump(): request from
>      unauthorized host

Someone asked your portmap daemon for a list of all RPC services you
are offering. 

It's also possible someone queried portmap first for the lockd port
before connecting to it (though, that's just a thought and has nothing
to do with the portmap log above).

Judging from the two responses above, assuming there was nothing else
in the logs, I'd say no useful information was gleaned out of you.

--
/jh