Re: port 16001 and 111

To: debian-security@lists.debian.org
Subject: Re: port 16001 and 111
From: Jean Christophe ANDRÉ <jean-christophe.andre@auf.org>
Date: Tue, 29 Oct 2002 16:02:10 +0700
Message-id: <[🔎] 20021029090210.GA6844@virus.home>
In-reply-to: <[🔎] E186RGK-0000ym-00@benzone.com>
References: <[🔎] 20021015052730.GB28690@erpland> <[🔎] 20021029013649.GA12042@pinky.its.adelaide.edu.au> <[🔎] 20021029075924.GD6352@virus.home> <[🔎] E186RGK-0000ym-00@benzone.com>

	Hi,

ben écrivait :
> way overkill. 16001 isn't being scanned and 111 is the most common target
> after 25. you're suggesting that the guy turn his server into a
> honeypot--to what end? disable portmap and nothing can get at 111. there's
> a difference between simply securing a box and assuming a role as
> cyber-detective. the former solves the problem, the latter has no end.

Please read the full thread before posting (or even only the first post).

He actually *is* asking for tracking the *internal* process trying
to connect *localy* to its port 111.

He knows about such attempts because he had filtered them.
But he can't guess which process attempt to connect to it.
And he just *want* to know.

Tracking connection attempts *is* part of security, since it allow you
to know how things work, and better tune it once you understand it.

Regards, J.C.

Reply to:

Follow-Ups:
- Re: port 16001 and 111
  - From: ben <benfoley@rcn.com>

References:
- port 16001 and 111
  - From: Jussi Ekholm <ekhowl@goa-head.org>
- Re: port 16001 and 111
  - From: Tom Cook <tom.cook@adelaide.edu.au>
- Re: port 16001 and 111
  - From: Jean Christophe ANDRÉ <jean-christophe.andre@auf.org>
- Re: port 16001 and 111
  - From: ben <benfoley@rcn.com>

Prev by Date: Re: port 16001 and 111
Next by Date: Re: port 16001 and 111
Previous by thread: Re: port 16001 and 111
Next by thread: Re: port 16001 and 111
Index(es):
- Date
- Thread