Re: port 16001 and 111
On Tuesday 29 October 2002 02:31 am, Jean Christophe ANDRÉ wrote:
> Hi Ben,
>
> ben écrivait :
> > you're missing the point. running a portmap daemon is the only
> > vulnerability that the 111 port scans are attempting to exploit.
>
> We are not looking for vulnerability.
> We are looking for what is attempting to connect to port 111.
> We just want to know which internal process is trying to connect.
>
> > that attempted exploit is part of the weather of being hooked up,
> > in the same way that 25 is attempted to be used as a mail relay.
>
> I know this very well, since I have multiple servers around the World...
>
> > there are--to the best of my knowledge--no internal apps or daemons
> > that will cause the fashion of log alarm that the op is concerned to
> > address.
>
> Except if *his* concern is really to know which process is doing logs,
> not to be alarmed, but to have the knowledge of what's doing what.
>
> > you're assuming that internal apps attempt external connections.
>
> Nope. Please read first mail of this thread.
>
> > for that to be a possibility, you'd have to have a mighty weird local
> > setup. if you, or anybody, can give me a real example to justify your
> > hypothesis, please do.
>
> Please, just take a look at these:
>
> http://www.mail-archive.com/debian-security@lists.debian.org/msg07363.html
> http://www.mail-archive.com/debian-security@lists.debian.org/msg07529.html
>
however you derived the impression that i hadn't followed the thread from the
start, i just don't see where anything i've written in response to the issue
fails to adress its substance. as i said previously, if you have an example
to justify your hypothesis, please let me know. i would, honestly, appreciate
that information. i mean this, sincerely.
ben
Reply to: