Folks-
I've installed Wietse Venema's portmapper on all my Dec
Personal Workstations and discovered/blocked hundreds of
portmapper calls per day. A few of the portmapper log
entries are shown below (without the proper IP numbers).
I'm no RPC expert, so I'm not sure how to interpret
these log entries. I'm guessing that the callit(ypserv)
log messages refer to someone broadcasting for ypservice.
But what is the callit(mountd) log entry? Is someone
trying to NFS mount my disks? Where to I go to find out
what the callit(300055) and callit(390109) log entries
mean? I've looked at the O'Reilly RPC book, but nothing
leapt out of page at me.
Thanks in advance,
Mike
Feb 23 17:26:04 portmap[11287]: connect from W.X.Y.Z to callit(300055): request from unauthorized host
Feb 24 18:47:15 portmap[15035]: connect from A.B.C.D to callit(390109): request from unauthorized host
Feb 23 16:55:56 portmap[11210]: connect from E.F.G.H to callit(mountd): request from unauthorized host
Feb 24 21:01:38 portmap[14108]: connect from I.J.K.L to callit(ypserv): request from unauthorized host
Received on Thu Feb 25 1999 - 16:24:44 NZDT